178 files changed, 1610 insertions, 1609 deletions

diff --git a/Makefile b/Makefile
index 73dcadff..91041d13 100644
--- a/Makefile
+++ b/Makefile
@@ -1,9 +1,9 @@
-LDFLAGS += -X "github.com/gogs/gogs/pkg/setting.BuildTime=$(shell date -u '+%Y-%m-%d %I:%M:%S %Z')"
-LDFLAGS += -X "github.com/gogs/gogs/pkg/setting.BuildGitHash=$(shell git rev-parse HEAD)"
+LDFLAGS += -X "gogs.io/gogs/internal/setting.BuildTime=$(shell date -u '+%Y-%m-%d %I:%M:%S %Z')"
+LDFLAGS += -X "gogs.io/gogs/internal/setting.BuildGitHash=$(shell git rev-parse HEAD)"
 
 DATA_FILES := $(shell find conf | sed 's/ /\\ /g')
 LESS_FILES := $(wildcard public/less/gogs.less public/less/_*.less)
-GENERATED  := pkg/bindata/bindata.go public/css/gogs.css
+GENERATED  := internal/bindata/bindata.go public/css/gogs.css
 
 OS := $(shell uname)
 
@@ -51,9 +51,9 @@ pack:
 
 release: build pack
 
-bindata: pkg/bindata/bindata.go
+bindata: internal/bindata/bindata.go
 
-pkg/bindata/bindata.go: $(DATA_FILES)
+internal/bindata/bindata.go: $(DATA_FILES)
 	go-bindata -o=$@ -ignore="\\.DS_Store|README.md|TRANSLATORS|auth.d" -pkg=bindata conf/...
 
 less: public/css/gogs.css
diff --git a/gogs.go b/gogs.go
index 29c8d6e6..12e62d95 100644
--- a/gogs.go
+++ b/gogs.go
@@ -12,11 +12,11 @@ import (
 
 	"github.com/urfave/cli"
 
-	"gogs.io/gogs/cmd"
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/cmd"
+	"gogs.io/gogs/internal/setting"
 )
 
-const Version = "0.11.95.1023"
+const Version = "0.11.95.1024"
 
 func init() {
 	setting.AppVer = Version
diff --git a/pkg/auth/auth.go b/internal/auth/auth.go
index 9c4ecdc3..89fb1c46 100644
--- a/pkg/auth/auth.go
+++ b/internal/auth/auth.go
@@ -13,10 +13,10 @@ import (
 	log "gopkg.in/clog.v1"
 	"gopkg.in/macaron.v1"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/pkg/tool"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/tool"
 )
 
 func IsAPIPath(url string) bool {
@@ -26,7 +26,7 @@ func IsAPIPath(url string) bool {
 // SignedInID returns the id of signed in user, along with one bool value which indicates whether user uses token
 // authentication.
 func SignedInID(c *macaron.Context, sess session.Store) (_ int64, isTokenAuth bool) {
-	if !models.HasEngine {
+	if !db.HasEngine {
 		return 0, false
 	}
 
@@ -49,15 +49,15 @@ func SignedInID(c *macaron.Context, sess session.Store) (_ int64, isTokenAuth bo
 
 		// Let's see if token is valid.
 		if len(tokenSHA) > 0 {
-			t, err := models.GetAccessTokenBySHA(tokenSHA)
+			t, err := db.GetAccessTokenBySHA(tokenSHA)
 			if err != nil {
-				if !models.IsErrAccessTokenNotExist(err) && !models.IsErrAccessTokenEmpty(err) {
+				if !db.IsErrAccessTokenNotExist(err) && !db.IsErrAccessTokenEmpty(err) {
 					log.Error(2, "GetAccessTokenBySHA: %v", err)
 				}
 				return 0, false
 			}
 			t.Updated = time.Now()
-			if err = models.UpdateAccessToken(t); err != nil {
+			if err = db.UpdateAccessToken(t); err != nil {
 				log.Error(2, "UpdateAccessToken: %v", err)
 			}
 			return t.UID, true
@@ -69,7 +69,7 @@ func SignedInID(c *macaron.Context, sess session.Store) (_ int64, isTokenAuth bo
 		return 0, false
 	}
 	if id, ok := uid.(int64); ok {
-		if _, err := models.GetUserByID(id); err != nil {
+		if _, err := db.GetUserByID(id); err != nil {
 			if !errors.IsUserNotExist(err) {
 				log.Error(2, "GetUserByID: %v", err)
 			}
@@ -82,8 +82,8 @@ func SignedInID(c *macaron.Context, sess session.Store) (_ int64, isTokenAuth bo
 
 // SignedInUser returns the user object of signed in user, along with two bool values,
 // which indicate whether user uses HTTP Basic Authentication or token authentication respectively.
-func SignedInUser(ctx *macaron.Context, sess session.Store) (_ *models.User, isBasicAuth bool, isTokenAuth bool) {
-	if !models.HasEngine {
+func SignedInUser(ctx *macaron.Context, sess session.Store) (_ *db.User, isBasicAuth bool, isTokenAuth bool) {
+	if !db.HasEngine {
 		return nil, false, false
 	}
 
@@ -93,7 +93,7 @@ func SignedInUser(ctx *macaron.Context, sess session.Store) (_ *models.User, isB
 		if setting.Service.EnableReverseProxyAuth {
 			webAuthUser := ctx.Req.Header.Get(setting.ReverseProxyAuthUser)
 			if len(webAuthUser) > 0 {
-				u, err := models.GetUserByName(webAuthUser)
+				u, err := db.GetUserByName(webAuthUser)
 				if err != nil {
 					if !errors.IsUserNotExist(err) {
 						log.Error(2, "GetUserByName: %v", err)
@@ -102,13 +102,13 @@ func SignedInUser(ctx *macaron.Context, sess session.Store) (_ *models.User, isB
 
 					// Check if enabled auto-registration.
 					if setting.Service.EnableReverseProxyAutoRegister {
-						u := &models.User{
+						u := &db.User{
 							Name:     webAuthUser,
 							Email:    gouuid.NewV4().String() + "@localhost",
 							Passwd:   webAuthUser,
 							IsActive: true,
 						}
-						if err = models.CreateUser(u); err != nil {
+						if err = db.CreateUser(u); err != nil {
 							// FIXME: should I create a system notice?
 							log.Error(2, "CreateUser: %v", err)
 							return nil, false, false
@@ -128,7 +128,7 @@ func SignedInUser(ctx *macaron.Context, sess session.Store) (_ *models.User, isB
 			if len(auths) == 2 && auths[0] == "Basic" {
 				uname, passwd, _ := tool.BasicAuthDecode(auths[1])
 
-				u, err := models.UserLogin(uname, passwd, -1)
+				u, err := db.UserLogin(uname, passwd, -1)
 				if err != nil {
 					if !errors.IsUserNotExist(err) {
 						log.Error(2, "UserLogin: %v", err)
@@ -142,7 +142,7 @@ func SignedInUser(ctx *macaron.Context, sess session.Store) (_ *models.User, isB
 		return nil, false, false
 	}
 
-	u, err := models.GetUserByID(uid)
+	u, err := db.GetUserByID(uid)
 	if err != nil {
 		log.Error(2, "GetUserByID: %v", err)
 		return nil, false, false
diff --git a/pkg/auth/github/github.go b/internal/auth/github/github.go
index a06608a3..a06608a3 100644
--- a/pkg/auth/github/github.go
+++ b/internal/auth/github/github.go
diff --git a/pkg/auth/ldap/README.md b/internal/auth/ldap/README.md
index bc357e96..bc357e96 100644
--- a/pkg/auth/ldap/README.md
+++ b/internal/auth/ldap/README.md
diff --git a/pkg/auth/ldap/ldap.go b/internal/auth/ldap/ldap.go
index e88cef77..e88cef77 100644
--- a/pkg/auth/ldap/ldap.go
+++ b/internal/auth/ldap/ldap.go
diff --git a/pkg/auth/pam/pam.go b/internal/auth/pam/pam.go
index 7f326d42..7f326d42 100644
--- a/pkg/auth/pam/pam.go
+++ b/internal/auth/pam/pam.go
diff --git a/pkg/auth/pam/pam_stub.go b/internal/auth/pam/pam_stub.go
index 33ac751a..33ac751a 100644
--- a/pkg/auth/pam/pam_stub.go
+++ b/internal/auth/pam/pam_stub.go
diff --git a/pkg/avatar/avatar.go b/internal/avatar/avatar.go
index a8c3826d..a8c3826d 100644
--- a/pkg/avatar/avatar.go
+++ b/internal/avatar/avatar.go
diff --git a/pkg/avatar/avatar_test.go b/internal/avatar/avatar_test.go
index fea1c2c7..fea1c2c7 100644
--- a/pkg/avatar/avatar_test.go
+++ b/internal/avatar/avatar_test.go
diff --git a/pkg/bindata/bindata.go b/internal/bindata/bindata.go
index e63d55d5..e63d55d5 100644
--- a/pkg/bindata/bindata.go
+++ b/internal/bindata/bindata.go
diff --git a/cmd/admin.go b/internal/cmd/admin.go
index df4dae2e..de8b6ba6 100644
--- a/cmd/admin.go
+++ b/internal/cmd/admin.go
@@ -11,8 +11,8 @@ import (
 
 	"github.com/urfave/cli"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/setting"
 )
 
 var (
@@ -50,7 +50,7 @@ to make automatic initialization process more smoothly`,
 		Name:  "delete-inactive-users",
 		Usage: "Delete all inactive accounts",
 		Action: adminDashboardOperation(
-			models.DeleteInactivateUsers,
+			db.DeleteInactivateUsers,
 			"All inactivate accounts have been deleted successfully",
 		),
 		Flags: []cli.Flag{
@@ -62,7 +62,7 @@ to make automatic initialization process more smoothly`,
 		Name:  "delete-repository-archives",
 		Usage: "Delete all repositories archives",
 		Action: adminDashboardOperation(
-			models.DeleteRepositoryArchives,
+			db.DeleteRepositoryArchives,
 			"All repositories archives have been deleted successfully",
 		),
 		Flags: []cli.Flag{
@@ -74,7 +74,7 @@ to make automatic initialization process more smoothly`,
 		Name:  "delete-missing-repositories",
 		Usage: "Delete all repository records that lost Git files",
 		Action: adminDashboardOperation(
-			models.DeleteMissingRepositories,
+			db.DeleteMissingRepositories,
 			"All repositories archives have been deleted successfully",
 		),
 		Flags: []cli.Flag{
@@ -86,7 +86,7 @@ to make automatic initialization process more smoothly`,
 		Name:  "collect-garbage",
 		Usage: "Do garbage collection on repositories",
 		Action: adminDashboardOperation(
-			models.GitGcRepos,
+			db.GitGcRepos,
 			"All repositories have done garbage collection successfully",
 		),
 		Flags: []cli.Flag{
@@ -98,7 +98,7 @@ to make automatic initialization process more smoothly`,
 		Name:  "rewrite-authorized-keys",
 		Usage: "Rewrite '.ssh/authorized_keys' file (caution: non-Gogs keys will be lost)",
 		Action: adminDashboardOperation(
-			models.RewriteAuthorizedKeys,
+			db.RewriteAuthorizedKeys,
 			"All public keys have been rewritten successfully",
 		),
 		Flags: []cli.Flag{
@@ -110,7 +110,7 @@ to make automatic initialization process more smoothly`,
 		Name:  "resync-hooks",
 		Usage: "Resync pre-receive, update and post-receive hooks",
 		Action: adminDashboardOperation(
-			models.SyncRepositoryHooks,
+			db.SyncRepositoryHooks,
 			"All repositories' pre-receive, update and post-receive hooks have been resynced successfully",
 		),
 		Flags: []cli.Flag{
@@ -122,7 +122,7 @@ to make automatic initialization process more smoothly`,
 		Name:  "reinit-missing-repositories",
 		Usage: "Reinitialize all repository records that lost Git files",
 		Action: adminDashboardOperation(
-			models.ReinitMissingRepositories,
+			db.ReinitMissingRepositories,
 			"All repository records that lost Git files have been reinitialized successfully",
 		),
 		Flags: []cli.Flag{
@@ -145,10 +145,10 @@ func runCreateUser(c *cli.Context) error {
 	}
 
 	setting.NewContext()
-	models.LoadConfigs()
-	models.SetEngine()
+	db.LoadConfigs()
+	db.SetEngine()
 
-	if err := models.CreateUser(&models.User{
+	if err := db.CreateUser(&db.User{
 		Name:     c.String("name"),
 		Email:    c.String("email"),
 		Passwd:   c.String("password"),
@@ -169,8 +169,8 @@ func adminDashboardOperation(operation func() error, successMessage string) func
 		}
 
 		setting.NewContext()
-		models.LoadConfigs()
-		models.SetEngine()
+		db.LoadConfigs()
+		db.SetEngine()
 
 		if err := operation(); err != nil {
 			functionName := runtime.FuncForPC(reflect.ValueOf(operation).Pointer()).Name()
diff --git a/cmd/backup.go b/internal/cmd/backup.go
index b293d02d..e918d486 100644
--- a/cmd/backup.go
+++ b/internal/cmd/backup.go
@@ -17,8 +17,8 @@ import (
 	log "gopkg.in/clog.v1"
 	"gopkg.in/ini.v1"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/setting"
 )
 
 var Backup = cli.Command{
@@ -48,8 +48,8 @@ func runBackup(c *cli.Context) error {
 		setting.CustomConf = c.String("config")
 	}
 	setting.NewContext()
-	models.LoadConfigs()
-	models.SetEngine()
+	db.LoadConfigs()
+	db.SetEngine()
 
 	tmpDir := c.String("tempdir")
 	if !com.IsExist(tmpDir) {
@@ -84,7 +84,7 @@ func runBackup(c *cli.Context) error {
 
 	// Database
 	dbDir := path.Join(rootDir, "db")
-	if err = models.DumpDatabase(dbDir); err != nil {
+	if err = db.DumpDatabase(dbDir); err != nil {
 		log.Fatal(0, "Fail to dump database: %v", err)
 	}
 	if err = z.AddDir(_ARCHIVE_ROOT_DIR+"/db", dbDir); err != nil {
diff --git a/cmd/cert.go b/internal/cmd/cert.go
index 7c91c2c6..7c91c2c6 100644
--- a/cmd/cert.go
+++ b/internal/cmd/cert.go
diff --git a/cmd/cert_stub.go b/internal/cmd/cert_stub.go
index 6164c83e..6164c83e 100644
--- a/cmd/cert_stub.go
+++ b/internal/cmd/cert_stub.go
diff --git a/cmd/cmd.go b/internal/cmd/cmd.go
index 29afa625..29afa625 100644
--- a/cmd/cmd.go
+++ b/internal/cmd/cmd.go
diff --git a/cmd/hook.go b/internal/cmd/hook.go
index b0657004..a6c79c3b 100644
--- a/cmd/hook.go
+++ b/internal/cmd/hook.go
@@ -21,12 +21,12 @@ import (
 
 	"github.com/gogs/git-module"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/httplib"
-	"gogs.io/gogs/pkg/mailer"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/pkg/template"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/httplib"
+	"gogs.io/gogs/internal/mailer"
+	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/template"
 )
 
 var (
@@ -70,7 +70,7 @@ func runHookPreReceive(c *cli.Context) error {
 	}
 	setup(c, "hooks/pre-receive.log", true)
 
-	isWiki := strings.Contains(os.Getenv(models.ENV_REPO_CUSTOM_HOOKS_PATH), ".wiki.git/")
+	isWiki := strings.Contains(os.Getenv(db.ENV_REPO_CUSTOM_HOOKS_PATH), ".wiki.git/")
 
 	buf := bytes.NewBuffer(nil)
 	scanner := bufio.NewScanner(os.Stdin)
@@ -91,8 +91,8 @@ func runHookPreReceive(c *cli.Context) error {
 		branchName := strings.TrimPrefix(string(fields[2]), git.BRANCH_PREFIX)
 
 		// Branch protection
-		repoID := com.StrTo(os.Getenv(models.ENV_REPO_ID)).MustInt64()
-		protectBranch, err := models.GetProtectBranchOfRepoByName(repoID, branchName)
+		repoID := com.StrTo(os.Getenv(db.ENV_REPO_ID)).MustInt64()
+		protectBranch, err := db.GetProtectBranchOfRepoByName(repoID, branchName)
 		if err != nil {
 			if errors.IsErrBranchNotExist(err) {
 				continue
@@ -107,9 +107,9 @@ func runHookPreReceive(c *cli.Context) error {
 		bypassRequirePullRequest := false
 
 		// Check if user is in whitelist when enabled
-		userID := com.StrTo(os.Getenv(models.ENV_AUTH_USER_ID)).MustInt64()
+		userID := com.StrTo(os.Getenv(db.ENV_AUTH_USER_ID)).MustInt64()
 		if protectBranch.EnableWhitelist {
-			if !models.IsUserInProtectBranchWhitelist(repoID, userID, branchName) {
+			if !db.IsUserInProtectBranchWhitelist(repoID, userID, branchName) {
 				fail(fmt.Sprintf("Branch '%s' is protected and you are not in the push whitelist", branchName), "")
 			}
 
@@ -128,7 +128,7 @@ func runHookPreReceive(c *cli.Context) error {
 
 		// Check force push
 		output, err := git.NewCommand("rev-list", "--max-count=1", oldCommitID, "^"+newCommitID).
-			RunInDir(models.RepoPath(os.Getenv(models.ENV_REPO_OWNER_NAME), os.Getenv(models.ENV_REPO_NAME)))
+			RunInDir(db.RepoPath(os.Getenv(db.ENV_REPO_OWNER_NAME), os.Getenv(db.ENV_REPO_NAME)))
 		if err != nil {
 			fail("Internal error", "Fail to detect force push: %v", err)
 		} else if len(output) > 0 {
@@ -136,7 +136,7 @@ func runHookPreReceive(c *cli.Context) error {
 		}
 	}
 
-	customHooksPath := filepath.Join(os.Getenv(models.ENV_REPO_CUSTOM_HOOKS_PATH), "pre-receive")
+	customHooksPath := filepath.Join(os.Getenv(db.ENV_REPO_CUSTOM_HOOKS_PATH), "pre-receive")
 	if !com.IsFile(customHooksPath) {
 		return nil
 	}
@@ -147,7 +147,7 @@ func runHookPreReceive(c *cli.Context) error {
 	} else {
 		hookCmd = exec.Command(customHooksPath)
 	}
-	hookCmd.Dir = models.RepoPath(os.Getenv(models.ENV_REPO_OWNER_NAME), os.Getenv(models.ENV_REPO_NAME))
+	hookCmd.Dir = db.RepoPath(os.Getenv(db.ENV_REPO_OWNER_NAME), os.Getenv(db.ENV_REPO_NAME))
 	hookCmd.Stdout = os.Stdout
 	hookCmd.Stdin = buf
 	hookCmd.Stderr = os.Stderr
@@ -170,7 +170,7 @@ func runHookUpdate(c *cli.Context) error {
 		fail("First argument 'refName' is empty", "First argument 'refName' is empty")
 	}
 
-	customHooksPath := filepath.Join(os.Getenv(models.ENV_REPO_CUSTOM_HOOKS_PATH), "update")
+	customHooksPath := filepath.Join(os.Getenv(db.ENV_REPO_CUSTOM_HOOKS_PATH), "update")
 	if !com.IsFile(customHooksPath) {
 		return nil
 	}
@@ -181,7 +181,7 @@ func runHookUpdate(c *cli.Context) error {
 	} else {
 		hookCmd = exec.Command(customHooksPath, args...)
 	}
-	hookCmd.Dir = models.RepoPath(os.Getenv(models.ENV_REPO_OWNER_NAME), os.Getenv(models.ENV_REPO_NAME))
+	hookCmd.Dir = db.RepoPath(os.Getenv(db.ENV_REPO_OWNER_NAME), os.Getenv(db.ENV_REPO_NAME))
 	hookCmd.Stdout = os.Stdout
 	hookCmd.Stdin = os.Stdin
 	hookCmd.Stderr = os.Stderr
@@ -204,7 +204,7 @@ func runHookPostReceive(c *cli.Context) error {
 	mailer.InitMailRender(path.Join(setting.StaticRootPath, "templates/mail"),
 		path.Join(setting.CustomPath, "templates/mail"), template.NewFuncMap())
 
-	isWiki := strings.Contains(os.Getenv(models.ENV_REPO_CUSTOM_HOOKS_PATH), ".wiki.git/")
+	isWiki := strings.Contains(os.Getenv(db.ENV_REPO_CUSTOM_HOOKS_PATH), ".wiki.git/")
 
 	buf := bytes.NewBuffer(nil)
 	scanner := bufio.NewScanner(os.Stdin)
@@ -222,24 +222,24 @@ func runHookPostReceive(c *cli.Context) error {
 			continue
 		}
 
-		options := models.PushUpdateOptions{
+		options := db.PushUpdateOptions{
 			OldCommitID:  string(fields[0]),
 			NewCommitID:  string(fields[1]),
 			RefFullName:  string(fields[2]),
-			PusherID:     com.StrTo(os.Getenv(models.ENV_AUTH_USER_ID)).MustInt64(),
-			PusherName:   os.Getenv(models.ENV_AUTH_USER_NAME),
-			RepoUserName: os.Getenv(models.ENV_REPO_OWNER_NAME),
-			RepoName:     os.Getenv(models.ENV_REPO_NAME),
+			PusherID:     com.StrTo(os.Getenv(db.ENV_AUTH_USER_ID)).MustInt64(),
+			PusherName:   os.Getenv(db.ENV_AUTH_USER_NAME),
+			RepoUserName: os.Getenv(db.ENV_REPO_OWNER_NAME),
+			RepoName:     os.Getenv(db.ENV_REPO_NAME),
 		}
-		if err := models.PushUpdate(options); err != nil {
+		if err := db.PushUpdate(options); err != nil {
 			log.Error(2, "PushUpdate: %v", err)
 		}
 
 		// Ask for running deliver hook and test pull request tasks
 		reqURL := setting.LocalURL + options.RepoUserName + "/" + options.RepoName + "/tasks/trigger?branch=" +
 			template.EscapePound(strings.TrimPrefix(options.RefFullName, git.BRANCH_PREFIX)) +
-			"&secret=" + os.Getenv(models.ENV_REPO_OWNER_SALT_MD5) +
-			"&pusher=" + os.Getenv(models.ENV_AUTH_USER_ID)
+			"&secret=" + os.Getenv(db.ENV_REPO_OWNER_SALT_MD5) +
+			"&pusher=" + os.Getenv(db.ENV_AUTH_USER_ID)
 		log.Trace("Trigger task: %s", reqURL)
 
 		resp, err := httplib.Head(reqURL).SetTLSClientConfig(&tls.Config{
@@ -255,7 +255,7 @@ func runHookPostReceive(c *cli.Context) error {
 		}
 	}
 
-	customHooksPath := filepath.Join(os.Getenv(models.ENV_REPO_CUSTOM_HOOKS_PATH), "post-receive")
+	customHooksPath := filepath.Join(os.Getenv(db.ENV_REPO_CUSTOM_HOOKS_PATH), "post-receive")
 	if !com.IsFile(customHooksPath) {
 		return nil
 	}
@@ -266,7 +266,7 @@ func runHookPostReceive(c *cli.Context) error {
 	} else {
 		hookCmd = exec.Command(customHooksPath)
 	}
-	hookCmd.Dir = models.RepoPath(os.Getenv(models.ENV_REPO_OWNER_NAME), os.Getenv(models.ENV_REPO_NAME))
+	hookCmd.Dir = db.RepoPath(os.Getenv(db.ENV_REPO_OWNER_NAME), os.Getenv(db.ENV_REPO_NAME))
 	hookCmd.Stdout = os.Stdout
 	hookCmd.Stdin = buf
 	hookCmd.Stderr = os.Stderr
diff --git a/cmd/import.go b/internal/cmd/import.go
index 804963f0..4ee43b5b 100644
--- a/cmd/import.go
+++ b/internal/cmd/import.go
@@ -15,7 +15,7 @@ import (
 	"github.com/unknwon/com"
 	"github.com/urfave/cli"
 
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/setting"
 )
 
 var (
diff --git a/cmd/restore.go b/internal/cmd/restore.go
index 7ebb8407..cd5595df 100644
--- a/cmd/restore.go
+++ b/internal/cmd/restore.go
@@ -8,15 +8,15 @@ import (
 	"os"
 	"path"
 
+	"github.com/mcuadros/go-version"
 	"github.com/unknwon/cae/zip"
 	"github.com/unknwon/com"
-	"github.com/mcuadros/go-version"
 	"github.com/urfave/cli"
 	log "gopkg.in/clog.v1"
 	"gopkg.in/ini.v1"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/setting"
 )
 
 var Restore = cli.Command{
@@ -91,12 +91,12 @@ func runRestore(c *cli.Context) error {
 		setting.CustomConf = configFile
 	}
 	setting.NewContext()
-	models.LoadConfigs()
-	models.SetEngine()
+	db.LoadConfigs()
+	db.SetEngine()
 
 	// Database
 	dbDir := path.Join(archivePath, "db")
-	if err = models.ImportDatabase(dbDir, c.Bool("verbose")); err != nil {
+	if err = db.ImportDatabase(dbDir, c.Bool("verbose")); err != nil {
 		log.Fatal(0, "Failed to import database: %v", err)
 	}
 
diff --git a/cmd/serv.go b/internal/cmd/serv.go
index c767634e..870cf62e 100644
--- a/cmd/serv.go
+++ b/internal/cmd/serv.go
@@ -16,9 +16,9 @@ import (
 	"github.com/urfave/cli"
 	log "gopkg.in/clog.v1"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/setting"
 )
 
 const (
@@ -76,14 +76,14 @@ func setup(c *cli.Context, logPath string, connectDB bool) {
 		return
 	}
 
-	models.LoadConfigs()
+	db.LoadConfigs()
 
 	if setting.UseSQLite3 {
 		workDir, _ := setting.WorkDir()
 		os.Chdir(workDir)
 	}
 
-	if err := models.SetEngine(); err != nil {
+	if err := db.SetEngine(); err != nil {
 		fail("Internal error", "SetEngine: %v", err)
 	}
 }
@@ -96,29 +96,29 @@ func parseSSHCmd(cmd string) (string, string) {
 	return ss[0], strings.Replace(ss[1], "'/", "'", 1)
 }
 
-func checkDeployKey(key *models.PublicKey, repo *models.Repository) {
+func checkDeployKey(key *db.PublicKey, repo *db.Repository) {
 	// Check if this deploy key belongs to current repository.
-	if !models.HasDeployKey(key.ID, repo.ID) {
+	if !db.HasDeployKey(key.ID, repo.ID) {
 		fail("Key access denied", "Deploy key access denied: [key_id: %d, repo_id: %d]", key.ID, repo.ID)
 	}
 
 	// Update deploy key activity.
-	deployKey, err := models.GetDeployKeyByRepo(key.ID, repo.ID)
+	deployKey, err := db.GetDeployKeyByRepo(key.ID, repo.ID)
 	if err != nil {
 		fail("Internal error", "GetDeployKey: %v", err)
 	}
 
 	deployKey.Updated = time.Now()
-	if err = models.UpdateDeployKey(deployKey); err != nil {
+	if err = db.UpdateDeployKey(deployKey); err != nil {
 		fail("Internal error", "UpdateDeployKey: %v", err)
 	}
 }
 
 var (
-	allowedCommands = map[string]models.AccessMode{
-		"git-upload-pack":    models.ACCESS_MODE_READ,
-		"git-upload-archive": models.ACCESS_MODE_READ,
-		"git-receive-pack":   models.ACCESS_MODE_WRITE,
+	allowedCommands = map[string]db.AccessMode{
+		"git-upload-pack":    db.ACCESS_MODE_READ,
+		"git-upload-archive": db.ACCESS_MODE_READ,
+		"git-receive-pack":   db.ACCESS_MODE_WRITE,
 	}
 )
 
@@ -151,7 +151,7 @@ func runServ(c *cli.Context) error {
 	repoName := strings.TrimSuffix(strings.ToLower(repoFields[1]), ".git")
 	repoName = strings.TrimSuffix(repoName, ".wiki")
 
-	owner, err := models.GetUserByName(ownerName)
+	owner, err := db.GetUserByName(ownerName)
 	if err != nil {
 		if errors.IsUserNotExist(err) {
 			fail("Repository owner does not exist", "Unregistered owner: %s", ownerName)
@@ -159,7 +159,7 @@ func runServ(c *cli.Context) error {
 		fail("Internal error", "Fail to get repository owner '%s': %v", ownerName, err)
 	}
 
-	repo, err := models.GetRepositoryByName(owner.ID, repoName)
+	repo, err := db.GetRepositoryByName(owner.ID, repoName)
 	if err != nil {
 		if errors.IsRepoNotExist(err) {
 			fail(_ACCESS_DENIED_MESSAGE, "Repository does not exist: %s/%s", owner.Name, repoName)
@@ -174,19 +174,19 @@ func runServ(c *cli.Context) error {
 	}
 
 	// Prohibit push to mirror repositories.
-	if requestMode > models.ACCESS_MODE_READ && repo.IsMirror {
+	if requestMode > db.ACCESS_MODE_READ && repo.IsMirror {
 		fail("Mirror repository is read-only", "")
 	}
 
 	// Allow anonymous (user is nil) clone for public repositories.
-	var user *models.User
+	var user *db.User
 
-	key, err := models.GetPublicKeyByID(com.StrTo(strings.TrimPrefix(c.Args()[0], "key-")).MustInt64())
+	key, err := db.GetPublicKeyByID(com.StrTo(strings.TrimPrefix(c.Args()[0], "key-")).MustInt64())
 	if err != nil {
 		fail("Invalid key ID", "Invalid key ID '%s': %v", c.Args()[0], err)
 	}
 
-	if requestMode == models.ACCESS_MODE_WRITE || repo.IsPrivate {
+	if requestMode == db.ACCESS_MODE_WRITE || repo.IsPrivate {
 		// Check deploy key or user key.
 		if key.IsDeployKey() {
 			if key.Mode < requestMode {
@@ -194,19 +194,19 @@ func runServ(c *cli.Context) error {
 			}
 			checkDeployKey(key, repo)
 		} else {
-			user, err = models.GetUserByKeyID(key.ID)
+			user, err = db.GetUserByKeyID(key.ID)
 			if err != nil {
 				fail("Internal error", "Fail to get user by key ID '%d': %v", key.ID, err)
 			}
 
-			mode, err := models.UserAccessMode(user.ID, repo)
+			mode, err := db.UserAccessMode(user.ID, repo)
 			if err != nil {
 				fail("Internal error", "Fail to check access: %v", err)
 			}
 
 			if mode < requestMode {
 				clientMessage := _ACCESS_DENIED_MESSAGE
-				if mode >= models.ACCESS_MODE_READ {
+				if mode >= db.ACCESS_MODE_READ {
 					clientMessage = "You do not have sufficient authorization for this action"
 				}
 				fail(clientMessage,
@@ -227,13 +227,13 @@ func runServ(c *cli.Context) error {
 
 	// Update user key activity.
 	if key.ID > 0 {
-		key, err := models.GetPublicKeyByID(key.ID)
+		key, err := db.GetPublicKeyByID(key.ID)
 		if err != nil {
 			fail("Internal error", "GetPublicKeyByID: %v", err)
 		}
 
 		key.Updated = time.Now()
-		if err = models.UpdatePublicKey(key); err != nil {
+		if err = db.UpdatePublicKey(key); err != nil {
 			fail("Internal error", "UpdatePublicKey: %v", err)
 		}
 	}
@@ -250,8 +250,8 @@ func runServ(c *cli.Context) error {
 	} else {
 		gitCmd = exec.Command(verb, repoFullName)
 	}
-	if requestMode == models.ACCESS_MODE_WRITE {
-		gitCmd.Env = append(os.Environ(), models.ComposeHookEnvs(models.ComposeHookEnvsOptions{
+	if requestMode == db.ACCESS_MODE_WRITE {
+		gitCmd.Env = append(os.Environ(), db.ComposeHookEnvs(db.ComposeHookEnvsOptions{
 			AuthUser:  user,
 			OwnerName: owner.Name,
 			OwnerSalt: owner.Salt,
diff --git a/cmd/web.go b/internal/cmd/web.go
index 66a24aee..709bc0df 100644
--- a/cmd/web.go
+++ b/internal/cmd/web.go
@@ -15,7 +15,6 @@ import (
 	"path"
 	"strings"
 
-	"github.com/unknwon/com"
 	"github.com/go-macaron/binding"
 	"github.com/go-macaron/cache"
 	"github.com/go-macaron/captcha"
@@ -26,24 +25,25 @@ import (
 	"github.com/go-macaron/toolbox"
 	"github.com/mcuadros/go-version"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
+	"github.com/unknwon/com"
 	"github.com/urfave/cli"
 	log "gopkg.in/clog.v1"
 	"gopkg.in/macaron.v1"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/pkg/bindata"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/form"
-	"gogs.io/gogs/pkg/mailer"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/pkg/template"
-	"gogs.io/gogs/routes"
-	"gogs.io/gogs/routes/admin"
-	apiv1 "gogs.io/gogs/routes/api/v1"
-	"gogs.io/gogs/routes/dev"
-	"gogs.io/gogs/routes/org"
-	"gogs.io/gogs/routes/repo"
-	"gogs.io/gogs/routes/user"
+	"gogs.io/gogs/internal/bindata"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/form"
+	"gogs.io/gogs/internal/mailer"
+	"gogs.io/gogs/internal/route"
+	"gogs.io/gogs/internal/route/admin"
+	apiv1 "gogs.io/gogs/internal/route/api/v1"
+	"gogs.io/gogs/internal/route/dev"
+	"gogs.io/gogs/internal/route/org"
+	"gogs.io/gogs/internal/route/repo"
+	"gogs.io/gogs/internal/route/user"
+	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/template"
 )
 
 var Web = cli.Command{
@@ -97,14 +97,14 @@ func newMacaron() *macaron.Macaron {
 	m.Use(macaron.Static(
 		setting.AvatarUploadPath,
 		macaron.StaticOptions{
-			Prefix:      models.USER_AVATAR_URL_PREFIX,
+			Prefix:      db.USER_AVATAR_URL_PREFIX,
 			SkipLogging: setting.DisableRouterLog,
 		},
 	))
 	m.Use(macaron.Static(
 		setting.RepositoryAvatarUploadPath,
 		macaron.StaticOptions{
-			Prefix:      models.REPO_AVATAR_URL_PREFIX,
+			Prefix:      db.REPO_AVATAR_URL_PREFIX,
 			SkipLogging: setting.DisableRouterLog,
 		},
 	))
@@ -156,7 +156,7 @@ func newMacaron() *macaron.Macaron {
 		HealthCheckFuncs: []*toolbox.HealthCheckFuncDesc{
 			&toolbox.HealthCheckFuncDesc{
 				Desc: "Database connection",
-				Func: models.Ping,
+				Func: db.Ping,
 			},
 		},
 	}))
@@ -168,7 +168,7 @@ func runWeb(c *cli.Context) error {
 	if c.IsSet("config") {
 		setting.CustomConf = c.String("config")
 	}
-	routes.GlobalInit()
+	route.GlobalInit()
 	checkVersion()
 
 	m := newMacaron()
@@ -182,20 +182,20 @@ func runWeb(c *cli.Context) error {
 
 	m.SetAutoHead(true)
 
-	// FIXME: not all routes need go through same middlewares.
+	// FIXME: not all route need go through same middlewares.
 	// Especially some AJAX requests, we can reduce middleware number to improve performance.
 	// Routers.
-	m.Get("/", ignSignIn, routes.Home)
+	m.Get("/", ignSignIn, route.Home)
 	m.Group("/explore", func() {
 		m.Get("", func(c *context.Context) {
 			c.Redirect(setting.AppSubURL + "/explore/repos")
 		})
-		m.Get("/repos", routes.ExploreRepos)
-		m.Get("/users", routes.ExploreUsers)
-		m.Get("/organizations", routes.ExploreOrganizations)
+		m.Get("/repos", route.ExploreRepos)
+		m.Get("/users", route.ExploreUsers)
+		m.Get("/organizations", route.ExploreOrganizations)
 	}, ignSignIn)
-	m.Combo("/install", routes.InstallInit).Get(routes.Install).
-		Post(bindIgnErr(form.Install{}), routes.InstallPost)
+	m.Combo("/install", route.InstallInit).Get(route.Install).
+		Post(bindIgnErr(form.Install{}), route.InstallPost)
 	m.Get("/^:type(issues|pulls)$", reqSignIn, user.Issues)
 
 	// ***** START: User *****
@@ -311,9 +311,9 @@ func runWeb(c *cli.Context) error {
 		}, context.InjectParamsUser())
 
 		m.Get("/attachments/:uuid", func(c *context.Context) {
-			attach, err := models.GetAttachmentByUUID(c.Params(":uuid"))
+			attach, err := db.GetAttachmentByUUID(c.Params(":uuid"))
 			if err != nil {
-				c.NotFoundOrServerError("GetAttachmentByUUID", models.IsErrAttachmentNotExist, err)
+				c.NotFoundOrServerError("GetAttachmentByUUID", db.IsErrAttachmentNotExist, err)
 				return
 			} else if !com.IsFile(attach.LocalPath()) {
 				c.NotFound()
@@ -644,7 +644,7 @@ func runWeb(c *cli.Context) error {
 			m.Head("/tasks/trigger", repo.TriggerTask)
 		})
 		// Use the regexp to match the repository name
-		// Duplicated routes to enable different ways of accessing same set of URLs,
+		// Duplicated route to enable different ways of accessing same set of URLs,
 		// e.g. with or without ".git" suffix.
 		m.Group("/:reponame([\\d\\w-_\\.]+\\.git$)", func() {
 			m.Get("", ignSignIn, context.RepoAssignment(), context.RepoRef(), repo.Home)
@@ -682,7 +682,7 @@ func runWeb(c *cli.Context) error {
 	})
 
 	// Not found handler.
-	m.NotFound(routes.NotFound)
+	m.NotFound(route.NotFound)
 
 	// Flag for port number in case first time run conflict.
 	if c.IsSet("port") {
diff --git a/pkg/context/api.go b/internal/context/api.go
index c4812475..220ab340 100644
--- a/pkg/context/api.go
+++ b/internal/context/api.go
@@ -13,7 +13,7 @@ import (
 	log "gopkg.in/clog.v1"
 	"gopkg.in/macaron.v1"
 
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/setting"
 )
 
 type APIContext struct {
diff --git a/pkg/context/api_org.go b/internal/context/api_org.go
index 11625ab4..3927b890 100644
--- a/pkg/context/api_org.go
+++ b/internal/context/api_org.go
@@ -5,10 +5,10 @@
 package context
 
 import (
-	"gogs.io/gogs/models"
+	"gogs.io/gogs/internal/db"
 )
 
 type APIOrganization struct {
-	Organization *models.User
-	Team         *models.Team
+	Organization *db.User
+	Team         *db.Team
 }
diff --git a/pkg/context/auth.go b/internal/context/auth.go
index 92ea7142..cc6c804c 100644
--- a/pkg/context/auth.go
+++ b/internal/context/auth.go
@@ -12,9 +12,9 @@ import (
 	"github.com/go-macaron/csrf"
 	"gopkg.in/macaron.v1"
 
-	"gogs.io/gogs/pkg/auth"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/pkg/tool"
+	"gogs.io/gogs/internal/auth"
+	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/tool"
 )
 
 type ToggleOptions struct {
diff --git a/pkg/context/context.go b/internal/context/context.go
index c4aa2e75..2bc4a4d0 100644
--- a/pkg/context/context.go
+++ b/internal/context/context.go
@@ -12,20 +12,20 @@ import (
 	"strings"
 	"time"
 
-	"github.com/unknwon/com"
 	"github.com/go-macaron/cache"
 	"github.com/go-macaron/csrf"
 	"github.com/go-macaron/i18n"
 	"github.com/go-macaron/session"
+	"github.com/unknwon/com"
 	log "gopkg.in/clog.v1"
 	"gopkg.in/macaron.v1"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/auth"
-	"gogs.io/gogs/pkg/form"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/pkg/template"
+	"gogs.io/gogs/internal/auth"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/form"
+	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/template"
 )
 
 // Context represents context of a request.
@@ -37,7 +37,7 @@ type Context struct {
 	Session session.Store
 
 	Link        string // Current request URL
-	User        *models.User
+	User        *db.User
 	IsLogged    bool
 	IsBasicAuth bool
 	IsTokenAuth bool
@@ -252,13 +252,13 @@ func Contexter() macaron.Handler {
 			repoName := c.Params(":reponame")
 			branchName := "master"
 
-			owner, err := models.GetUserByName(ownerName)
+			owner, err := db.GetUserByName(ownerName)
 			if err != nil {
 				c.NotFoundOrServerError("GetUserByName", errors.IsUserNotExist, err)
 				return
 			}
 
-			repo, err := models.GetRepositoryByName(owner.ID, repoName)
+			repo, err := db.GetRepositoryByName(owner.ID, repoName)
 			if err == nil && len(repo.DefaultBranch) > 0 {
 				branchName = repo.DefaultBranch
 			}
@@ -280,7 +280,7 @@ func Contexter() macaron.Handler {
 </html>
 `, map[string]string{
 				"GoGetImport":    path.Join(setting.HostAddress, setting.AppSubURL, repo.FullName()),
-				"CloneLink":      models.ComposeHTTPSCloneURL(ownerName, repoName),
+				"CloneLink":      db.ComposeHTTPSCloneURL(ownerName, repoName),
 				"GoDocDirectory": prefix + "{/dir}",
 				"GoDocFile":      prefix + "{/dir}/{file}#L{line}",
 				"InsecureFlag":   insecureFlag,
diff --git a/pkg/context/notice.go b/internal/context/notice.go
index 191441f1..16b9440f 100644
--- a/pkg/context/notice.go
+++ b/internal/context/notice.go
@@ -11,9 +11,9 @@ import (
 	"github.com/unknwon/com"
 	log "gopkg.in/clog.v1"
 
-	"gogs.io/gogs/pkg/markup"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/pkg/tool"
+	"gogs.io/gogs/internal/markup"
+	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/tool"
 )
 
 // renderNoticeBanner checks if a notice banner file exists and loads the message to display
diff --git a/pkg/context/org.go b/internal/context/org.go
index 9d243d80..df9becd2 100644
--- a/pkg/context/org.go
+++ b/internal/context/org.go
@@ -9,9 +9,9 @@ import (
 
 	"gopkg.in/macaron.v1"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/setting"
 )
 
 type Organization struct {
@@ -19,10 +19,10 @@ type Organization struct {
 	IsMember     bool
 	IsTeamMember bool // Is member of team.
 	IsTeamAdmin  bool // In owner team or team that has admin permission level.
-	Organization *models.User
+	Organization *db.User
 	OrgLink      string
 
-	Team *models.Team
+	Team *db.Team
 }
 
 func HandleOrgAssignment(c *Context, args ...bool) {
@@ -48,7 +48,7 @@ func HandleOrgAssignment(c *Context, args ...bool) {
 	orgName := c.Params(":org")
 
 	var err error
-	c.Org.Organization, err = models.GetUserByName(orgName)
+	c.Org.Organization, err = db.GetUserByName(orgName)
 	if err != nil {
 		c.NotFoundOrServerError("GetUserByName", errors.IsUserNotExist, err)
 		return
@@ -81,7 +81,7 @@ func HandleOrgAssignment(c *Context, args ...bool) {
 		}
 	} else {
 		// Fake data.
-		c.Data["SignedUser"] = &models.User{}
+		c.Data["SignedUser"] = &db.User{}
 	}
 	if (requireMember && !c.Org.IsMember) ||
 		(requireOwner && !c.Org.IsOwner) {
@@ -134,7 +134,7 @@ func HandleOrgAssignment(c *Context, args ...bool) {
 			return
 		}
 
-		c.Org.IsTeamAdmin = c.Org.Team.IsOwnerTeam() || c.Org.Team.Authorize >= models.ACCESS_MODE_ADMIN
+		c.Org.IsTeamAdmin = c.Org.Team.IsOwnerTeam() || c.Org.Team.Authorize >= db.ACCESS_MODE_ADMIN
 		c.Data["IsTeamAdmin"] = c.Org.IsTeamAdmin
 		if requireTeamAdmin && !c.Org.IsTeamAdmin {
 			c.Handle(404, "OrgAssignment", err)
diff --git a/pkg/context/repo.go b/internal/context/repo.go
index 20ccd0f0..dc0fcfee 100644
--- a/pkg/context/repo.go
+++ b/internal/context/repo.go
@@ -14,26 +14,26 @@ import (
 
 	"github.com/gogs/git-module"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/setting"
 )
 
 type PullRequest struct {
-	BaseRepo *models.Repository
+	BaseRepo *db.Repository
 	Allowed  bool
 	SameRepo bool
 	HeadInfo string // [<user>:]<branch>
 }
 
 type Repository struct {
-	AccessMode   models.AccessMode
+	AccessMode   db.AccessMode
 	IsWatching   bool
 	IsViewBranch bool
 	IsViewTag    bool
 	IsViewCommit bool
-	Repository   *models.Repository
-	Owner        *models.User
+	Repository   *db.Repository
+	Owner        *db.User
 	Commit       *git.Commit
 	Tag          *git.Tag
 	GitRepo      *git.Repository
@@ -42,31 +42,31 @@ type Repository struct {
 	TreePath     string
 	CommitID     string
 	RepoLink     string
-	CloneLink    models.CloneLink
+	CloneLink    db.CloneLink
 	CommitsCount int64
-	Mirror       *models.Mirror
+	Mirror       *db.Mirror
 
 	PullRequest *PullRequest
 }
 
 // IsOwner returns true if current user is the owner of repository.
 func (r *Repository) IsOwner() bool {
-	return r.AccessMode >= models.ACCESS_MODE_OWNER
+	return r.AccessMode >= db.ACCESS_MODE_OWNER
 }
 
 // IsAdmin returns true if current user has admin or higher access of repository.
 func (r *Repository) IsAdmin() bool {
-	return r.AccessMode >= models.ACCESS_MODE_ADMIN
+	return r.AccessMode >= db.ACCESS_MODE_ADMIN
 }
 
 // IsWriter returns true if current user has write or higher access of repository.
 func (r *Repository) IsWriter() bool {
-	return r.AccessMode >= models.ACCESS_MODE_WRITE
+	return r.AccessMode >= db.ACCESS_MODE_WRITE
 }
 
 // HasAccess returns true if the current user has at least read access for this repository
 func (r *Repository) HasAccess() bool {
-	return r.AccessMode >= models.ACCESS_MODE_READ
+	return r.AccessMode >= db.ACCESS_MODE_READ
 }
 
 // CanEnableEditor returns true if repository is editable and user has proper access level.
@@ -110,7 +110,7 @@ func (r *Repository) PullRequestURL(baseBranch, headBranch string) string {
 func RepoAssignment(pages ...bool) macaron.Handler {
 	return func(c *Context) {
 		var (
-			owner        *models.User
+			owner        *db.User
 			err          error
 			isIssuesPage bool
 			isWikiPage   bool
@@ -134,7 +134,7 @@ func RepoAssignment(pages ...bool) macaron.Handler {
 		if c.IsLogged && c.User.LowerName == strings.ToLower(ownerName) {
 			owner = c.User
 		} else {
-			owner, err = models.GetUserByName(ownerName)
+			owner, err = db.GetUserByName(ownerName)
 			if err != nil {
 				c.NotFoundOrServerError("GetUserByName", errors.IsUserNotExist, err)
 				return
@@ -143,7 +143,7 @@ func RepoAssignment(pages ...bool) macaron.Handler {
 		c.Repo.Owner = owner
 		c.Data["Username"] = c.Repo.Owner.Name
 
-		repo, err := models.GetRepositoryByName(owner.ID, repoName)
+		repo, err := db.GetRepositoryByName(owner.ID, repoName)
 		if err != nil {
 			c.NotFoundOrServerError("GetRepositoryByName", errors.IsRepoNotExist, err)
 			return
@@ -158,9 +158,9 @@ func RepoAssignment(pages ...bool) macaron.Handler {
 
 		// Admin has super access.
 		if c.IsLogged && c.User.IsAdmin {
-			c.Repo.AccessMode = models.ACCESS_MODE_OWNER
+			c.Repo.AccessMode = db.ACCESS_MODE_OWNER
 		} else {
-			mode, err := models.UserAccessMode(c.UserID(), repo)
+			mode, err := db.UserAccessMode(c.UserID(), repo)
 			if err != nil {
 				c.ServerError("UserAccessMode", err)
 				return
@@ -169,7 +169,7 @@ func RepoAssignment(pages ...bool) macaron.Handler {
 		}
 
 		// Check access
-		if c.Repo.AccessMode == models.ACCESS_MODE_NONE {
+		if c.Repo.AccessMode == db.ACCESS_MODE_NONE {
 			// Redirect to any accessible page if not yet on it
 			if repo.IsPartialPublic() &&
 				(!(isIssuesPage || isWikiPage) ||
@@ -199,7 +199,7 @@ func RepoAssignment(pages ...bool) macaron.Handler {
 		}
 
 		if repo.IsMirror {
-			c.Repo.Mirror, err = models.GetMirrorByRepoID(repo.ID)
+			c.Repo.Mirror, err = db.GetMirrorByRepoID(repo.ID)
 			if err != nil {
 				c.ServerError("GetMirror", err)
 				return
@@ -209,7 +209,7 @@ func RepoAssignment(pages ...bool) macaron.Handler {
 			c.Data["Mirror"] = c.Repo.Mirror
 		}
 
-		gitRepo, err := git.OpenRepository(models.RepoPath(ownerName, repoName))
+		gitRepo, err := git.OpenRepository(db.RepoPath(ownerName, repoName))
 		if err != nil {
 			c.ServerError(fmt.Sprintf("RepoAssignment Invalid repo '%s'", c.Repo.Repository.RepoPath()), err)
 			return
@@ -237,8 +237,8 @@ func RepoAssignment(pages ...bool) macaron.Handler {
 		c.Data["WikiCloneLink"] = repo.WikiCloneLink()
 
 		if c.IsLogged {
-			c.Data["IsWatchingRepo"] = models.IsWatching(c.User.ID, repo.ID)
-			c.Data["IsStaringRepo"] = models.IsStaring(c.User.ID, repo.ID)
+			c.Data["IsWatchingRepo"] = db.IsWatching(c.User.ID, repo.ID)
+			c.Data["IsStaringRepo"] = db.IsStaring(c.User.ID, repo.ID)
 		}
 
 		// repo is bare and display enable
@@ -286,7 +286,7 @@ func RepoRef() macaron.Handler {
 
 		// For API calls.
 		if c.Repo.GitRepo == nil {
-			repoPath := models.RepoPath(c.Repo.Owner.Name, c.Repo.Repository.Name)
+			repoPath := db.RepoPath(c.Repo.Owner.Name, c.Repo.Repository.Name)
 			c.Repo.GitRepo, err = git.OpenRepository(repoPath)
 			if err != nil {
 				c.Handle(500, "RepoRef Invalid repo "+repoPath, err)
diff --git a/pkg/context/user.go b/internal/context/user.go
index 17c6f570..d16b93b7 100644
--- a/pkg/context/user.go
+++ b/internal/context/user.go
@@ -7,20 +7,20 @@ package context
 import (
 	"gopkg.in/macaron.v1"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/models/errors"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/db/errors"
 )
 
 // ParamsUser is the wrapper type of the target user defined by URL parameter, namely ':username'.
 type ParamsUser struct {
-	*models.User
+	*db.User
 }
 
 // InjectParamsUser returns a handler that retrieves target user based on URL parameter ':username',
 // and injects it as *ParamsUser.
 func InjectParamsUser() macaron.Handler {
 	return func(c *Context) {
-		user, err := models.GetUserByName(c.Params(":username"))
+		user, err := db.GetUserByName(c.Params(":username"))
 		if err != nil {
 			c.NotFoundOrServerError("GetUserByName", errors.IsUserNotExist, err)
 			return
diff --git a/pkg/cron/cron.go b/internal/cron/cron.go
index 6e8f0eb3..9646c702 100644
--- a/pkg/cron/cron.go
+++ b/internal/cron/cron.go
@@ -11,8 +11,8 @@ import (
 
 	"github.com/gogs/cron"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/setting"
 )
 
 var c = cron.New()
@@ -23,47 +23,47 @@ func NewContext() {
 		err   error
 	)
 	if setting.Cron.UpdateMirror.Enabled {
-		entry, err = c.AddFunc("Update mirrors", setting.Cron.UpdateMirror.Schedule, models.MirrorUpdate)
+		entry, err = c.AddFunc("Update mirrors", setting.Cron.UpdateMirror.Schedule, db.MirrorUpdate)
 		if err != nil {
 			log.Fatal(2, "Cron.(update mirrors): %v", err)
 		}
 		if setting.Cron.UpdateMirror.RunAtStart {
 			entry.Prev = time.Now()
 			entry.ExecTimes++
-			go models.MirrorUpdate()
+			go db.MirrorUpdate()
 		}
 	}
 	if setting.Cron.RepoHealthCheck.Enabled {
-		entry, err = c.AddFunc("Repository health check", setting.Cron.RepoHealthCheck.Schedule, models.GitFsck)
+		entry, err = c.AddFunc("Repository health check", setting.Cron.RepoHealthCheck.Schedule, db.GitFsck)
 		if err != nil {
 			log.Fatal(2, "Cron.(repository health check): %v", err)
 		}
 		if setting.Cron.RepoHealthCheck.RunAtStart {
 			entry.Prev = time.Now()
 			entry.ExecTimes++
-			go models.GitFsck()
+			go db.GitFsck()
 		}
 	}
 	if setting.Cron.CheckRepoStats.Enabled {
-		entry, err = c.AddFunc("Check repository statistics", setting.Cron.CheckRepoStats.Schedule, models.CheckRepoStats)
+		entry, err = c.AddFunc("Check repository statistics", setting.Cron.CheckRepoStats.Schedule, db.CheckRepoStats)
 		if err != nil {
 			log.Fatal(2, "Cron.(check repository statistics): %v", err)
 		}
 		if setting.Cron.CheckRepoStats.RunAtStart {
 			entry.Prev = time.Now()
 			entry.ExecTimes++
-			go models.CheckRepoStats()
+			go db.CheckRepoStats()
 		}
 	}
 	if setting.Cron.RepoArchiveCleanup.Enabled {
-		entry, err = c.AddFunc("Repository archive cleanup", setting.Cron.RepoArchiveCleanup.Schedule, models.DeleteOldRepositoryArchives)
+		entry, err = c.AddFunc("Repository archive cleanup", setting.Cron.RepoArchiveCleanup.Schedule, db.DeleteOldRepositoryArchives)
 		if err != nil {
 			log.Fatal(2, "Cron.(repository archive cleanup): %v", err)
 		}
 		if setting.Cron.RepoArchiveCleanup.RunAtStart {
 			entry.Prev = time.Now()
 			entry.ExecTimes++
-			go models.DeleteOldRepositoryArchives()
+			go db.DeleteOldRepositoryArchives()
 		}
 	}
 	c.Start()
diff --git a/models/access.go b/internal/db/access.go
index 661a57a5..e9c8b5b7 100644
--- a/models/access.go
+++ b/internal/db/access.go
@@ -2,14 +2,14 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"fmt"
 
 	log "gopkg.in/clog.v1"
 
-	"gogs.io/gogs/models/errors"
+	"gogs.io/gogs/internal/db/errors"
 )
 
 type AccessMode int
diff --git a/models/action.go b/internal/db/action.go
index d8381e47..d6006410 100644
--- a/models/action.go
+++ b/internal/db/action.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"fmt"
@@ -12,17 +12,17 @@ import (
 	"time"
 	"unicode"
 
-	"github.com/unknwon/com"
-	"xorm.io/xorm"
 	"github.com/json-iterator/go"
+	"github.com/unknwon/com"
 	log "gopkg.in/clog.v1"
+	"xorm.io/xorm"
 
 	"github.com/gogs/git-module"
 	api "github.com/gogs/go-gogs-client"
 
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/pkg/tool"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/tool"
 )
 
 type ActionType int
diff --git a/models/admin.go b/internal/db/admin.go
index 8aaa67a9..1fe13002 100644
--- a/models/admin.go
+++ b/internal/db/admin.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"fmt"
@@ -11,10 +11,10 @@ import (
 	"time"
 
 	"github.com/unknwon/com"
-	"xorm.io/xorm"
 	log "gopkg.in/clog.v1"
+	"xorm.io/xorm"
 
-	"gogs.io/gogs/pkg/tool"
+	"gogs.io/gogs/internal/tool"
 )
 
 type NoticeType int
diff --git a/models/attachment.go b/internal/db/attachment.go
index 21718a73..1494002d 100644
--- a/models/attachment.go
+++ b/internal/db/attachment.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"fmt"
@@ -12,10 +12,10 @@ import (
 	"path"
 	"time"
 
-	"xorm.io/xorm"
 	gouuid "github.com/satori/go.uuid"
+	"xorm.io/xorm"
 
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/setting"
 )
 
 // Attachment represent a attachment of issue/comment/release.
diff --git a/models/comment.go b/internal/db/comment.go
index e3726ffe..b2f19508 100644
--- a/models/comment.go
+++ b/internal/db/comment.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"fmt"
@@ -10,13 +10,13 @@ import (
 	"time"
 
 	"github.com/unknwon/com"
-	"xorm.io/xorm"
 	log "gopkg.in/clog.v1"
+	"xorm.io/xorm"
 
 	api "github.com/gogs/go-gogs-client"
 
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/markup"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/markup"
 )
 
 // CommentType defines whether a comment is just a simple comment, an action (like close) or a reference.
diff --git a/models/error.go b/internal/db/error.go
index 63e06f6e..033d631b 100644
--- a/models/error.go
+++ b/internal/db/error.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"fmt"
diff --git a/models/errors/errors.go b/internal/db/errors/errors.go
index cc231436..cc231436 100644
--- a/models/errors/errors.go
+++ b/internal/db/errors/errors.go
diff --git a/models/errors/issue.go b/internal/db/errors/issue.go
index 903cc977..903cc977 100644
--- a/models/errors/issue.go
+++ b/internal/db/errors/issue.go
diff --git a/models/errors/login_source.go b/internal/db/errors/login_source.go
index dd18664e..dd18664e 100644
--- a/models/errors/login_source.go
+++ b/internal/db/errors/login_source.go
diff --git a/models/errors/org.go b/internal/db/errors/org.go
index 56532746..56532746 100644
--- a/models/errors/org.go
+++ b/internal/db/errors/org.go
diff --git a/models/errors/repo.go b/internal/db/errors/repo.go
index c9894af9..c9894af9 100644
--- a/models/errors/repo.go
+++ b/internal/db/errors/repo.go
diff --git a/models/errors/token.go b/internal/db/errors/token.go
index d6a4577a..d6a4577a 100644
--- a/models/errors/token.go
+++ b/internal/db/errors/token.go
diff --git a/models/errors/two_factor.go b/internal/db/errors/two_factor.go
index 02cdcf5c..02cdcf5c 100644
--- a/models/errors/two_factor.go
+++ b/internal/db/errors/two_factor.go
diff --git a/models/errors/user.go b/internal/db/errors/user.go
index 526d4b2d..526d4b2d 100644
--- a/models/errors/user.go
+++ b/internal/db/errors/user.go
diff --git a/models/errors/user_mail.go b/internal/db/errors/user_mail.go
index fcdeb78c..fcdeb78c 100644
--- a/models/errors/user_mail.go
+++ b/internal/db/errors/user_mail.go
diff --git a/models/errors/webhook.go b/internal/db/errors/webhook.go
index 76cf8cb4..76cf8cb4 100644
--- a/models/errors/webhook.go
+++ b/internal/db/errors/webhook.go
diff --git a/models/git_diff.go b/internal/db/git_diff.go
index f6bdea2d..040c472b 100644
--- a/models/git_diff.go
+++ b/internal/db/git_diff.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"bytes"
@@ -17,9 +17,9 @@ import (
 
 	"github.com/gogs/git-module"
 
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/pkg/template/highlight"
-	"gogs.io/gogs/pkg/tool"
+	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/template/highlight"
+	"gogs.io/gogs/internal/tool"
 )
 
 type DiffSection struct {
diff --git a/models/git_diff_test.go b/internal/db/git_diff_test.go
index 285e5646..d92afe9e 100644
--- a/models/git_diff_test.go
+++ b/internal/db/git_diff_test.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"html/template"
diff --git a/models/issue.go b/internal/db/issue.go
index 06ded252..f176f876 100644
--- a/models/issue.go
+++ b/internal/db/issue.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"fmt"
@@ -10,14 +10,14 @@ import (
 	"time"
 
 	"github.com/unknwon/com"
-	"xorm.io/xorm"
 	log "gopkg.in/clog.v1"
+	"xorm.io/xorm"
 
 	api "github.com/gogs/go-gogs-client"
 
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/pkg/tool"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/tool"
 )
 
 var (
diff --git a/models/issue_label.go b/internal/db/issue_label.go
index fb7f5662..ab875771 100644
--- a/models/issue_label.go
+++ b/internal/db/issue_label.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"fmt"
@@ -15,7 +15,7 @@ import (
 
 	api "github.com/gogs/go-gogs-client"
 
-	"gogs.io/gogs/pkg/tool"
+	"gogs.io/gogs/internal/tool"
 )
 
 var labelColorPattern = regexp.MustCompile("#([a-fA-F0-9]{6})")
diff --git a/models/issue_mail.go b/internal/db/issue_mail.go
index 941fbced..b1f81cc8 100644
--- a/models/issue_mail.go
+++ b/internal/db/issue_mail.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"fmt"
@@ -10,9 +10,9 @@ import (
 	"github.com/unknwon/com"
 	log "gopkg.in/clog.v1"
 
-	"gogs.io/gogs/pkg/mailer"
-	"gogs.io/gogs/pkg/markup"
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/mailer"
+	"gogs.io/gogs/internal/markup"
+	"gogs.io/gogs/internal/setting"
 )
 
 func (issue *Issue) MailSubject() string {
diff --git a/models/login_source.go b/internal/db/login_source.go
index 49601a77..c9e5dcc9 100644
--- a/models/login_source.go
+++ b/internal/db/login_source.go
@@ -3,7 +3,7 @@
 // license that can be found in the LICENSE file.
 
 // FIXME: Put this file into its own package and separate into different files based on login sources.
-package models
+package db
 
 import (
 	"crypto/tls"
@@ -24,11 +24,11 @@ import (
 	"xorm.io/core"
 	"xorm.io/xorm"
 
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/auth/github"
-	"gogs.io/gogs/pkg/auth/ldap"
-	"gogs.io/gogs/pkg/auth/pam"
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/auth/github"
+	"gogs.io/gogs/internal/auth/ldap"
+	"gogs.io/gogs/internal/auth/pam"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/setting"
 )
 
 type LoginType int
diff --git a/models/migrations/migrations.go b/internal/db/migrations/migrations.go
index eb73a3b9..79534484 100644
--- a/models/migrations/migrations.go
+++ b/internal/db/migrations/migrations.go
@@ -10,10 +10,10 @@ import (
 	"time"
 
 	"github.com/unknwon/com"
-	"xorm.io/xorm"
 	log "gopkg.in/clog.v1"
+	"xorm.io/xorm"
 
-	"gogs.io/gogs/pkg/tool"
+	"gogs.io/gogs/internal/tool"
 )
 
 const _MIN_DB_VER = 10
diff --git a/models/migrations/v13.go b/internal/db/migrations/v13.go
index 1097956e..1097956e 100644
--- a/models/migrations/v13.go
+++ b/internal/db/migrations/v13.go
diff --git a/models/migrations/v14.go b/internal/db/migrations/v14.go
index de8babed..de8babed 100644
--- a/models/migrations/v14.go
+++ b/internal/db/migrations/v14.go
diff --git a/models/migrations/v15.go b/internal/db/migrations/v15.go
index fb1214b6..7f3b9504 100644
--- a/models/migrations/v15.go
+++ b/internal/db/migrations/v15.go
@@ -15,7 +15,7 @@ import (
 	"xorm.io/xorm"
 	log "gopkg.in/clog.v1"
 
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/setting"
 )
 
 func generateAndMigrateGitHooks(x *xorm.Engine) (err error) {
diff --git a/models/migrations/v16.go b/internal/db/migrations/v16.go
index 389d1d62..b374be39 100644
--- a/models/migrations/v16.go
+++ b/internal/db/migrations/v16.go
@@ -14,7 +14,7 @@ import (
 
 	"github.com/gogs/git-module"
 
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/setting"
 )
 
 func updateRepositorySizes(x *xorm.Engine) (err error) {
diff --git a/models/migrations/v17.go b/internal/db/migrations/v17.go
index 279ddf25..279ddf25 100644
--- a/models/migrations/v17.go
+++ b/internal/db/migrations/v17.go
diff --git a/models/migrations/v18.go b/internal/db/migrations/v18.go
index b74a7ad2..9ebb46ed 100644
--- a/models/migrations/v18.go
+++ b/internal/db/migrations/v18.go
@@ -9,7 +9,7 @@ import (
 
 	"xorm.io/xorm"
 
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/setting"
 )
 
 func updateRepositoryDescriptionField(x *xorm.Engine) error {
diff --git a/models/migrations/v19.go b/internal/db/migrations/v19.go
index bae2e355..bae2e355 100644
--- a/models/migrations/v19.go
+++ b/internal/db/migrations/v19.go
diff --git a/models/milestone.go b/internal/db/milestone.go
index e30ca14f..10c5c556 100644
--- a/models/milestone.go
+++ b/internal/db/milestone.go
@@ -2,18 +2,18 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"fmt"
 	"time"
 
-	"xorm.io/xorm"
 	log "gopkg.in/clog.v1"
+	"xorm.io/xorm"
 
 	api "github.com/gogs/go-gogs-client"
 
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/setting"
 )
 
 // Milestone represents a milestone of repository.
diff --git a/models/mirror.go b/internal/db/mirror.go
index d4113f20..b165cbfc 100644
--- a/models/mirror.go
+++ b/internal/db/mirror.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"container/list"
@@ -12,16 +12,16 @@ import (
 	"time"
 
 	"github.com/unknwon/com"
-	"xorm.io/xorm"
 	log "gopkg.in/clog.v1"
 	"gopkg.in/ini.v1"
+	"xorm.io/xorm"
 
 	"github.com/gogs/git-module"
 
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/process"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/pkg/sync"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/process"
+	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/sync"
 )
 
 var MirrorQueue = sync.NewUniqueQueue(setting.Repository.MirrorQueueLength)
diff --git a/models/mirror_test.go b/internal/db/mirror_test.go
index d6e86502..cc85546a 100644
--- a/models/mirror_test.go
+++ b/internal/db/mirror_test.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"testing"
diff --git a/models/models.go b/internal/db/models.go
index 2bfb8800..75aeaf3a 100644
--- a/models/models.go
+++ b/internal/db/models.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"bufio"
@@ -17,15 +17,15 @@ import (
 
 	_ "github.com/denisenkom/go-mssqldb"
 	_ "github.com/go-sql-driver/mysql"
-	"xorm.io/core"
-	"xorm.io/xorm"
 	"github.com/json-iterator/go"
 	_ "github.com/lib/pq"
 	"github.com/unknwon/com"
 	log "gopkg.in/clog.v1"
+	"xorm.io/core"
+	"xorm.io/xorm"
 
-	"gogs.io/gogs/models/migrations"
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/db/migrations"
+	"gogs.io/gogs/internal/setting"
 )
 
 // Engine represents a XORM engine or session.
@@ -283,7 +283,7 @@ func DumpDatabase(dirPath string) (err error) {
 	// Purposely create a local variable to not modify global variable
 	tables := append(tables, new(Version))
 	for _, table := range tables {
-		tableName := strings.TrimPrefix(fmt.Sprintf("%T", table), "*models.")
+		tableName := strings.TrimPrefix(fmt.Sprintf("%T", table), "*db.")
 		tableFile := path.Join(dirPath, tableName+".json")
 		f, err := os.Create(tableFile)
 		if err != nil {
@@ -313,7 +313,7 @@ func ImportDatabase(dirPath string, verbose bool) (err error) {
 	// Purposely create a local variable to not modify global variable
 	tables := append(tables, new(Version))
 	for _, table := range tables {
-		tableName := strings.TrimPrefix(fmt.Sprintf("%T", table), "*models.")
+		tableName := strings.TrimPrefix(fmt.Sprintf("%T", table), "*db.")
 		tableFile := path.Join(dirPath, tableName+".json")
 		if !com.IsExist(tableFile) {
 			continue
diff --git a/models/models_sqlite.go b/internal/db/models_sqlite.go
index c77e5ae5..c462cc5d 100644
--- a/models/models_sqlite.go
+++ b/internal/db/models_sqlite.go
@@ -4,7 +4,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	_ "github.com/mattn/go-sqlite3"
diff --git a/models/models_test.go b/internal/db/models_test.go
index f68590c5..53f8b4f0 100644
--- a/models/models_test.go
+++ b/internal/db/models_test.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"testing"
diff --git a/models/org.go b/internal/db/org.go
index df280c42..fb16c830 100644
--- a/models/org.go
+++ b/internal/db/org.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"errors"
diff --git a/models/org_team.go b/internal/db/org_team.go
index 5fc77dbe..7021e42d 100644
--- a/models/org_team.go
+++ b/internal/db/org_team.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"fmt"
@@ -10,7 +10,7 @@ import (
 
 	"xorm.io/xorm"
 
-	"gogs.io/gogs/models/errors"
+	"gogs.io/gogs/internal/db/errors"
 )
 
 const OWNER_TEAM = "Owners"
diff --git a/models/pull.go b/internal/db/pull.go
index edb37c22..30179eb2 100644
--- a/models/pull.go
+++ b/internal/db/pull.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"fmt"
@@ -12,16 +12,16 @@ import (
 	"time"
 
 	"github.com/unknwon/com"
-	"xorm.io/xorm"
 	log "gopkg.in/clog.v1"
+	"xorm.io/xorm"
 
 	"github.com/gogs/git-module"
 	api "github.com/gogs/go-gogs-client"
 
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/process"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/pkg/sync"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/process"
+	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/sync"
 )
 
 var PullRequestQueue = sync.NewUniqueQueue(setting.Repository.PullRequestQueueLength)
diff --git a/models/release.go b/internal/db/release.go
index 26103734..7712a0af 100644
--- a/models/release.go
+++ b/internal/db/release.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"fmt"
@@ -10,14 +10,14 @@ import (
 	"strings"
 	"time"
 
-	"xorm.io/xorm"
 	log "gopkg.in/clog.v1"
+	"xorm.io/xorm"
 
 	"github.com/gogs/git-module"
 	api "github.com/gogs/go-gogs-client"
 
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/process"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/process"
 )
 
 // Release represents a release of repository.
diff --git a/models/repo.go b/internal/db/repo.go
index f456934d..8e839ef6 100644
--- a/models/repo.go
+++ b/internal/db/repo.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"bytes"
@@ -19,24 +19,24 @@ import (
 	"strings"
 	"time"
 
-	"github.com/unknwon/cae/zip"
-	"github.com/unknwon/com"
-	"xorm.io/xorm"
 	"github.com/mcuadros/go-version"
 	"github.com/nfnt/resize"
+	"github.com/unknwon/cae/zip"
+	"github.com/unknwon/com"
 	log "gopkg.in/clog.v1"
 	"gopkg.in/ini.v1"
+	"xorm.io/xorm"
 
-	git "github.com/gogs/git-module"
+	"github.com/gogs/git-module"
 	api "github.com/gogs/go-gogs-client"
 
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/avatar"
-	"gogs.io/gogs/pkg/bindata"
-	"gogs.io/gogs/pkg/markup"
-	"gogs.io/gogs/pkg/process"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/pkg/sync"
+	"gogs.io/gogs/internal/avatar"
+	"gogs.io/gogs/internal/bindata"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/markup"
+	"gogs.io/gogs/internal/process"
+	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/sync"
 )
 
 // REPO_AVATAR_URL_PREFIX is used to identify a URL is to access repository avatar.
@@ -219,7 +219,7 @@ func (repo *Repository) BeforeUpdate() {
 func (repo *Repository) AfterSet(colName string, _ xorm.Cell) {
 	switch colName {
 	case "default_branch":
-		// FIXME: use models migration to solve all at once.
+		// FIXME: use db migration to solve all at once.
 		if len(repo.DefaultBranch) == 0 {
 			repo.DefaultBranch = "master"
 		}
diff --git a/models/repo_branch.go b/internal/db/repo_branch.go
index 99fb9f04..3eb15fef 100644
--- a/models/repo_branch.go
+++ b/internal/db/repo_branch.go
@@ -2,17 +2,17 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"fmt"
 	"strings"
 
-	"github.com/unknwon/com"
 	"github.com/gogs/git-module"
+	"github.com/unknwon/com"
 
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/tool"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/tool"
 )
 
 type Branch struct {
diff --git a/models/repo_collaboration.go b/internal/db/repo_collaboration.go
index 189d0c3f..84059c0a 100644
--- a/models/repo_collaboration.go
+++ b/internal/db/repo_collaboration.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"fmt"
diff --git a/models/repo_editor.go b/internal/db/repo_editor.go
index 19eb9597..f224ac49 100644
--- a/models/repo_editor.go
+++ b/internal/db/repo_editor.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"fmt"
@@ -16,15 +16,15 @@ import (
 	"strings"
 	"time"
 
-	"github.com/unknwon/com"
 	gouuid "github.com/satori/go.uuid"
+	"github.com/unknwon/com"
 
 	"github.com/gogs/git-module"
 
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/process"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/pkg/tool"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/process"
+	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/tool"
 )
 
 const (
diff --git a/models/repo_editor_test.go b/internal/db/repo_editor_test.go
index 396382e3..18e844d0 100644
--- a/models/repo_editor_test.go
+++ b/internal/db/repo_editor_test.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"os"
diff --git a/models/repo_test.go b/internal/db/repo_test.go
index 3d852e07..c239e74d 100644
--- a/models/repo_test.go
+++ b/internal/db/repo_test.go
@@ -1,19 +1,19 @@
-package models_test
+package db_test
 
 import (
 	"testing"
 
 	. "github.com/smartystreets/goconvey/convey"
 
-	. "gogs.io/gogs/models"
-	"gogs.io/gogs/pkg/markup"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/markup"
 )
 
 func TestRepo(t *testing.T) {
 	Convey("The metas map", t, func() {
-		var repo = new(Repository)
+		var repo = new(db.Repository)
 		repo.Name = "testrepo"
-		repo.Owner = new(User)
+		repo.Owner = new(db.User)
 		repo.Owner.Name = "testuser"
 		repo.ExternalTrackerFormat = "https://someurl.com/{user}/{repo}/{issue}"
 
diff --git a/models/ssh_key.go b/internal/db/ssh_key.go
index 3f94475e..317d90d3 100644
--- a/models/ssh_key.go
+++ b/internal/db/ssh_key.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"encoding/base64"
@@ -19,12 +19,12 @@ import (
 	"time"
 
 	"github.com/unknwon/com"
-	"xorm.io/xorm"
 	"golang.org/x/crypto/ssh"
 	log "gopkg.in/clog.v1"
+	"xorm.io/xorm"
 
-	"gogs.io/gogs/pkg/process"
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/process"
+	"gogs.io/gogs/internal/setting"
 )
 
 const (
diff --git a/models/ssh_key_test.go b/internal/db/ssh_key_test.go
index 407d83e2..d4c06488 100644
--- a/models/ssh_key_test.go
+++ b/internal/db/ssh_key_test.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"fmt"
@@ -11,7 +11,7 @@ import (
 
 	. "github.com/smartystreets/goconvey/convey"
 
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/setting"
 )
 
 func init() {
diff --git a/models/token.go b/internal/db/token.go
index 93f90ed3..2e2f3492 100644
--- a/models/token.go
+++ b/internal/db/token.go
@@ -2,15 +2,16 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"time"
 
-	"xorm.io/xorm"
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/tool"
 	gouuid "github.com/satori/go.uuid"
+	"xorm.io/xorm"
+
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/tool"
 )
 
 // AccessToken represents a personal access token.
diff --git a/models/two_factor.go b/internal/db/two_factor.go
index 35e9e87e..dcc1c16c 100644
--- a/models/two_factor.go
+++ b/internal/db/two_factor.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"encoding/base64"
@@ -10,14 +10,14 @@ import (
 	"strings"
 	"time"
 
-	"github.com/unknwon/com"
-	"xorm.io/xorm"
 	"github.com/pquerna/otp/totp"
+	"github.com/unknwon/com"
 	log "gopkg.in/clog.v1"
+	"xorm.io/xorm"
 
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/pkg/tool"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/tool"
 )
 
 // TwoFactor represents a two-factor authentication token.
diff --git a/models/update.go b/internal/db/update.go
index db01392c..6555a479 100644
--- a/models/update.go
+++ b/internal/db/update.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"container/list"
diff --git a/models/user.go b/internal/db/user.go
index 26f7bc0c..3318a4be 100644
--- a/models/user.go
+++ b/internal/db/user.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"bytes"
@@ -20,19 +20,19 @@ import (
 	"time"
 	"unicode/utf8"
 
-	"github.com/unknwon/com"
-	"xorm.io/xorm"
 	"github.com/nfnt/resize"
+	"github.com/unknwon/com"
 	"golang.org/x/crypto/pbkdf2"
 	log "gopkg.in/clog.v1"
+	"xorm.io/xorm"
 
 	"github.com/gogs/git-module"
 	api "github.com/gogs/go-gogs-client"
 
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/avatar"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/pkg/tool"
+	"gogs.io/gogs/internal/avatar"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/tool"
 )
 
 // USER_AVATAR_URL_PREFIX is used to identify a URL is to access user avatar.
diff --git a/models/user_cache.go b/internal/db/user_cache.go
index 45c3721b..314ea3b1 100644
--- a/models/user_cache.go
+++ b/internal/db/user_cache.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 // MailResendCacheKey returns key used for cache mail resend.
 func (u *User) MailResendCacheKey() string {
diff --git a/models/user_mail.go b/internal/db/user_mail.go
index d036790c..5304f13b 100644
--- a/models/user_mail.go
+++ b/internal/db/user_mail.go
@@ -2,13 +2,13 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"fmt"
 	"strings"
 
-	"gogs.io/gogs/models/errors"
+	"gogs.io/gogs/internal/db/errors"
 )
 
 // EmailAdresses is the list of all email addresses of a user. Can contain the
diff --git a/models/webhook.go b/internal/db/webhook.go
index 6f39ab7c..750cc613 100644
--- a/models/webhook.go
+++ b/internal/db/webhook.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"crypto/hmac"
@@ -14,17 +14,17 @@ import (
 	"strings"
 	"time"
 
-	"xorm.io/xorm"
 	"github.com/json-iterator/go"
 	gouuid "github.com/satori/go.uuid"
 	log "gopkg.in/clog.v1"
+	"xorm.io/xorm"
 
 	api "github.com/gogs/go-gogs-client"
 
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/httplib"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/pkg/sync"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/httplib"
+	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/sync"
 )
 
 var HookQueue = sync.NewUniqueQueue(setting.Webhook.QueueLength)
diff --git a/models/webhook_dingtalk.go b/internal/db/webhook_dingtalk.go
index 99b623cc..4382803d 100644
--- a/models/webhook_dingtalk.go
+++ b/internal/db/webhook_dingtalk.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"fmt"
diff --git a/models/webhook_discord.go b/internal/db/webhook_discord.go
index e7cd9f9f..35b7d9b1 100644
--- a/models/webhook_discord.go
+++ b/internal/db/webhook_discord.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"fmt"
@@ -14,7 +14,7 @@ import (
 	"github.com/gogs/git-module"
 	api "github.com/gogs/go-gogs-client"
 
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/setting"
 )
 
 type DiscordEmbedFooterObject struct {
diff --git a/models/webhook_slack.go b/internal/db/webhook_slack.go
index 824191be..ae547dd7 100644
--- a/models/webhook_slack.go
+++ b/internal/db/webhook_slack.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"fmt"
@@ -13,7 +13,7 @@ import (
 	"github.com/gogs/git-module"
 	api "github.com/gogs/go-gogs-client"
 
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/setting"
 )
 
 type SlackMeta struct {
diff --git a/models/wiki.go b/internal/db/wiki.go
index ca391c05..a7e27418 100644
--- a/models/wiki.go
+++ b/internal/db/wiki.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package models
+package db
 
 import (
 	"fmt"
@@ -17,8 +17,8 @@ import (
 
 	"github.com/gogs/git-module"
 
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/pkg/sync"
+	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/sync"
 )
 
 var wikiWorkingPool = sync.NewExclusivePool()
diff --git a/pkg/form/admin.go b/internal/form/admin.go
index c51d62ca..c51d62ca 100644
--- a/pkg/form/admin.go
+++ b/internal/form/admin.go
diff --git a/pkg/form/auth.go b/internal/form/auth.go
index 47ecc813..47ecc813 100644
--- a/pkg/form/auth.go
+++ b/internal/form/auth.go
diff --git a/pkg/form/form.go b/internal/form/form.go
index 4cd81fac..4cd81fac 100644
--- a/pkg/form/form.go
+++ b/internal/form/form.go
diff --git a/pkg/form/org.go b/internal/form/org.go
index 5c268c83..5c268c83 100644
--- a/pkg/form/org.go
+++ b/internal/form/org.go
diff --git a/pkg/form/repo.go b/internal/form/repo.go
index fa5505f2..d61bdbf1 100644
--- a/pkg/form/repo.go
+++ b/internal/form/repo.go
@@ -8,11 +8,11 @@ import (
 	"net/url"
 	"strings"
 
-	"github.com/unknwon/com"
 	"github.com/go-macaron/binding"
+	"github.com/unknwon/com"
 	"gopkg.in/macaron.v1"
 
-	"gogs.io/gogs/models"
+	"gogs.io/gogs/internal/db"
 )
 
 // _______________________________________    _________.______________________ _______________.___.
@@ -56,7 +56,7 @@ func (f *MigrateRepo) Validate(ctx *macaron.Context, errs binding.Errors) bindin
 // and returns composed URL with needed username and password.
 // It also checks if given user has permission when remote address
 // is actually a local path.
-func (f MigrateRepo) ParseRemoteAddr(user *models.User) (string, error) {
+func (f MigrateRepo) ParseRemoteAddr(user *db.User) (string, error) {
 	remoteAddr := strings.TrimSpace(f.CloneAddr)
 
 	// Remote address can be HTTP/HTTPS/Git URL or local path.
@@ -65,16 +65,16 @@ func (f MigrateRepo) ParseRemoteAddr(user *models.User) (string, error) {
 		strings.HasPrefix(remoteAddr, "git://") {
 		u, err := url.Parse(remoteAddr)
 		if err != nil {
-			return "", models.ErrInvalidCloneAddr{IsURLError: true}
+			return "", db.ErrInvalidCloneAddr{IsURLError: true}
 		}
 		if len(f.AuthUsername)+len(f.AuthPassword) > 0 {
 			u.User = url.UserPassword(f.AuthUsername, f.AuthPassword)
 		}
 		remoteAddr = u.String()
 	} else if !user.CanImportLocal() {
-		return "", models.ErrInvalidCloneAddr{IsPermissionDenied: true}
+		return "", db.ErrInvalidCloneAddr{IsPermissionDenied: true}
 	} else if !com.IsDir(remoteAddr) {
-		return "", models.ErrInvalidCloneAddr{IsInvalidPath: true}
+		return "", db.ErrInvalidCloneAddr{IsInvalidPath: true}
 	}
 
 	return remoteAddr, nil
diff --git a/pkg/form/user.go b/internal/form/user.go
index ffc7dda4..ffc7dda4 100644
--- a/pkg/form/user.go
+++ b/internal/form/user.go
diff --git a/pkg/httplib/httplib.go b/internal/httplib/httplib.go
index 55b17d93..55b17d93 100644
--- a/pkg/httplib/httplib.go
+++ b/internal/httplib/httplib.go
diff --git a/pkg/mailer/mail.go b/internal/mailer/mail.go
index 49f4b3b1..2022e240 100644
--- a/pkg/mailer/mail.go
+++ b/internal/mailer/mail.go
@@ -12,8 +12,8 @@ import (
 	"gopkg.in/gomail.v2"
 	"gopkg.in/macaron.v1"
 
-	"gogs.io/gogs/pkg/markup"
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/markup"
+	"gogs.io/gogs/internal/setting"
 )
 
 const (
diff --git a/pkg/mailer/mailer.go b/internal/mailer/mailer.go
index f56a7a20..88315138 100644
--- a/pkg/mailer/mailer.go
+++ b/internal/mailer/mailer.go
@@ -18,7 +18,7 @@ import (
 	log "gopkg.in/clog.v1"
 	"gopkg.in/gomail.v2"
 
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/setting"
 )
 
 type Message struct {
@@ -52,7 +52,7 @@ func NewMessageFrom(to []string, from, subject, htmlBody string) *Message {
 	}
 	msg.SetBody(contentType, body)
 	if switchedToPlaintext && setting.MailService.AddPlainTextAlt && !setting.MailService.UsePlainText {
-		// The AddAlternative method name is confusing - adding html as an "alternative" will actually cause mail 
+		// The AddAlternative method name is confusing - adding html as an "alternative" will actually cause mail
 		// clients to show it as first priority, and the text "main body" is the 2nd priority fallback.
 		// See: https://godoc.org/gopkg.in/gomail.v2#Message.AddAlternative
 		msg.AddAlternative("text/html", htmlBody)
diff --git a/pkg/markup/markdown.go b/internal/markup/markdown.go
index 236c7337..db581a71 100644
--- a/pkg/markup/markdown.go
+++ b/internal/markup/markdown.go
@@ -14,8 +14,8 @@ import (
 
 	"github.com/russross/blackfriday"
 
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/pkg/tool"
+	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/tool"
 )
 
 // IsMarkdownFile reports whether name looks like a Markdown file based on its extension.
diff --git a/pkg/markup/markdown_test.go b/internal/markup/markdown_test.go
index 5acdddc8..e748adc7 100644
--- a/pkg/markup/markdown_test.go
+++ b/internal/markup/markdown_test.go
@@ -12,8 +12,8 @@ import (
 	"github.com/russross/blackfriday"
 	. "github.com/smartystreets/goconvey/convey"
 
-	. "gogs.io/gogs/pkg/markup"
-	"gogs.io/gogs/pkg/setting"
+	. "gogs.io/gogs/internal/markup"
+	"gogs.io/gogs/internal/setting"
 )
 
 func Test_IsMarkdownFile(t *testing.T) {
diff --git a/pkg/markup/markup.go b/internal/markup/markup.go
index a70d4b2a..e09a0ba6 100644
--- a/pkg/markup/markup.go
+++ b/internal/markup/markup.go
@@ -14,8 +14,8 @@ import (
 	"github.com/unknwon/com"
 	"golang.org/x/net/html"
 
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/pkg/tool"
+	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/tool"
 )
 
 // IsReadmeFile reports whether name looks like a README file based on its extension.
diff --git a/pkg/markup/markup_test.go b/internal/markup/markup_test.go
index fbf28bf0..0e3beb76 100644
--- a/pkg/markup/markup_test.go
+++ b/internal/markup/markup_test.go
@@ -10,8 +10,8 @@ import (
 
 	. "github.com/smartystreets/goconvey/convey"
 
-	. "gogs.io/gogs/pkg/markup"
-	"gogs.io/gogs/pkg/setting"
+	. "gogs.io/gogs/internal/markup"
+	"gogs.io/gogs/internal/setting"
 )
 
 func Test_IsReadmeFile(t *testing.T) {
diff --git a/pkg/markup/orgmode.go b/internal/markup/orgmode.go
index 6fe1240a..6fe1240a 100644
--- a/pkg/markup/orgmode.go
+++ b/internal/markup/orgmode.go
diff --git a/pkg/markup/sanitizer.go b/internal/markup/sanitizer.go
index bc6c0a77..e8d76b23 100644
--- a/pkg/markup/sanitizer.go
+++ b/internal/markup/sanitizer.go
@@ -10,7 +10,7 @@ import (
 
 	"github.com/microcosm-cc/bluemonday"
 
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/setting"
 )
 
 // Sanitizer is a protection wrapper of *bluemonday.Policy which does not allow
diff --git a/pkg/markup/sanitizer_test.go b/internal/markup/sanitizer_test.go
index 1e394512..06b10822 100644
--- a/pkg/markup/sanitizer_test.go
+++ b/internal/markup/sanitizer_test.go
@@ -9,7 +9,7 @@ import (
 
 	. "github.com/smartystreets/goconvey/convey"
 
-	. "gogs.io/gogs/pkg/markup"
+	. "gogs.io/gogs/internal/markup"
 )
 
 func Test_Sanitizer(t *testing.T) {
diff --git a/pkg/process/manager.go b/internal/process/manager.go
index babfceed..babfceed 100644
--- a/pkg/process/manager.go
+++ b/internal/process/manager.go
diff --git a/routes/admin/admin.go b/internal/route/admin/admin.go
index 653c9fdf..357d2f78 100644
--- a/routes/admin/admin.go
+++ b/internal/route/admin/admin.go
@@ -10,17 +10,17 @@ import (
 	"strings"
 	"time"
 
-	"github.com/unknwon/com"
 	"github.com/json-iterator/go"
+	"github.com/unknwon/com"
 	"gopkg.in/macaron.v1"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/cron"
-	"gogs.io/gogs/pkg/mailer"
-	"gogs.io/gogs/pkg/process"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/pkg/tool"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/cron"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/mailer"
+	"gogs.io/gogs/internal/process"
+	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/tool"
 )
 
 const (
@@ -139,25 +139,25 @@ func Dashboard(c *context.Context) {
 		switch AdminOperation(op) {
 		case CLEAN_INACTIVATE_USER:
 			success = c.Tr("admin.dashboard.delete_inactivate_accounts_success")
-			err = models.DeleteInactivateUsers()
+			err = db.DeleteInactivateUsers()
 		case CLEAN_REPO_ARCHIVES:
 			success = c.Tr("admin.dashboard.delete_repo_archives_success")
-			err = models.DeleteRepositoryArchives()
+			err = db.DeleteRepositoryArchives()
 		case CLEAN_MISSING_REPOS:
 			success = c.Tr("admin.dashboard.delete_missing_repos_success")
-			err = models.DeleteMissingRepositories()
+			err = db.DeleteMissingRepositories()
 		case GIT_GC_REPOS:
 			success = c.Tr("admin.dashboard.git_gc_repos_success")
-			err = models.GitGcRepos()
+			err = db.GitGcRepos()
 		case SYNC_SSH_AUTHORIZED_KEY:
 			success = c.Tr("admin.dashboard.resync_all_sshkeys_success")
-			err = models.RewriteAuthorizedKeys()
+			err = db.RewriteAuthorizedKeys()
 		case SYNC_REPOSITORY_HOOKS:
 			success = c.Tr("admin.dashboard.resync_all_hooks_success")
-			err = models.SyncRepositoryHooks()
+			err = db.SyncRepositoryHooks()
 		case REINIT_MISSING_REPOSITORY:
 			success = c.Tr("admin.dashboard.reinit_missing_repos_success")
-			err = models.ReinitMissingRepositories()
+			err = db.ReinitMissingRepositories()
 		}
 
 		if err != nil {
@@ -169,7 +169,7 @@ func Dashboard(c *context.Context) {
 		return
 	}
 
-	c.Data["Stats"] = models.GetStatistic()
+	c.Data["Stats"] = db.GetStatistic()
 	// FIXME: update periodically
 	updateSystemStatus()
 	c.Data["SysStatus"] = sysStatus
@@ -210,7 +210,7 @@ func Config(c *context.Context) {
 	c.Data["Repository"] = setting.Repository
 	c.Data["HTTP"] = setting.HTTP
 
-	c.Data["DbCfg"] = models.DbCfg
+	c.Data["DbCfg"] = db.DbCfg
 	c.Data["Service"] = setting.Service
 	c.Data["Webhook"] = setting.Webhook
 
diff --git a/routes/admin/auths.go b/internal/route/admin/auths.go
index 36cdebf5..67221542 100644
--- a/routes/admin/auths.go
+++ b/internal/route/admin/auths.go
@@ -10,14 +10,14 @@ import (
 	"strings"
 
 	"github.com/unknwon/com"
-	"xorm.io/core"
 	log "gopkg.in/clog.v1"
+	"xorm.io/core"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/pkg/auth/ldap"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/form"
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/auth/ldap"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/form"
+	"gogs.io/gogs/internal/setting"
 )
 
 const (
@@ -32,13 +32,13 @@ func Authentications(c *context.Context) {
 	c.PageIs("AdminAuthentications")
 
 	var err error
-	c.Data["Sources"], err = models.LoginSources()
+	c.Data["Sources"], err = db.LoginSources()
 	if err != nil {
 		c.ServerError("LoginSources", err)
 		return
 	}
 
-	c.Data["Total"] = models.CountLoginSources()
+	c.Data["Total"] = db.CountLoginSources()
 	c.Success(AUTHS)
 }
 
@@ -49,16 +49,16 @@ type dropdownItem struct {
 
 var (
 	authSources = []dropdownItem{
-		{models.LoginNames[models.LOGIN_LDAP], models.LOGIN_LDAP},
-		{models.LoginNames[models.LOGIN_DLDAP], models.LOGIN_DLDAP},
-		{models.LoginNames[models.LOGIN_SMTP], models.LOGIN_SMTP},
-		{models.LoginNames[models.LOGIN_PAM], models.LOGIN_PAM},
-		{models.LoginNames[models.LOGIN_GITHUB], models.LOGIN_GITHUB},
+		{db.LoginNames[db.LOGIN_LDAP], db.LOGIN_LDAP},
+		{db.LoginNames[db.LOGIN_DLDAP], db.LOGIN_DLDAP},
+		{db.LoginNames[db.LOGIN_SMTP], db.LOGIN_SMTP},
+		{db.LoginNames[db.LOGIN_PAM], db.LOGIN_PAM},
+		{db.LoginNames[db.LOGIN_GITHUB], db.LOGIN_GITHUB},
 	}
 	securityProtocols = []dropdownItem{
-		{models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_UNENCRYPTED], ldap.SECURITY_PROTOCOL_UNENCRYPTED},
-		{models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_LDAPS], ldap.SECURITY_PROTOCOL_LDAPS},
-		{models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_START_TLS], ldap.SECURITY_PROTOCOL_START_TLS},
+		{db.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_UNENCRYPTED], ldap.SECURITY_PROTOCOL_UNENCRYPTED},
+		{db.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_LDAPS], ldap.SECURITY_PROTOCOL_LDAPS},
+		{db.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_START_TLS], ldap.SECURITY_PROTOCOL_START_TLS},
 	}
 )
 
@@ -67,20 +67,20 @@ func NewAuthSource(c *context.Context) {
 	c.PageIs("Admin")
 	c.PageIs("AdminAuthentications")
 
-	c.Data["type"] = models.LOGIN_LDAP
-	c.Data["CurrentTypeName"] = models.LoginNames[models.LOGIN_LDAP]
-	c.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_UNENCRYPTED]
+	c.Data["type"] = db.LOGIN_LDAP
+	c.Data["CurrentTypeName"] = db.LoginNames[db.LOGIN_LDAP]
+	c.Data["CurrentSecurityProtocol"] = db.SecurityProtocolNames[ldap.SECURITY_PROTOCOL_UNENCRYPTED]
 	c.Data["smtp_auth"] = "PLAIN"
 	c.Data["is_active"] = true
 	c.Data["is_default"] = true
 	c.Data["AuthSources"] = authSources
 	c.Data["SecurityProtocols"] = securityProtocols
-	c.Data["SMTPAuths"] = models.SMTPAuths
+	c.Data["SMTPAuths"] = db.SMTPAuths
 	c.Success(AUTH_NEW)
 }
 
-func parseLDAPConfig(f form.Authentication) *models.LDAPConfig {
-	return &models.LDAPConfig{
+func parseLDAPConfig(f form.Authentication) *db.LDAPConfig {
+	return &db.LDAPConfig{
 		Source: &ldap.Source{
 			Host:              f.Host,
 			Port:              f.Port,
@@ -106,8 +106,8 @@ func parseLDAPConfig(f form.Authentication) *models.LDAPConfig {
 	}
 }
 
-func parseSMTPConfig(f form.Authentication) *models.SMTPConfig {
-	return &models.SMTPConfig{
+func parseSMTPConfig(f form.Authentication) *db.SMTPConfig {
+	return &db.SMTPConfig{
 		Auth:           f.SMTPAuth,
 		Host:           f.SMTPHost,
 		Port:           f.SMTPPort,
@@ -122,27 +122,27 @@ func NewAuthSourcePost(c *context.Context, f form.Authentication) {
 	c.PageIs("Admin")
 	c.PageIs("AdminAuthentications")
 
-	c.Data["CurrentTypeName"] = models.LoginNames[models.LoginType(f.Type)]
-	c.Data["CurrentSecurityProtocol"] = models.SecurityProtocolNames[ldap.SecurityProtocol(f.SecurityProtocol)]
+	c.Data["CurrentTypeName"] = db.LoginNames[db.LoginType(f.Type)]
+	c.Data["CurrentSecurityProtocol"] = db.SecurityProtocolNames[ldap.SecurityProtocol(f.SecurityProtocol)]
 	c.Data["AuthSources"] = authSources
 	c.Data["SecurityProtocols"] = securityProtocols
-	c.Data["SMTPAuths"] = models.SMTPAuths
+	c.Data["SMTPAuths"] = db.SMTPAuths
 
 	hasTLS := false
 	var config core.Conversion
-	switch models.LoginType(f.Type) {
-	case models.LOGIN_LDAP, models.LOGIN_DLDAP:
+	switch db.LoginType(f.Type) {
+	case db.LOGIN_LDAP, db.LOGIN_DLDAP:
 		config = parseLDAPConfig(f)
 		hasTLS = ldap.SecurityProtocol(f.SecurityProtocol) > ldap.SECURITY_PROTOCOL_UNENCRYPTED
-	case models.LOGIN_SMTP:
+	case db.LOGIN_SMTP:
 		config = parseSMTPConfig(f)
 		hasTLS = true
-	case models.LOGIN_PAM:
-		config = &models.PAMConfig{
+	case db.LOGIN_PAM:
+		config = &db.PAMConfig{
 			ServiceName: f.PAMServiceName,
 		}
-	case models.LOGIN_GITHUB:
-		config = &models.GitHubConfig{
+	case db.LOGIN_GITHUB:
+		config = &db.GitHubConfig{
 			APIEndpoint: strings.TrimSuffix(f.GitHubAPIEndpoint, "/") + "/",
 		}
 	default:
@@ -156,16 +156,16 @@ func NewAuthSourcePost(c *context.Context, f form.Authentication) {
 		return
 	}
 
-	if err := models.CreateLoginSource(&models.LoginSource{
-		Type:      models.LoginType(f.Type),
+	if err := db.CreateLoginSource(&db.LoginSource{
+		Type:      db.LoginType(f.Type),
 		Name:      f.Name,
 		IsActived: f.IsActive,
 		IsDefault: f.IsDefault,
 		Cfg:       config,
 	}); err != nil {
-		if models.IsErrLoginSourceAlreadyExist(err) {
+		if db.IsErrLoginSourceAlreadyExist(err) {
 			c.FormErr("Name")
-			c.RenderWithErr(c.Tr("admin.auths.login_source_exist", err.(models.ErrLoginSourceAlreadyExist).Name), AUTH_NEW, f)
+			c.RenderWithErr(c.Tr("admin.auths.login_source_exist", err.(db.ErrLoginSourceAlreadyExist).Name), AUTH_NEW, f)
 		} else {
 			c.ServerError("CreateSource", err)
 		}
@@ -184,9 +184,9 @@ func EditAuthSource(c *context.Context) {
 	c.PageIs("AdminAuthentications")
 
 	c.Data["SecurityProtocols"] = securityProtocols
-	c.Data["SMTPAuths"] = models.SMTPAuths
+	c.Data["SMTPAuths"] = db.SMTPAuths
 
-	source, err := models.GetLoginSourceByID(c.ParamsInt64(":authid"))
+	source, err := db.GetLoginSourceByID(c.ParamsInt64(":authid"))
 	if err != nil {
 		c.ServerError("GetLoginSourceByID", err)
 		return
@@ -202,9 +202,9 @@ func EditAuthSourcePost(c *context.Context, f form.Authentication) {
 	c.PageIs("Admin")
 	c.PageIs("AdminAuthentications")
 
-	c.Data["SMTPAuths"] = models.SMTPAuths
+	c.Data["SMTPAuths"] = db.SMTPAuths
 
-	source, err := models.GetLoginSourceByID(c.ParamsInt64(":authid"))
+	source, err := db.GetLoginSourceByID(c.ParamsInt64(":authid"))
 	if err != nil {
 		c.ServerError("GetLoginSourceByID", err)
 		return
@@ -218,17 +218,17 @@ func EditAuthSourcePost(c *context.Context, f form.Authentication) {
 	}
 
 	var config core.Conversion
-	switch models.LoginType(f.Type) {
-	case models.LOGIN_LDAP, models.LOGIN_DLDAP:
+	switch db.LoginType(f.Type) {
+	case db.LOGIN_LDAP, db.LOGIN_DLDAP:
 		config = parseLDAPConfig(f)
-	case models.LOGIN_SMTP:
+	case db.LOGIN_SMTP:
 		config = parseSMTPConfig(f)
-	case models.LOGIN_PAM:
-		config = &models.PAMConfig{
+	case db.LOGIN_PAM:
+		config = &db.PAMConfig{
 			ServiceName: f.PAMServiceName,
 		}
-	case models.LOGIN_GITHUB:
-		config = &models.GitHubConfig{
+	case db.LOGIN_GITHUB:
+		config = &db.GitHubConfig{
 			APIEndpoint: strings.TrimSuffix(f.GitHubAPIEndpoint, "/") + "/",
 		}
 	default:
@@ -240,7 +240,7 @@ func EditAuthSourcePost(c *context.Context, f form.Authentication) {
 	source.IsActived = f.IsActive
 	source.IsDefault = f.IsDefault
 	source.Cfg = config
-	if err := models.UpdateLoginSource(source); err != nil {
+	if err := db.UpdateLoginSource(source); err != nil {
 		c.ServerError("UpdateLoginSource", err)
 		return
 	}
@@ -252,14 +252,14 @@ func EditAuthSourcePost(c *context.Context, f form.Authentication) {
 }
 
 func DeleteAuthSource(c *context.Context) {
-	source, err := models.GetLoginSourceByID(c.ParamsInt64(":authid"))
+	source, err := db.GetLoginSourceByID(c.ParamsInt64(":authid"))
 	if err != nil {
 		c.ServerError("GetLoginSourceByID", err)
 		return
 	}
 
-	if err = models.DeleteSource(source); err != nil {
-		if models.IsErrLoginSourceInUse(err) {
+	if err = db.DeleteSource(source); err != nil {
+		if db.IsErrLoginSourceInUse(err) {
 			c.Flash.Error(c.Tr("admin.auths.still_in_used"))
 		} else {
 			c.Flash.Error(fmt.Sprintf("DeleteSource: %v", err))
diff --git a/routes/admin/notice.go b/internal/route/admin/notice.go
index 084b4eb1..9a2514ca 100644
--- a/routes/admin/notice.go
+++ b/internal/route/admin/notice.go
@@ -9,9 +9,9 @@ import (
 	"github.com/unknwon/paginater"
 	log "gopkg.in/clog.v1"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/setting"
 )
 
 const (
@@ -23,14 +23,14 @@ func Notices(c *context.Context) {
 	c.Data["PageIsAdmin"] = true
 	c.Data["PageIsAdminNotices"] = true
 
-	total := models.CountNotices()
+	total := db.CountNotices()
 	page := c.QueryInt("page")
 	if page <= 1 {
 		page = 1
 	}
 	c.Data["Page"] = paginater.New(int(total), setting.UI.Admin.NoticePagingNum, page, 5)
 
-	notices, err := models.Notices(page, setting.UI.Admin.NoticePagingNum)
+	notices, err := db.Notices(page, setting.UI.Admin.NoticePagingNum)
 	if err != nil {
 		c.Handle(500, "Notices", err)
 		return
@@ -51,7 +51,7 @@ func DeleteNotices(c *context.Context) {
 		}
 	}
 
-	if err := models.DeleteNoticesByIDs(ids); err != nil {
+	if err := db.DeleteNoticesByIDs(ids); err != nil {
 		c.Flash.Error("DeleteNoticesByIDs: " + err.Error())
 		c.Status(500)
 	} else {
@@ -61,7 +61,7 @@ func DeleteNotices(c *context.Context) {
 }
 
 func EmptyNotices(c *context.Context) {
-	if err := models.DeleteNotices(0, 0); err != nil {
+	if err := db.DeleteNotices(0, 0); err != nil {
 		c.Handle(500, "DeleteNotices", err)
 		return
 	}
diff --git a/routes/admin/orgs.go b/internal/route/admin/orgs.go
index a5b2a2fb..e051a00e 100644
--- a/routes/admin/orgs.go
+++ b/internal/route/admin/orgs.go
@@ -5,10 +5,10 @@
 package admin
 
 import (
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/routes"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/route"
+	"gogs.io/gogs/internal/setting"
 )
 
 const (
@@ -20,10 +20,10 @@ func Organizations(c *context.Context) {
 	c.Data["PageIsAdmin"] = true
 	c.Data["PageIsAdminOrganizations"] = true
 
-	routes.RenderUserSearch(c, &routes.UserSearchOptions{
-		Type:     models.USER_TYPE_ORGANIZATION,
-		Counter:  models.CountOrganizations,
-		Ranger:   models.Organizations,
+	route.RenderUserSearch(c, &route.UserSearchOptions{
+		Type:     db.USER_TYPE_ORGANIZATION,
+		Counter:  db.CountOrganizations,
+		Ranger:   db.Organizations,
 		PageSize: setting.UI.Admin.OrgPagingNum,
 		OrderBy:  "id ASC",
 		TplName:  ORGS,
diff --git a/routes/admin/repos.go b/internal/route/admin/repos.go
index 84e20dd8..c5f3469d 100644
--- a/routes/admin/repos.go
+++ b/internal/route/admin/repos.go
@@ -8,9 +8,9 @@ import (
 	"github.com/unknwon/paginater"
 	log "gopkg.in/clog.v1"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/setting"
 )
 
 const (
@@ -28,21 +28,21 @@ func Repos(c *context.Context) {
 	}
 
 	var (
-		repos []*models.Repository
+		repos []*db.Repository
 		count int64
 		err   error
 	)
 
 	keyword := c.Query("q")
 	if len(keyword) == 0 {
-		repos, err = models.Repositories(page, setting.UI.Admin.RepoPagingNum)
+		repos, err = db.Repositories(page, setting.UI.Admin.RepoPagingNum)
 		if err != nil {
 			c.Handle(500, "Repositories", err)
 			return
 		}
-		count = models.CountRepositories(true)
+		count = db.CountRepositories(true)
 	} else {
-		repos, count, err = models.SearchRepositoryByName(&models.SearchRepoOptions{
+		repos, count, err = db.SearchRepositoryByName(&db.SearchRepoOptions{
 			Keyword:  keyword,
 			OrderBy:  "id ASC",
 			Private:  true,
@@ -58,7 +58,7 @@ func Repos(c *context.Context) {
 	c.Data["Total"] = count
 	c.Data["Page"] = paginater.New(int(count), setting.UI.Admin.RepoPagingNum, page, 5)
 
-	if err = models.RepositoryList(repos).LoadAttributes(); err != nil {
+	if err = db.RepositoryList(repos).LoadAttributes(); err != nil {
 		c.Handle(500, "LoadAttributes", err)
 		return
 	}
@@ -68,13 +68,13 @@ func Repos(c *context.Context) {
 }
 
 func DeleteRepo(c *context.Context) {
-	repo, err := models.GetRepositoryByID(c.QueryInt64("id"))
+	repo, err := db.GetRepositoryByID(c.QueryInt64("id"))
 	if err != nil {
 		c.Handle(500, "GetRepositoryByID", err)
 		return
 	}
 
-	if err := models.DeleteRepository(repo.MustOwner().ID, repo.ID); err != nil {
+	if err := db.DeleteRepository(repo.MustOwner().ID, repo.ID); err != nil {
 		c.Handle(500, "DeleteRepository", err)
 		return
 	}
diff --git a/routes/admin/users.go b/internal/route/admin/users.go
index 5ad5036c..ff241463 100644
--- a/routes/admin/users.go
+++ b/internal/route/admin/users.go
@@ -10,12 +10,12 @@ import (
 	"github.com/unknwon/com"
 	log "gopkg.in/clog.v1"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/form"
-	"gogs.io/gogs/pkg/mailer"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/routes"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/form"
+	"gogs.io/gogs/internal/mailer"
+	"gogs.io/gogs/internal/route"
+	"gogs.io/gogs/internal/setting"
 )
 
 const (
@@ -29,10 +29,10 @@ func Users(c *context.Context) {
 	c.Data["PageIsAdmin"] = true
 	c.Data["PageIsAdminUsers"] = true
 
-	routes.RenderUserSearch(c, &routes.UserSearchOptions{
-		Type:     models.USER_TYPE_INDIVIDUAL,
-		Counter:  models.CountUsers,
-		Ranger:   models.Users,
+	route.RenderUserSearch(c, &route.UserSearchOptions{
+		Type:     db.USER_TYPE_INDIVIDUAL,
+		Counter:  db.CountUsers,
+		Ranger:   db.Users,
 		PageSize: setting.UI.Admin.UserPagingNum,
 		OrderBy:  "id ASC",
 		TplName:  USERS,
@@ -46,7 +46,7 @@ func NewUser(c *context.Context) {
 
 	c.Data["login_type"] = "0-0"
 
-	sources, err := models.LoginSources()
+	sources, err := db.LoginSources()
 	if err != nil {
 		c.Handle(500, "LoginSources", err)
 		return
@@ -62,7 +62,7 @@ func NewUserPost(c *context.Context, f form.AdminCrateUser) {
 	c.Data["PageIsAdmin"] = true
 	c.Data["PageIsAdminUsers"] = true
 
-	sources, err := models.LoginSources()
+	sources, err := db.LoginSources()
 	if err != nil {
 		c.Handle(500, "LoginSources", err)
 		return
@@ -76,37 +76,37 @@ func NewUserPost(c *context.Context, f form.AdminCrateUser) {
 		return
 	}
 
-	u := &models.User{
+	u := &db.User{
 		Name:      f.UserName,
 		Email:     f.Email,
 		Passwd:    f.Password,
 		IsActive:  true,
-		LoginType: models.LOGIN_PLAIN,
+		LoginType: db.LOGIN_PLAIN,
 	}
 
 	if len(f.LoginType) > 0 {
 		fields := strings.Split(f.LoginType, "-")
 		if len(fields) == 2 {
-			u.LoginType = models.LoginType(com.StrTo(fields[0]).MustInt())
+			u.LoginType = db.LoginType(com.StrTo(fields[0]).MustInt())
 			u.LoginSource = com.StrTo(fields[1]).MustInt64()
 			u.LoginName = f.LoginName
 		}
 	}
 
-	if err := models.CreateUser(u); err != nil {
+	if err := db.CreateUser(u); err != nil {
 		switch {
-		case models.IsErrUserAlreadyExist(err):
+		case db.IsErrUserAlreadyExist(err):
 			c.Data["Err_UserName"] = true
 			c.RenderWithErr(c.Tr("form.username_been_taken"), USER_NEW, &f)
-		case models.IsErrEmailAlreadyUsed(err):
+		case db.IsErrEmailAlreadyUsed(err):
 			c.Data["Err_Email"] = true
 			c.RenderWithErr(c.Tr("form.email_been_used"), USER_NEW, &f)
-		case models.IsErrNameReserved(err):
+		case db.IsErrNameReserved(err):
 			c.Data["Err_UserName"] = true
-			c.RenderWithErr(c.Tr("user.form.name_reserved", err.(models.ErrNameReserved).Name), USER_NEW, &f)
-		case models.IsErrNamePatternNotAllowed(err):
+			c.RenderWithErr(c.Tr("user.form.name_reserved", err.(db.ErrNameReserved).Name), USER_NEW, &f)
+		case db.IsErrNamePatternNotAllowed(err):
 			c.Data["Err_UserName"] = true
-			c.RenderWithErr(c.Tr("user.form.name_pattern_not_allowed", err.(models.ErrNamePatternNotAllowed).Pattern), USER_NEW, &f)
+			c.RenderWithErr(c.Tr("user.form.name_pattern_not_allowed", err.(db.ErrNamePatternNotAllowed).Pattern), USER_NEW, &f)
 		default:
 			c.Handle(500, "CreateUser", err)
 		}
@@ -116,15 +116,15 @@ func NewUserPost(c *context.Context, f form.AdminCrateUser) {
 
 	// Send email notification.
 	if f.SendNotify && setting.MailService != nil {
-		mailer.SendRegisterNotifyMail(c.Context, models.NewMailerUser(u))
+		mailer.SendRegisterNotifyMail(c.Context, db.NewMailerUser(u))
 	}
 
 	c.Flash.Success(c.Tr("admin.users.new_success", u.Name))
 	c.Redirect(setting.AppSubURL + "/admin/users/" + com.ToStr(u.ID))
 }
 
-func prepareUserInfo(c *context.Context) *models.User {
-	u, err := models.GetUserByID(c.ParamsInt64(":userid"))
+func prepareUserInfo(c *context.Context) *db.User {
+	u, err := db.GetUserByID(c.ParamsInt64(":userid"))
 	if err != nil {
 		c.Handle(500, "GetUserByID", err)
 		return nil
@@ -132,16 +132,16 @@ func prepareUserInfo(c *context.Context) *models.User {
 	c.Data["User"] = u
 
 	if u.LoginSource > 0 {
-		c.Data["LoginSource"], err = models.GetLoginSourceByID(u.LoginSource)
+		c.Data["LoginSource"], err = db.GetLoginSourceByID(u.LoginSource)
 		if err != nil {
 			c.Handle(500, "GetLoginSourceByID", err)
 			return nil
 		}
 	} else {
-		c.Data["LoginSource"] = &models.LoginSource{}
+		c.Data["LoginSource"] = &db.LoginSource{}
 	}
 
-	sources, err := models.LoginSources()
+	sources, err := db.LoginSources()
 	if err != nil {
 		c.Handle(500, "LoginSources", err)
 		return nil
@@ -183,7 +183,7 @@ func EditUserPost(c *context.Context, f form.AdminEditUser) {
 
 	fields := strings.Split(f.LoginType, "-")
 	if len(fields) == 2 {
-		loginType := models.LoginType(com.StrTo(fields[0]).MustInt())
+		loginType := db.LoginType(com.StrTo(fields[0]).MustInt())
 		loginSource := com.StrTo(fields[1]).MustInt64()
 
 		if u.LoginSource != loginSource {
@@ -195,7 +195,7 @@ func EditUserPost(c *context.Context, f form.AdminEditUser) {
 	if len(f.Password) > 0 {
 		u.Passwd = f.Password
 		var err error
-		if u.Salt, err = models.GetUserSalt(); err != nil {
+		if u.Salt, err = db.GetUserSalt(); err != nil {
 			c.Handle(500, "UpdateUser", err)
 			return
 		}
@@ -214,8 +214,8 @@ func EditUserPost(c *context.Context, f form.AdminEditUser) {
 	u.AllowImportLocal = f.AllowImportLocal
 	u.ProhibitLogin = f.ProhibitLogin
 
-	if err := models.UpdateUser(u); err != nil {
-		if models.IsErrEmailAlreadyUsed(err) {
+	if err := db.UpdateUser(u); err != nil {
+		if db.IsErrEmailAlreadyUsed(err) {
 			c.Data["Err_Email"] = true
 			c.RenderWithErr(c.Tr("form.email_been_used"), USER_EDIT, &f)
 		} else {
@@ -230,20 +230,20 @@ func EditUserPost(c *context.Context, f form.AdminEditUser) {
 }
 
 func DeleteUser(c *context.Context) {
-	u, err := models.GetUserByID(c.ParamsInt64(":userid"))
+	u, err := db.GetUserByID(c.ParamsInt64(":userid"))
 	if err != nil {
 		c.Handle(500, "GetUserByID", err)
 		return
 	}
 
-	if err = models.DeleteUser(u); err != nil {
+	if err = db.DeleteUser(u); err != nil {
 		switch {
-		case models.IsErrUserOwnRepos(err):
+		case db.IsErrUserOwnRepos(err):
 			c.Flash.Error(c.Tr("admin.users.still_own_repo"))
 			c.JSON(200, map[string]interface{}{
 				"redirect": setting.AppSubURL + "/admin/users/" + c.Params(":userid"),
 			})
-		case models.IsErrUserHasOrgs(err):
+		case db.IsErrUserHasOrgs(err):
 			c.Flash.Error(c.Tr("admin.users.still_has_org"))
 			c.JSON(200, map[string]interface{}{
 				"redirect": setting.AppSubURL + "/admin/users/" + c.Params(":userid"),
diff --git a/routes/api/v1/admin/org.go b/internal/route/api/v1/admin/org.go
index 5f02288c..758f41e6 100644
--- a/routes/api/v1/admin/org.go
+++ b/internal/route/api/v1/admin/org.go
@@ -6,12 +6,12 @@ package admin
 
 import (
 	api "github.com/gogs/go-gogs-client"
+	org2 "gogs.io/gogs/internal/route/api/v1/org"
+	user2 "gogs.io/gogs/internal/route/api/v1/user"
 
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/routes/api/v1/org"
-	"gogs.io/gogs/routes/api/v1/user"
+	"gogs.io/gogs/internal/context"
 )
 
 func CreateOrg(c *context.APIContext, form api.CreateOrgOption) {
-	org.CreateOrgForUser(c, form, user.GetUserByParams(c))
+	org2.CreateOrgForUser(c, form, user2.GetUserByParams(c))
 }
diff --git a/routes/api/v1/admin/org_repo.go b/internal/route/api/v1/admin/org_repo.go
index afbb94ee..b17b1462 100644
--- a/routes/api/v1/admin/org_repo.go
+++ b/internal/route/api/v1/admin/org_repo.go
@@ -5,13 +5,13 @@
 package admin
 
 import (
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/context"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/db/errors"
 )
 
-func GetRepositoryByParams(c *context.APIContext) *models.Repository {
-	repo, err := models.GetRepositoryByName(c.Org.Team.OrgID, c.Params(":reponame"))
+func GetRepositoryByParams(c *context.APIContext) *db.Repository {
+	repo, err := db.GetRepositoryByName(c.Org.Team.OrgID, c.Params(":reponame"))
 	if err != nil {
 		c.NotFoundOrServerError("GetRepositoryByName", errors.IsRepoNotExist, err)
 		return nil
diff --git a/routes/api/v1/admin/org_team.go b/internal/route/api/v1/admin/org_team.go
index a055efcd..e81b6b1b 100644
--- a/routes/api/v1/admin/org_team.go
+++ b/internal/route/api/v1/admin/org_team.go
@@ -5,25 +5,25 @@
 package admin
 
 import (
+	convert2 "gogs.io/gogs/internal/route/api/v1/convert"
+	user2 "gogs.io/gogs/internal/route/api/v1/user"
 	"net/http"
 
 	api "github.com/gogs/go-gogs-client"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/routes/api/v1/convert"
-	"gogs.io/gogs/routes/api/v1/user"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
 )
 
 func CreateTeam(c *context.APIContext, form api.CreateTeamOption) {
-	team := &models.Team{
+	team := &db.Team{
 		OrgID:       c.Org.Organization.ID,
 		Name:        form.Name,
 		Description: form.Description,
-		Authorize:   models.ParseAccessMode(form.Permission),
+		Authorize:   db.ParseAccessMode(form.Permission),
 	}
-	if err := models.NewTeam(team); err != nil {
-		if models.IsErrTeamAlreadyExist(err) {
+	if err := db.NewTeam(team); err != nil {
+		if db.IsErrTeamAlreadyExist(err) {
 			c.Error(http.StatusUnprocessableEntity, "", err)
 		} else {
 			c.ServerError("NewTeam", err)
@@ -31,11 +31,11 @@ func CreateTeam(c *context.APIContext, form api.CreateTeamOption) {
 		return
 	}
 
-	c.JSON(http.StatusCreated, convert.ToTeam(team))
+	c.JSON(http.StatusCreated, convert2.ToTeam(team))
 }
 
 func AddTeamMember(c *context.APIContext) {
-	u := user.GetUserByParams(c)
+	u := user2.GetUserByParams(c)
 	if c.Written() {
 		return
 	}
@@ -48,7 +48,7 @@ func AddTeamMember(c *context.APIContext) {
 }
 
 func RemoveTeamMember(c *context.APIContext) {
-	u := user.GetUserByParams(c)
+	u := user2.GetUserByParams(c)
 	if c.Written() {
 		return
 	}
diff --git a/routes/api/v1/admin/repo.go b/internal/route/api/v1/admin/repo.go
index 3d364f05..68a26297 100644
--- a/routes/api/v1/admin/repo.go
+++ b/internal/route/api/v1/admin/repo.go
@@ -6,17 +6,17 @@ package admin
 
 import (
 	api "github.com/gogs/go-gogs-client"
+	repo2 "gogs.io/gogs/internal/route/api/v1/repo"
+	user2 "gogs.io/gogs/internal/route/api/v1/user"
 
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/routes/api/v1/repo"
-	"gogs.io/gogs/routes/api/v1/user"
+	"gogs.io/gogs/internal/context"
 )
 
 func CreateRepo(c *context.APIContext, form api.CreateRepoOption) {
-	owner := user.GetUserByParams(c)
+	owner := user2.GetUserByParams(c)
 	if c.Written() {
 		return
 	}
 
-	repo.CreateUserRepo(c, owner, form)
+	repo2.CreateUserRepo(c, owner, form)
 }
diff --git a/routes/api/v1/admin/user.go b/internal/route/api/v1/admin/user.go
index ee1472f3..5e291df2 100644
--- a/routes/api/v1/admin/user.go
+++ b/internal/route/api/v1/admin/user.go
@@ -5,26 +5,26 @@
 package admin
 
 import (
+	user2 "gogs.io/gogs/internal/route/api/v1/user"
 	"net/http"
 
 	log "gopkg.in/clog.v1"
 
 	api "github.com/gogs/go-gogs-client"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/mailer"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/routes/api/v1/user"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/mailer"
+	"gogs.io/gogs/internal/setting"
 )
 
-func parseLoginSource(c *context.APIContext, u *models.User, sourceID int64, loginName string) {
+func parseLoginSource(c *context.APIContext, u *db.User, sourceID int64, loginName string) {
 	if sourceID == 0 {
 		return
 	}
 
-	source, err := models.GetLoginSourceByID(sourceID)
+	source, err := db.GetLoginSourceByID(sourceID)
 	if err != nil {
 		if errors.IsLoginSourceNotExist(err) {
 			c.Error(http.StatusUnprocessableEntity, "", err)
@@ -40,13 +40,13 @@ func parseLoginSource(c *context.APIContext, u *models.User, sourceID int64, log
 }
 
 func CreateUser(c *context.APIContext, form api.CreateUserOption) {
-	u := &models.User{
+	u := &db.User{
 		Name:      form.Username,
 		FullName:  form.FullName,
 		Email:     form.Email,
 		Passwd:    form.Password,
 		IsActive:  true,
-		LoginType: models.LOGIN_PLAIN,
+		LoginType: db.LOGIN_PLAIN,
 	}
 
 	parseLoginSource(c, u, form.SourceID, form.LoginName)
@@ -54,11 +54,11 @@ func CreateUser(c *context.APIContext, form api.CreateUserOption) {
 		return
 	}
 
-	if err := models.CreateUser(u); err != nil {
-		if models.IsErrUserAlreadyExist(err) ||
-			models.IsErrEmailAlreadyUsed(err) ||
-			models.IsErrNameReserved(err) ||
-			models.IsErrNamePatternNotAllowed(err) {
+	if err := db.CreateUser(u); err != nil {
+		if db.IsErrUserAlreadyExist(err) ||
+			db.IsErrEmailAlreadyUsed(err) ||
+			db.IsErrNameReserved(err) ||
+			db.IsErrNamePatternNotAllowed(err) {
 			c.Error(http.StatusUnprocessableEntity, "", err)
 		} else {
 			c.ServerError("CreateUser", err)
@@ -69,14 +69,14 @@ func CreateUser(c *context.APIContext, form api.CreateUserOption) {
 
 	// Send email notification.
 	if form.SendNotify && setting.MailService != nil {
-		mailer.SendRegisterNotifyMail(c.Context.Context, models.NewMailerUser(u))
+		mailer.SendRegisterNotifyMail(c.Context.Context, db.NewMailerUser(u))
 	}
 
 	c.JSON(http.StatusCreated, u.APIFormat())
 }
 
 func EditUser(c *context.APIContext, form api.EditUserOption) {
-	u := user.GetUserByParams(c)
+	u := user2.GetUserByParams(c)
 	if c.Written() {
 		return
 	}
@@ -89,7 +89,7 @@ func EditUser(c *context.APIContext, form api.EditUserOption) {
 	if len(form.Password) > 0 {
 		u.Passwd = form.Password
 		var err error
-		if u.Salt, err = models.GetUserSalt(); err != nil {
+		if u.Salt, err = db.GetUserSalt(); err != nil {
 			c.ServerError("GetUserSalt", err)
 			return
 		}
@@ -117,8 +117,8 @@ func EditUser(c *context.APIContext, form api.EditUserOption) {
 		u.MaxRepoCreation = *form.MaxRepoCreation
 	}
 
-	if err := models.UpdateUser(u); err != nil {
-		if models.IsErrEmailAlreadyUsed(err) {
+	if err := db.UpdateUser(u); err != nil {
+		if db.IsErrEmailAlreadyUsed(err) {
 			c.Error(http.StatusUnprocessableEntity, "", err)
 		} else {
 			c.ServerError("UpdateUser", err)
@@ -131,14 +131,14 @@ func EditUser(c *context.APIContext, form api.EditUserOption) {
 }
 
 func DeleteUser(c *context.APIContext) {
-	u := user.GetUserByParams(c)
+	u := user2.GetUserByParams(c)
 	if c.Written() {
 		return
 	}
 
-	if err := models.DeleteUser(u); err != nil {
-		if models.IsErrUserOwnRepos(err) ||
-			models.IsErrUserHasOrgs(err) {
+	if err := db.DeleteUser(u); err != nil {
+		if db.IsErrUserOwnRepos(err) ||
+			db.IsErrUserHasOrgs(err) {
 			c.Error(http.StatusUnprocessableEntity, "", err)
 		} else {
 			c.ServerError("DeleteUser", err)
@@ -151,9 +151,9 @@ func DeleteUser(c *context.APIContext) {
 }
 
 func CreatePublicKey(c *context.APIContext, form api.CreateKeyOption) {
-	u := user.GetUserByParams(c)
+	u := user2.GetUserByParams(c)
 	if c.Written() {
 		return
 	}
-	user.CreateUserPublicKey(c, form, u.ID)
+	user2.CreateUserPublicKey(c, form, u.ID)
 }
diff --git a/routes/api/v1/api.go b/internal/route/api/v1/api.go
index 57ea3536..56e7bcd2 100644
--- a/routes/api/v1/api.go
+++ b/internal/route/api/v1/api.go
@@ -5,6 +5,11 @@
 package v1
 
 import (
+	admin2 "gogs.io/gogs/internal/route/api/v1/admin"
+	misc2 "gogs.io/gogs/internal/route/api/v1/misc"
+	org2 "gogs.io/gogs/internal/route/api/v1/org"
+	repo2 "gogs.io/gogs/internal/route/api/v1/repo"
+	user2 "gogs.io/gogs/internal/route/api/v1/user"
 	"net/http"
 	"strings"
 
@@ -13,15 +18,10 @@ import (
 
 	api "github.com/gogs/go-gogs-client"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/form"
-	"gogs.io/gogs/routes/api/v1/admin"
-	"gogs.io/gogs/routes/api/v1/misc"
-	"gogs.io/gogs/routes/api/v1/org"
-	"gogs.io/gogs/routes/api/v1/repo"
-	"gogs.io/gogs/routes/api/v1/user"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/form"
 )
 
 // repoAssignment extracts information from URL parameters to retrieve the repository,
@@ -32,13 +32,13 @@ func repoAssignment() macaron.Handler {
 		reponame := c.Params(":reponame")
 
 		var err error
-		var owner *models.User
+		var owner *db.User
 
 		// Check if the context user is the repository owner.
 		if c.IsLogged && c.User.LowerName == strings.ToLower(username) {
 			owner = c.User
 		} else {
-			owner, err = models.GetUserByName(username)
+			owner, err = db.GetUserByName(username)
 			if err != nil {
 				c.NotFoundOrServerError("GetUserByName", errors.IsUserNotExist, err)
 				return
@@ -46,7 +46,7 @@ func repoAssignment() macaron.Handler {
 		}
 		c.Repo.Owner = owner
 
-		r, err := models.GetRepositoryByName(owner.ID, reponame)
+		r, err := db.GetRepositoryByName(owner.ID, reponame)
 		if err != nil {
 			c.NotFoundOrServerError("GetRepositoryByName", errors.IsRepoNotExist, err)
 			return
@@ -56,9 +56,9 @@ func repoAssignment() macaron.Handler {
 		}
 
 		if c.IsTokenAuth && c.User.IsAdmin {
-			c.Repo.AccessMode = models.ACCESS_MODE_OWNER
+			c.Repo.AccessMode = db.ACCESS_MODE_OWNER
 		} else {
-			mode, err := models.UserAccessMode(c.UserID(), r)
+			mode, err := db.UserAccessMode(c.UserID(), r)
 			if err != nil {
 				c.ServerError("UserAccessMode", err)
 				return
@@ -92,7 +92,7 @@ func orgAssignment(args ...bool) macaron.Handler {
 
 		var err error
 		if assignOrg {
-			c.Org.Organization, err = models.GetUserByName(c.Params(":orgname"))
+			c.Org.Organization, err = db.GetUserByName(c.Params(":orgname"))
 			if err != nil {
 				c.NotFoundOrServerError("GetUserByName", errors.IsUserNotExist, err)
 				return
@@ -100,7 +100,7 @@ func orgAssignment(args ...bool) macaron.Handler {
 		}
 
 		if assignTeam {
-			c.Org.Team, err = models.GetTeamByID(c.ParamsInt64(":teamid"))
+			c.Org.Team, err = db.GetTeamByID(c.ParamsInt64(":teamid"))
 			if err != nil {
 				c.NotFoundOrServerError("GetTeamByID", errors.IsTeamNotExist, err)
 				return
@@ -166,7 +166,7 @@ func mustEnableIssues(c *context.APIContext) {
 	}
 }
 
-// RegisterRoutes registers all routes in API v1 to the web application.
+// RegisterRoutes registers all route in API v1 to the web application.
 // FIXME: custom form error response
 func RegisterRoutes(m *macaron.Macaron) {
 	bind := binding.Bind
@@ -176,225 +176,225 @@ func RegisterRoutes(m *macaron.Macaron) {
 		m.Options("/*", func() {})
 
 		// Miscellaneous
-		m.Post("/markdown", bind(api.MarkdownOption{}), misc.Markdown)
-		m.Post("/markdown/raw", misc.MarkdownRaw)
+		m.Post("/markdown", bind(api.MarkdownOption{}), misc2.Markdown)
+		m.Post("/markdown/raw", misc2.MarkdownRaw)
 
 		// Users
 		m.Group("/users", func() {
-			m.Get("/search", user.Search)
+			m.Get("/search", user2.Search)
 
 			m.Group("/:username", func() {
-				m.Get("", user.GetInfo)
+				m.Get("", user2.GetInfo)
 
 				m.Group("/tokens", func() {
 					m.Combo("").
-						Get(user.ListAccessTokens).
-						Post(bind(api.CreateAccessTokenOption{}), user.CreateAccessToken)
+						Get(user2.ListAccessTokens).
+						Post(bind(api.CreateAccessTokenOption{}), user2.CreateAccessToken)
 				}, reqBasicAuth())
 			})
 		})
 
 		m.Group("/users", func() {
 			m.Group("/:username", func() {
-				m.Get("/keys", user.ListPublicKeys)
+				m.Get("/keys", user2.ListPublicKeys)
 
-				m.Get("/followers", user.ListFollowers)
+				m.Get("/followers", user2.ListFollowers)
 				m.Group("/following", func() {
-					m.Get("", user.ListFollowing)
-					m.Get("/:target", user.CheckFollowing)
+					m.Get("", user2.ListFollowing)
+					m.Get("/:target", user2.CheckFollowing)
 				})
 			})
 		}, reqToken())
 
 		m.Group("/user", func() {
-			m.Get("", user.GetAuthenticatedUser)
+			m.Get("", user2.GetAuthenticatedUser)
 			m.Combo("/emails").
-				Get(user.ListEmails).
-				Post(bind(api.CreateEmailOption{}), user.AddEmail).
-				Delete(bind(api.CreateEmailOption{}), user.DeleteEmail)
+				Get(user2.ListEmails).
+				Post(bind(api.CreateEmailOption{}), user2.AddEmail).
+				Delete(bind(api.CreateEmailOption{}), user2.DeleteEmail)
 
-			m.Get("/followers", user.ListMyFollowers)
+			m.Get("/followers", user2.ListMyFollowers)
 			m.Group("/following", func() {
-				m.Get("", user.ListMyFollowing)
+				m.Get("", user2.ListMyFollowing)
 				m.Combo("/:username").
-					Get(user.CheckMyFollowing).
-					Put(user.Follow).
-					Delete(user.Unfollow)
+					Get(user2.CheckMyFollowing).
+					Put(user2.Follow).
+					Delete(user2.Unfollow)
 			})
 
 			m.Group("/keys", func() {
 				m.Combo("").
-					Get(user.ListMyPublicKeys).
-					Post(bind(api.CreateKeyOption{}), user.CreatePublicKey)
+					Get(user2.ListMyPublicKeys).
+					Post(bind(api.CreateKeyOption{}), user2.CreatePublicKey)
 				m.Combo("/:id").
-					Get(user.GetPublicKey).
-					Delete(user.DeletePublicKey)
+					Get(user2.GetPublicKey).
+					Delete(user2.DeletePublicKey)
 			})
 
-			m.Get("/issues", repo.ListUserIssues)
+			m.Get("/issues", repo2.ListUserIssues)
 		}, reqToken())
 
 		// Repositories
-		m.Get("/users/:username/repos", reqToken(), repo.ListUserRepositories)
-		m.Get("/orgs/:org/repos", reqToken(), repo.ListOrgRepositories)
+		m.Get("/users/:username/repos", reqToken(), repo2.ListUserRepositories)
+		m.Get("/orgs/:org/repos", reqToken(), repo2.ListOrgRepositories)
 		m.Combo("/user/repos", reqToken()).
-			Get(repo.ListMyRepos).
-			Post(bind(api.CreateRepoOption{}), repo.Create)
-		m.Post("/org/:org/repos", reqToken(), bind(api.CreateRepoOption{}), repo.CreateOrgRepo)
+			Get(repo2.ListMyRepos).
+			Post(bind(api.CreateRepoOption{}), repo2.Create)
+		m.Post("/org/:org/repos", reqToken(), bind(api.CreateRepoOption{}), repo2.CreateOrgRepo)
 
 		m.Group("/repos", func() {
-			m.Get("/search", repo.Search)
+			m.Get("/search", repo2.Search)
 
-			m.Get("/:username/:reponame", repoAssignment(), repo.Get)
+			m.Get("/:username/:reponame", repoAssignment(), repo2.Get)
 		})
 
 		m.Group("/repos", func() {
-			m.Post("/migrate", bind(form.MigrateRepo{}), repo.Migrate)
-			m.Delete("/:username/:reponame", repoAssignment(), repo.Delete)
+			m.Post("/migrate", bind(form.MigrateRepo{}), repo2.Migrate)
+			m.Delete("/:username/:reponame", repoAssignment(), repo2.Delete)
 
 			m.Group("/:username/:reponame", func() {
 				m.Group("/hooks", func() {
 					m.Combo("").
-						Get(repo.ListHooks).
-						Post(bind(api.CreateHookOption{}), repo.CreateHook)
+						Get(repo2.ListHooks).
+						Post(bind(api.CreateHookOption{}), repo2.CreateHook)
 					m.Combo("/:id").
-						Patch(bind(api.EditHookOption{}), repo.EditHook).
-						Delete(repo.DeleteHook)
+						Patch(bind(api.EditHookOption{}), repo2.EditHook).
+						Delete(repo2.DeleteHook)
 				}, reqRepoAdmin())
 
 				m.Group("/collaborators", func() {
-					m.Get("", repo.ListCollaborators)
+					m.Get("", repo2.ListCollaborators)
 					m.Combo("/:collaborator").
-						Get(repo.IsCollaborator).
-						Put(bind(api.AddCollaboratorOption{}), repo.AddCollaborator).
-						Delete(repo.DeleteCollaborator)
+						Get(repo2.IsCollaborator).
+						Put(bind(api.AddCollaboratorOption{}), repo2.AddCollaborator).
+						Delete(repo2.DeleteCollaborator)
 				}, reqRepoAdmin())
 
-				m.Get("/raw/*", context.RepoRef(), repo.GetRawFile)
-				m.Get("/archive/*", repo.GetArchive)
-				m.Get("/forks", repo.ListForks)
+				m.Get("/raw/*", context.RepoRef(), repo2.GetRawFile)
+				m.Get("/archive/*", repo2.GetArchive)
+				m.Get("/forks", repo2.ListForks)
 				m.Group("/branches", func() {
-					m.Get("", repo.ListBranches)
-					m.Get("/*", repo.GetBranch)
+					m.Get("", repo2.ListBranches)
+					m.Get("/*", repo2.GetBranch)
 				})
 				m.Group("/commits", func() {
-					m.Get("/:sha", repo.GetSingleCommit)
-					m.Get("/*", repo.GetReferenceSHA)
+					m.Get("/:sha", repo2.GetSingleCommit)
+					m.Get("/*", repo2.GetReferenceSHA)
 				})
 
 				m.Group("/keys", func() {
 					m.Combo("").
-						Get(repo.ListDeployKeys).
-						Post(bind(api.CreateKeyOption{}), repo.CreateDeployKey)
+						Get(repo2.ListDeployKeys).
+						Post(bind(api.CreateKeyOption{}), repo2.CreateDeployKey)
 					m.Combo("/:id").
-						Get(repo.GetDeployKey).
-						Delete(repo.DeleteDeploykey)
+						Get(repo2.GetDeployKey).
+						Delete(repo2.DeleteDeploykey)
 				}, reqRepoAdmin())
 
 				m.Group("/issues", func() {
 					m.Combo("").
-						Get(repo.ListIssues).
-						Post(bind(api.CreateIssueOption{}), repo.CreateIssue)
+						Get(repo2.ListIssues).
+						Post(bind(api.CreateIssueOption{}), repo2.CreateIssue)
 					m.Group("/comments", func() {
-						m.Get("", repo.ListRepoIssueComments)
-						m.Patch("/:id", bind(api.EditIssueCommentOption{}), repo.EditIssueComment)
+						m.Get("", repo2.ListRepoIssueComments)
+						m.Patch("/:id", bind(api.EditIssueCommentOption{}), repo2.EditIssueComment)
 					})
 					m.Group("/:index", func() {
 						m.Combo("").
-							Get(repo.GetIssue).
-							Patch(bind(api.EditIssueOption{}), repo.EditIssue)
+							Get(repo2.GetIssue).
+							Patch(bind(api.EditIssueOption{}), repo2.EditIssue)
 
 						m.Group("/comments", func() {
 							m.Combo("").
-								Get(repo.ListIssueComments).
-								Post(bind(api.CreateIssueCommentOption{}), repo.CreateIssueComment)
+								Get(repo2.ListIssueComments).
+								Post(bind(api.CreateIssueCommentOption{}), repo2.CreateIssueComment)
 							m.Combo("/:id").
-								Patch(bind(api.EditIssueCommentOption{}), repo.EditIssueComment).
-								Delete(repo.DeleteIssueComment)
+								Patch(bind(api.EditIssueCommentOption{}), repo2.EditIssueComment).
+								Delete(repo2.DeleteIssueComment)
 						})
 
-						m.Get("/labels", repo.ListIssueLabels)
+						m.Get("/labels", repo2.ListIssueLabels)
 						m.Group("/labels", func() {
 							m.Combo("").
-								Post(bind(api.IssueLabelsOption{}), repo.AddIssueLabels).
-								Put(bind(api.IssueLabelsOption{}), repo.ReplaceIssueLabels).
-								Delete(repo.ClearIssueLabels)
-							m.Delete("/:id", repo.DeleteIssueLabel)
+								Post(bind(api.IssueLabelsOption{}), repo2.AddIssueLabels).
+								Put(bind(api.IssueLabelsOption{}), repo2.ReplaceIssueLabels).
+								Delete(repo2.ClearIssueLabels)
+							m.Delete("/:id", repo2.DeleteIssueLabel)
 						}, reqRepoWriter())
 					})
 				}, mustEnableIssues)
 
 				m.Group("/labels", func() {
-					m.Get("", repo.ListLabels)
-					m.Get("/:id", repo.GetLabel)
+					m.Get("", repo2.ListLabels)
+					m.Get("/:id", repo2.GetLabel)
 				})
 				m.Group("/labels", func() {
-					m.Post("", bind(api.CreateLabelOption{}), repo.CreateLabel)
+					m.Post("", bind(api.CreateLabelOption{}), repo2.CreateLabel)
 					m.Combo("/:id").
-						Patch(bind(api.EditLabelOption{}), repo.EditLabel).
-						Delete(repo.DeleteLabel)
+						Patch(bind(api.EditLabelOption{}), repo2.EditLabel).
+						Delete(repo2.DeleteLabel)
 				}, reqRepoWriter())
 
 				m.Group("/milestones", func() {
-					m.Get("", repo.ListMilestones)
-					m.Get("/:id", repo.GetMilestone)
+					m.Get("", repo2.ListMilestones)
+					m.Get("/:id", repo2.GetMilestone)
 				})
 				m.Group("/milestones", func() {
-					m.Post("", bind(api.CreateMilestoneOption{}), repo.CreateMilestone)
+					m.Post("", bind(api.CreateMilestoneOption{}), repo2.CreateMilestone)
 					m.Combo("/:id").
-						Patch(bind(api.EditMilestoneOption{}), repo.EditMilestone).
-						Delete(repo.DeleteMilestone)
+						Patch(bind(api.EditMilestoneOption{}), repo2.EditMilestone).
+						Delete(repo2.DeleteMilestone)
 				}, reqRepoWriter())
 
-				m.Patch("/issue-tracker", reqRepoWriter(), bind(api.EditIssueTrackerOption{}), repo.IssueTracker)
-				m.Post("/mirror-sync", reqRepoWriter(), repo.MirrorSync)
-				m.Get("/editorconfig/:filename", context.RepoRef(), repo.GetEditorconfig)
+				m.Patch("/issue-tracker", reqRepoWriter(), bind(api.EditIssueTrackerOption{}), repo2.IssueTracker)
+				m.Post("/mirror-sync", reqRepoWriter(), repo2.MirrorSync)
+				m.Get("/editorconfig/:filename", context.RepoRef(), repo2.GetEditorconfig)
 			}, repoAssignment())
 		}, reqToken())
 
-		m.Get("/issues", reqToken(), repo.ListUserIssues)
+		m.Get("/issues", reqToken(), repo2.ListUserIssues)
 
 		// Organizations
 		m.Combo("/user/orgs", reqToken()).
-			Get(org.ListMyOrgs).
-			Post(bind(api.CreateOrgOption{}), org.CreateMyOrg)
+			Get(org2.ListMyOrgs).
+			Post(bind(api.CreateOrgOption{}), org2.CreateMyOrg)
 
-		m.Get("/users/:username/orgs", org.ListUserOrgs)
+		m.Get("/users/:username/orgs", org2.ListUserOrgs)
 		m.Group("/orgs/:orgname", func() {
 			m.Combo("").
-				Get(org.Get).
-				Patch(bind(api.EditOrgOption{}), org.Edit)
-			m.Get("/teams", org.ListTeams)
+				Get(org2.Get).
+				Patch(bind(api.EditOrgOption{}), org2.Edit)
+			m.Get("/teams", org2.ListTeams)
 		}, orgAssignment(true))
 
 		m.Group("/admin", func() {
 			m.Group("/users", func() {
-				m.Post("", bind(api.CreateUserOption{}), admin.CreateUser)
+				m.Post("", bind(api.CreateUserOption{}), admin2.CreateUser)
 
 				m.Group("/:username", func() {
 					m.Combo("").
-						Patch(bind(api.EditUserOption{}), admin.EditUser).
-						Delete(admin.DeleteUser)
-					m.Post("/keys", bind(api.CreateKeyOption{}), admin.CreatePublicKey)
-					m.Post("/orgs", bind(api.CreateOrgOption{}), admin.CreateOrg)
-					m.Post("/repos", bind(api.CreateRepoOption{}), admin.CreateRepo)
+						Patch(bind(api.EditUserOption{}), admin2.EditUser).
+						Delete(admin2.DeleteUser)
+					m.Post("/keys", bind(api.CreateKeyOption{}), admin2.CreatePublicKey)
+					m.Post("/orgs", bind(api.CreateOrgOption{}), admin2.CreateOrg)
+					m.Post("/repos", bind(api.CreateRepoOption{}), admin2.CreateRepo)
 				})
 			})
 
 			m.Group("/orgs/:orgname", func() {
 				m.Group("/teams", func() {
-					m.Post("", orgAssignment(true), bind(api.CreateTeamOption{}), admin.CreateTeam)
+					m.Post("", orgAssignment(true), bind(api.CreateTeamOption{}), admin2.CreateTeam)
 				})
 			})
 
 			m.Group("/teams", func() {
 				m.Group("/:teamid", func() {
 					m.Combo("/members/:username").
-						Put(admin.AddTeamMember).
-						Delete(admin.RemoveTeamMember)
+						Put(admin2.AddTeamMember).
+						Delete(admin2.RemoveTeamMember)
 					m.Combo("/repos/:reponame").
-						Put(admin.AddTeamRepository).
-						Delete(admin.RemoveTeamRepository)
+						Put(admin2.AddTeamRepository).
+						Delete(admin2.RemoveTeamRepository)
 				}, orgAssignment(false, true))
 			})
 		}, reqAdmin())
diff --git a/routes/api/v1/convert/convert.go b/internal/route/api/v1/convert/convert.go
index 767fd7da..0bc2a5ca 100644
--- a/routes/api/v1/convert/convert.go
+++ b/internal/route/api/v1/convert/convert.go
@@ -12,10 +12,10 @@ import (
 	"github.com/gogs/git-module"
 	api "github.com/gogs/go-gogs-client"
 
-	"gogs.io/gogs/models"
+	"gogs.io/gogs/internal/db"
 )
 
-func ToEmail(email *models.EmailAddress) *api.Email {
+func ToEmail(email *db.EmailAddress) *api.Email {
 	return &api.Email{
 		Email:    email.Email,
 		Verified: email.IsActivated,
@@ -23,7 +23,7 @@ func ToEmail(email *models.EmailAddress) *api.Email {
 	}
 }
 
-func ToBranch(b *models.Branch, c *git.Commit) *api.Branch {
+func ToBranch(b *db.Branch, c *git.Commit) *api.Branch {
 	return &api.Branch{
 		Name:   b.Name,
 		Commit: ToCommit(c),
@@ -32,12 +32,12 @@ func ToBranch(b *models.Branch, c *git.Commit) *api.Branch {
 
 func ToCommit(c *git.Commit) *api.PayloadCommit {
 	authorUsername := ""
-	author, err := models.GetUserByEmail(c.Author.Email)
+	author, err := db.GetUserByEmail(c.Author.Email)
 	if err == nil {
 		authorUsername = author.Name
 	}
 	committerUsername := ""
-	committer, err := models.GetUserByEmail(c.Committer.Email)
+	committer, err := db.GetUserByEmail(c.Committer.Email)
 	if err == nil {
 		committerUsername = committer.Name
 	}
@@ -59,7 +59,7 @@ func ToCommit(c *git.Commit) *api.PayloadCommit {
 	}
 }
 
-func ToPublicKey(apiLink string, key *models.PublicKey) *api.PublicKey {
+func ToPublicKey(apiLink string, key *db.PublicKey) *api.PublicKey {
 	return &api.PublicKey{
 		ID:      key.ID,
 		Key:     key.Content,
@@ -69,12 +69,12 @@ func ToPublicKey(apiLink string, key *models.PublicKey) *api.PublicKey {
 	}
 }
 
-func ToHook(repoLink string, w *models.Webhook) *api.Hook {
+func ToHook(repoLink string, w *db.Webhook) *api.Hook {
 	config := map[string]string{
 		"url":          w.URL,
 		"content_type": w.ContentType.Name(),
 	}
-	if w.HookTaskType == models.SLACK {
+	if w.HookTaskType == db.SLACK {
 		s := w.GetSlackHook()
 		config["channel"] = s.Channel
 		config["username"] = s.Username
@@ -94,7 +94,7 @@ func ToHook(repoLink string, w *models.Webhook) *api.Hook {
 	}
 }
 
-func ToDeployKey(apiLink string, key *models.DeployKey) *api.DeployKey {
+func ToDeployKey(apiLink string, key *db.DeployKey) *api.DeployKey {
 	return &api.DeployKey{
 		ID:       key.ID,
 		Key:      key.Content,
@@ -105,7 +105,7 @@ func ToDeployKey(apiLink string, key *models.DeployKey) *api.DeployKey {
 	}
 }
 
-func ToOrganization(org *models.User) *api.Organization {
+func ToOrganization(org *db.User) *api.Organization {
 	return &api.Organization{
 		ID:          org.ID,
 		AvatarUrl:   org.AvatarLink(),
@@ -117,7 +117,7 @@ func ToOrganization(org *models.User) *api.Organization {
 	}
 }
 
-func ToTeam(team *models.Team) *api.Team {
+func ToTeam(team *db.Team) *api.Team {
 	return &api.Team{
 		ID:          team.ID,
 		Name:        team.Name,
diff --git a/routes/api/v1/convert/utils.go b/internal/route/api/v1/convert/utils.go
index 08d6edad..01b3f246 100644
--- a/routes/api/v1/convert/utils.go
+++ b/internal/route/api/v1/convert/utils.go
@@ -5,7 +5,7 @@
 package convert
 
 import (
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/setting"
 )
 
 // ToCorrectPageSize makes sure page size is in allowed range.
diff --git a/routes/api/v1/misc/markdown.go b/internal/route/api/v1/misc/markdown.go
index 2bbb3ae7..8731e32b 100644
--- a/routes/api/v1/misc/markdown.go
+++ b/internal/route/api/v1/misc/markdown.go
@@ -9,8 +9,8 @@ import (
 
 	api "github.com/gogs/go-gogs-client"
 
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/markup"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/markup"
 )
 
 func Markdown(c *context.APIContext, form api.MarkdownOption) {
diff --git a/routes/api/v1/org/org.go b/internal/route/api/v1/org/org.go
index 5ea80cec..dbb3e4dd 100644
--- a/routes/api/v1/org/org.go
+++ b/internal/route/api/v1/org/org.go
@@ -5,34 +5,34 @@
 package org
 
 import (
+	convert2 "gogs.io/gogs/internal/route/api/v1/convert"
+	user2 "gogs.io/gogs/internal/route/api/v1/user"
 	"net/http"
 
 	api "github.com/gogs/go-gogs-client"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/routes/api/v1/convert"
-	"gogs.io/gogs/routes/api/v1/user"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
 )
 
-func CreateOrgForUser(c *context.APIContext, apiForm api.CreateOrgOption, user *models.User) {
+func CreateOrgForUser(c *context.APIContext, apiForm api.CreateOrgOption, user *db.User) {
 	if c.Written() {
 		return
 	}
 
-	org := &models.User{
+	org := &db.User{
 		Name:        apiForm.UserName,
 		FullName:    apiForm.FullName,
 		Description: apiForm.Description,
 		Website:     apiForm.Website,
 		Location:    apiForm.Location,
 		IsActive:    true,
-		Type:        models.USER_TYPE_ORGANIZATION,
+		Type:        db.USER_TYPE_ORGANIZATION,
 	}
-	if err := models.CreateOrganization(org, user); err != nil {
-		if models.IsErrUserAlreadyExist(err) ||
-			models.IsErrNameReserved(err) ||
-			models.IsErrNamePatternNotAllowed(err) {
+	if err := db.CreateOrganization(org, user); err != nil {
+		if db.IsErrUserAlreadyExist(err) ||
+			db.IsErrNameReserved(err) ||
+			db.IsErrNamePatternNotAllowed(err) {
 			c.Error(http.StatusUnprocessableEntity, "", err)
 		} else {
 			c.ServerError("CreateOrganization", err)
@@ -40,10 +40,10 @@ func CreateOrgForUser(c *context.APIContext, apiForm api.CreateOrgOption, user *
 		return
 	}
 
-	c.JSON(201, convert.ToOrganization(org))
+	c.JSON(201, convert2.ToOrganization(org))
 }
 
-func listUserOrgs(c *context.APIContext, u *models.User, all bool) {
+func listUserOrgs(c *context.APIContext, u *db.User, all bool) {
 	if err := u.GetOrganizations(all); err != nil {
 		c.ServerError("GetOrganizations", err)
 		return
@@ -51,7 +51,7 @@ func listUserOrgs(c *context.APIContext, u *models.User, all bool) {
 
 	apiOrgs := make([]*api.Organization, len(u.Orgs))
 	for i := range u.Orgs {
-		apiOrgs[i] = convert.ToOrganization(u.Orgs[i])
+		apiOrgs[i] = convert2.ToOrganization(u.Orgs[i])
 	}
 	c.JSONSuccess(&apiOrgs)
 }
@@ -65,7 +65,7 @@ func CreateMyOrg(c *context.APIContext, apiForm api.CreateOrgOption) {
 }
 
 func ListUserOrgs(c *context.APIContext) {
-	u := user.GetUserByParams(c)
+	u := user2.GetUserByParams(c)
 	if c.Written() {
 		return
 	}
@@ -73,7 +73,7 @@ func ListUserOrgs(c *context.APIContext) {
 }
 
 func Get(c *context.APIContext) {
-	c.JSONSuccess(convert.ToOrganization(c.Org.Organization))
+	c.JSONSuccess(convert2.ToOrganization(c.Org.Organization))
 }
 
 func Edit(c *context.APIContext, form api.EditOrgOption) {
@@ -87,10 +87,10 @@ func Edit(c *context.APIContext, form api.EditOrgOption) {
 	org.Description = form.Description
 	org.Website = form.Website
 	org.Location = form.Location
-	if err := models.UpdateUser(org); err != nil {
+	if err := db.UpdateUser(org); err != nil {
 		c.ServerError("UpdateUser", err)
 		return
 	}
 
-	c.JSONSuccess(convert.ToOrganization(org))
+	c.JSONSuccess(convert2.ToOrganization(org))
 }
diff --git a/routes/api/v1/org/team.go b/internal/route/api/v1/org/team.go
index 4b26552b..528e6183 100644
--- a/routes/api/v1/org/team.go
+++ b/internal/route/api/v1/org/team.go
@@ -6,9 +6,9 @@ package org
 
 import (
 	api "github.com/gogs/go-gogs-client"
+	convert2 "gogs.io/gogs/internal/route/api/v1/convert"
 
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/routes/api/v1/convert"
+	"gogs.io/gogs/internal/context"
 )
 
 func ListTeams(c *context.APIContext) {
@@ -20,7 +20,7 @@ func ListTeams(c *context.APIContext) {
 
 	apiTeams := make([]*api.Team, len(org.Teams))
 	for i := range org.Teams {
-		apiTeams[i] = convert.ToTeam(org.Teams[i])
+		apiTeams[i] = convert2.ToTeam(org.Teams[i])
 	}
 	c.JSON(200, apiTeams)
 }
diff --git a/routes/api/v1/repo/branch.go b/internal/route/api/v1/repo/branch.go
index d21b49b1..b90d1e24 100644
--- a/routes/api/v1/repo/branch.go
+++ b/internal/route/api/v1/repo/branch.go
@@ -6,10 +6,10 @@ package repo
 
 import (
 	api "github.com/gogs/go-gogs-client"
+	convert2 "gogs.io/gogs/internal/route/api/v1/convert"
 
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/routes/api/v1/convert"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db/errors"
 )
 
 // https://github.com/gogs/go-gogs-client/wiki/Repositories#get-branch
@@ -30,7 +30,7 @@ func GetBranch(c *context.APIContext) {
 		return
 	}
 
-	c.JSON(200, convert.ToBranch(branch, commit))
+	c.JSON(200, convert2.ToBranch(branch, commit))
 }
 
 // https://github.com/gogs/go-gogs-client/wiki/Repositories#list-branches
@@ -48,7 +48,7 @@ func ListBranches(c *context.APIContext) {
 			c.Error(500, "GetCommit", err)
 			return
 		}
-		apiBranches[i] = convert.ToBranch(branches[i], commit)
+		apiBranches[i] = convert2.ToBranch(branches[i], commit)
 	}
 
 	c.JSON(200, &apiBranches)
diff --git a/routes/api/v1/repo/collaborators.go b/internal/route/api/v1/repo/collaborators.go
index 7dac975b..e8f74848 100644
--- a/routes/api/v1/repo/collaborators.go
+++ b/internal/route/api/v1/repo/collaborators.go
@@ -7,9 +7,9 @@ package repo
 import (
 	api "github.com/gogs/go-gogs-client"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/context"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/db/errors"
 )
 
 func ListCollaborators(c *context.APIContext) {
@@ -27,7 +27,7 @@ func ListCollaborators(c *context.APIContext) {
 }
 
 func AddCollaborator(c *context.APIContext, form api.AddCollaboratorOption) {
-	collaborator, err := models.GetUserByName(c.Params(":collaborator"))
+	collaborator, err := db.GetUserByName(c.Params(":collaborator"))
 	if err != nil {
 		if errors.IsUserNotExist(err) {
 			c.Error(422, "", err)
@@ -43,7 +43,7 @@ func AddCollaborator(c *context.APIContext, form api.AddCollaboratorOption) {
 	}
 
 	if form.Permission != nil {
-		if err := c.Repo.Repository.ChangeCollaborationAccessMode(collaborator.ID, models.ParseAccessMode(*form.Permission)); err != nil {
+		if err := c.Repo.Repository.ChangeCollaborationAccessMode(collaborator.ID, db.ParseAccessMode(*form.Permission)); err != nil {
 			c.Error(500, "ChangeCollaborationAccessMode", err)
 			return
 		}
@@ -53,7 +53,7 @@ func AddCollaborator(c *context.APIContext, form api.AddCollaboratorOption) {
 }
 
 func IsCollaborator(c *context.APIContext) {
-	collaborator, err := models.GetUserByName(c.Params(":collaborator"))
+	collaborator, err := db.GetUserByName(c.Params(":collaborator"))
 	if err != nil {
 		if errors.IsUserNotExist(err) {
 			c.Error(422, "", err)
@@ -71,7 +71,7 @@ func IsCollaborator(c *context.APIContext) {
 }
 
 func DeleteCollaborator(c *context.APIContext) {
-	collaborator, err := models.GetUserByName(c.Params(":collaborator"))
+	collaborator, err := db.GetUserByName(c.Params(":collaborator"))
 	if err != nil {
 		if errors.IsUserNotExist(err) {
 			c.Error(422, "", err)
diff --git a/routes/api/v1/repo/commits.go b/internal/route/api/v1/repo/commits.go
index 81ec139e..55bfc045 100644
--- a/routes/api/v1/repo/commits.go
+++ b/internal/route/api/v1/repo/commits.go
@@ -12,10 +12,10 @@ import (
 	"github.com/gogs/git-module"
 	api "github.com/gogs/go-gogs-client"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/setting"
 )
 
 func GetSingleCommit(c *context.APIContext) {
@@ -38,7 +38,7 @@ func GetSingleCommit(c *context.APIContext) {
 
 	// Retrieve author and committer information
 	var apiAuthor, apiCommitter *api.User
-	author, err := models.GetUserByEmail(commit.Author.Email)
+	author, err := db.GetUserByEmail(commit.Author.Email)
 	if err != nil && !errors.IsUserNotExist(err) {
 		c.ServerError("Get user by author email", err)
 		return
@@ -49,7 +49,7 @@ func GetSingleCommit(c *context.APIContext) {
 	if commit.Committer.Email == commit.Author.Email {
 		apiCommitter = apiAuthor
 	} else {
-		committer, err := models.GetUserByEmail(commit.Committer.Email)
+		committer, err := db.GetUserByEmail(commit.Committer.Email)
 		if err != nil && !errors.IsUserNotExist(err) {
 			c.ServerError("Get user by committer email", err)
 			return
diff --git a/routes/api/v1/repo/file.go b/internal/route/api/v1/repo/file.go
index 4ae56662..4dcae313 100644
--- a/routes/api/v1/repo/file.go
+++ b/internal/route/api/v1/repo/file.go
@@ -6,10 +6,10 @@ package repo
 
 import (
 	"github.com/gogs/git-module"
+	repo2 "gogs.io/gogs/internal/route/repo"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/routes/repo"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
 )
 
 func GetRawFile(c *context.APIContext) {
@@ -28,13 +28,13 @@ func GetRawFile(c *context.APIContext) {
 		c.NotFoundOrServerError("GetBlobByPath", git.IsErrNotExist, err)
 		return
 	}
-	if err = repo.ServeBlob(c.Context, blob); err != nil {
+	if err = repo2.ServeBlob(c.Context, blob); err != nil {
 		c.ServerError("ServeBlob", err)
 	}
 }
 
 func GetArchive(c *context.APIContext) {
-	repoPath := models.RepoPath(c.Params(":username"), c.Params(":reponame"))
+	repoPath := db.RepoPath(c.Params(":username"), c.Params(":reponame"))
 	gitRepo, err := git.OpenRepository(repoPath)
 	if err != nil {
 		c.ServerError("OpenRepository", err)
@@ -42,7 +42,7 @@ func GetArchive(c *context.APIContext) {
 	}
 	c.Repo.GitRepo = gitRepo
 
-	repo.Download(c.Context)
+	repo2.Download(c.Context)
 }
 
 func GetEditorconfig(c *context.APIContext) {
diff --git a/routes/api/v1/repo/hook.go b/internal/route/api/v1/repo/hook.go
index a4f77852..060d2049 100644
--- a/routes/api/v1/repo/hook.go
+++ b/internal/route/api/v1/repo/hook.go
@@ -5,20 +5,20 @@
 package repo
 
 import (
-	"github.com/unknwon/com"
 	"github.com/json-iterator/go"
+	"github.com/unknwon/com"
+	convert2 "gogs.io/gogs/internal/route/api/v1/convert"
 
 	api "github.com/gogs/go-gogs-client"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/routes/api/v1/convert"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/db/errors"
 )
 
 // https://github.com/gogs/go-gogs-client/wiki/Repositories#list-hooks
 func ListHooks(c *context.APIContext) {
-	hooks, err := models.GetWebhooksByRepoID(c.Repo.Repository.ID)
+	hooks, err := db.GetWebhooksByRepoID(c.Repo.Repository.ID)
 	if err != nil {
 		c.Error(500, "GetWebhooksByRepoID", err)
 		return
@@ -26,14 +26,14 @@ func ListHooks(c *context.APIContext) {
 
 	apiHooks := make([]*api.Hook, len(hooks))
 	for i := range hooks {
-		apiHooks[i] = convert.ToHook(c.Repo.RepoLink, hooks[i])
+		apiHooks[i] = convert2.ToHook(c.Repo.RepoLink, hooks[i])
 	}
 	c.JSON(200, &apiHooks)
 }
 
 // https://github.com/gogs/go-gogs-client/wiki/Repositories#create-a-hook
 func CreateHook(c *context.APIContext, form api.CreateHookOption) {
-	if !models.IsValidHookTaskType(form.Type) {
+	if !db.IsValidHookTaskType(form.Type) {
 		c.Error(422, "", "Invalid hook type")
 		return
 	}
@@ -43,7 +43,7 @@ func CreateHook(c *context.APIContext, form api.CreateHookOption) {
 			return
 		}
 	}
-	if !models.IsValidHookContentType(form.Config["content_type"]) {
+	if !db.IsValidHookContentType(form.Config["content_type"]) {
 		c.Error(422, "", "Invalid content type")
 		return
 	}
@@ -51,34 +51,34 @@ func CreateHook(c *context.APIContext, form api.CreateHookOption) {
 	if len(form.Events) == 0 {
 		form.Events = []string{"push"}
 	}
-	w := &models.Webhook{
+	w := &db.Webhook{
 		RepoID:      c.Repo.Repository.ID,
 		URL:         form.Config["url"],
-		ContentType: models.ToHookContentType(form.Config["content_type"]),
+		ContentType: db.ToHookContentType(form.Config["content_type"]),
 		Secret:      form.Config["secret"],
-		HookEvent: &models.HookEvent{
+		HookEvent: &db.HookEvent{
 			ChooseEvents: true,
-			HookEvents: models.HookEvents{
-				Create:       com.IsSliceContainsStr(form.Events, string(models.HOOK_EVENT_CREATE)),
-				Delete:       com.IsSliceContainsStr(form.Events, string(models.HOOK_EVENT_DELETE)),
-				Fork:         com.IsSliceContainsStr(form.Events, string(models.HOOK_EVENT_FORK)),
-				Push:         com.IsSliceContainsStr(form.Events, string(models.HOOK_EVENT_PUSH)),
-				Issues:       com.IsSliceContainsStr(form.Events, string(models.HOOK_EVENT_ISSUES)),
-				IssueComment: com.IsSliceContainsStr(form.Events, string(models.HOOK_EVENT_ISSUE_COMMENT)),
-				PullRequest:  com.IsSliceContainsStr(form.Events, string(models.HOOK_EVENT_PULL_REQUEST)),
-				Release:      com.IsSliceContainsStr(form.Events, string(models.HOOK_EVENT_RELEASE)),
+			HookEvents: db.HookEvents{
+				Create:       com.IsSliceContainsStr(form.Events, string(db.HOOK_EVENT_CREATE)),
+				Delete:       com.IsSliceContainsStr(form.Events, string(db.HOOK_EVENT_DELETE)),
+				Fork:         com.IsSliceContainsStr(form.Events, string(db.HOOK_EVENT_FORK)),
+				Push:         com.IsSliceContainsStr(form.Events, string(db.HOOK_EVENT_PUSH)),
+				Issues:       com.IsSliceContainsStr(form.Events, string(db.HOOK_EVENT_ISSUES)),
+				IssueComment: com.IsSliceContainsStr(form.Events, string(db.HOOK_EVENT_ISSUE_COMMENT)),
+				PullRequest:  com.IsSliceContainsStr(form.Events, string(db.HOOK_EVENT_PULL_REQUEST)),
+				Release:      com.IsSliceContainsStr(form.Events, string(db.HOOK_EVENT_RELEASE)),
 			},
 		},
 		IsActive:     form.Active,
-		HookTaskType: models.ToHookTaskType(form.Type),
+		HookTaskType: db.ToHookTaskType(form.Type),
 	}
-	if w.HookTaskType == models.SLACK {
+	if w.HookTaskType == db.SLACK {
 		channel, ok := form.Config["channel"]
 		if !ok {
 			c.Error(422, "", "Missing config option: channel")
 			return
 		}
-		meta, err := jsoniter.Marshal(&models.SlackMeta{
+		meta, err := jsoniter.Marshal(&db.SlackMeta{
 			Channel:  channel,
 			Username: form.Config["username"],
 			IconURL:  form.Config["icon_url"],
@@ -94,17 +94,17 @@ func CreateHook(c *context.APIContext, form api.CreateHookOption) {
 	if err := w.UpdateEvent(); err != nil {
 		c.Error(500, "UpdateEvent", err)
 		return
-	} else if err := models.CreateWebhook(w); err != nil {
+	} else if err := db.CreateWebhook(w); err != nil {
 		c.Error(500, "CreateWebhook", err)
 		return
 	}
 
-	c.JSON(201, convert.ToHook(c.Repo.RepoLink, w))
+	c.JSON(201, convert2.ToHook(c.Repo.RepoLink, w))
 }
 
 // https://github.com/gogs/go-gogs-client/wiki/Repositories#edit-a-hook
 func EditHook(c *context.APIContext, form api.EditHookOption) {
-	w, err := models.GetWebhookOfRepoByID(c.Repo.Repository.ID, c.ParamsInt64(":id"))
+	w, err := db.GetWebhookOfRepoByID(c.Repo.Repository.ID, c.ParamsInt64(":id"))
 	if err != nil {
 		if errors.IsWebhookNotExist(err) {
 			c.Status(404)
@@ -119,16 +119,16 @@ func EditHook(c *context.APIContext, form api.EditHookOption) {
 			w.URL = url
 		}
 		if ct, ok := form.Config["content_type"]; ok {
-			if !models.IsValidHookContentType(ct) {
+			if !db.IsValidHookContentType(ct) {
 				c.Error(422, "", "Invalid content type")
 				return
 			}
-			w.ContentType = models.ToHookContentType(ct)
+			w.ContentType = db.ToHookContentType(ct)
 		}
 
-		if w.HookTaskType == models.SLACK {
+		if w.HookTaskType == db.SLACK {
 			if channel, ok := form.Config["channel"]; ok {
-				meta, err := jsoniter.Marshal(&models.SlackMeta{
+				meta, err := jsoniter.Marshal(&db.SlackMeta{
 					Channel:  channel,
 					Username: form.Config["username"],
 					IconURL:  form.Config["icon_url"],
@@ -150,14 +150,14 @@ func EditHook(c *context.APIContext, form api.EditHookOption) {
 	w.PushOnly = false
 	w.SendEverything = false
 	w.ChooseEvents = true
-	w.Create = com.IsSliceContainsStr(form.Events, string(models.HOOK_EVENT_CREATE))
-	w.Delete = com.IsSliceContainsStr(form.Events, string(models.HOOK_EVENT_DELETE))
-	w.Fork = com.IsSliceContainsStr(form.Events, string(models.HOOK_EVENT_FORK))
-	w.Push = com.IsSliceContainsStr(form.Events, string(models.HOOK_EVENT_PUSH))
-	w.Issues = com.IsSliceContainsStr(form.Events, string(models.HOOK_EVENT_ISSUES))
-	w.IssueComment = com.IsSliceContainsStr(form.Events, string(models.HOOK_EVENT_ISSUE_COMMENT))
-	w.PullRequest = com.IsSliceContainsStr(form.Events, string(models.HOOK_EVENT_PULL_REQUEST))
-	w.Release = com.IsSliceContainsStr(form.Events, string(models.HOOK_EVENT_RELEASE))
+	w.Create = com.IsSliceContainsStr(form.Events, string(db.HOOK_EVENT_CREATE))
+	w.Delete = com.IsSliceContainsStr(form.Events, string(db.HOOK_EVENT_DELETE))
+	w.Fork = com.IsSliceContainsStr(form.Events, string(db.HOOK_EVENT_FORK))
+	w.Push = com.IsSliceContainsStr(form.Events, string(db.HOOK_EVENT_PUSH))
+	w.Issues = com.IsSliceContainsStr(form.Events, string(db.HOOK_EVENT_ISSUES))
+	w.IssueComment = com.IsSliceContainsStr(form.Events, string(db.HOOK_EVENT_ISSUE_COMMENT))
+	w.PullRequest = com.IsSliceContainsStr(form.Events, string(db.HOOK_EVENT_PULL_REQUEST))
+	w.Release = com.IsSliceContainsStr(form.Events, string(db.HOOK_EVENT_RELEASE))
 	if err = w.UpdateEvent(); err != nil {
 		c.Error(500, "UpdateEvent", err)
 		return
@@ -167,16 +167,16 @@ func EditHook(c *context.APIContext, form api.EditHookOption) {
 		w.IsActive = *form.Active
 	}
 
-	if err := models.UpdateWebhook(w); err != nil {
+	if err := db.UpdateWebhook(w); err != nil {
 		c.Error(500, "UpdateWebhook", err)
 		return
 	}
 
-	c.JSON(200, convert.ToHook(c.Repo.RepoLink, w))
+	c.JSON(200, convert2.ToHook(c.Repo.RepoLink, w))
 }
 
 func DeleteHook(c *context.APIContext) {
-	if err := models.DeleteWebhookOfRepoByID(c.Repo.Repository.ID, c.ParamsInt64(":id")); err != nil {
+	if err := db.DeleteWebhookOfRepoByID(c.Repo.Repository.ID, c.ParamsInt64(":id")); err != nil {
 		c.Error(500, "DeleteWebhookByRepoID", err)
 		return
 	}
diff --git a/routes/api/v1/repo/issue.go b/internal/route/api/v1/repo/issue.go
index bd46dd06..5d32a00c 100644
--- a/routes/api/v1/repo/issue.go
+++ b/internal/route/api/v1/repo/issue.go
@@ -11,20 +11,20 @@ import (
 
 	api "github.com/gogs/go-gogs-client"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/setting"
 )
 
-func listIssues(c *context.APIContext, opts *models.IssuesOptions) {
-	issues, err := models.Issues(opts)
+func listIssues(c *context.APIContext, opts *db.IssuesOptions) {
+	issues, err := db.Issues(opts)
 	if err != nil {
 		c.ServerError("Issues", err)
 		return
 	}
 
-	count, err := models.IssuesCount(opts)
+	count, err := db.IssuesCount(opts)
 	if err != nil {
 		c.ServerError("IssuesCount", err)
 		return
@@ -45,7 +45,7 @@ func listIssues(c *context.APIContext, opts *models.IssuesOptions) {
 }
 
 func ListUserIssues(c *context.APIContext) {
-	opts := models.IssuesOptions{
+	opts := db.IssuesOptions{
 		AssigneeID: c.User.ID,
 		Page:       c.QueryInt("page"),
 		IsClosed:   api.StateType(c.Query("state")) == api.STATE_CLOSED,
@@ -55,7 +55,7 @@ func ListUserIssues(c *context.APIContext) {
 }
 
 func ListIssues(c *context.APIContext) {
-	opts := models.IssuesOptions{
+	opts := db.IssuesOptions{
 		RepoID:   c.Repo.Repository.ID,
 		Page:     c.QueryInt("page"),
 		IsClosed: api.StateType(c.Query("state")) == api.STATE_CLOSED,
@@ -65,7 +65,7 @@ func ListIssues(c *context.APIContext) {
 }
 
 func GetIssue(c *context.APIContext) {
-	issue, err := models.GetIssueByIndex(c.Repo.Repository.ID, c.ParamsInt64(":index"))
+	issue, err := db.GetIssueByIndex(c.Repo.Repository.ID, c.ParamsInt64(":index"))
 	if err != nil {
 		c.NotFoundOrServerError("GetIssueByIndex", errors.IsIssueNotExist, err)
 		return
@@ -74,7 +74,7 @@ func GetIssue(c *context.APIContext) {
 }
 
 func CreateIssue(c *context.APIContext, form api.CreateIssueOption) {
-	issue := &models.Issue{
+	issue := &db.Issue{
 		RepoID:   c.Repo.Repository.ID,
 		Title:    form.Title,
 		PosterID: c.User.ID,
@@ -84,7 +84,7 @@ func CreateIssue(c *context.APIContext, form api.CreateIssueOption) {
 
 	if c.Repo.IsWriter() {
 		if len(form.Assignee) > 0 {
-			assignee, err := models.GetUserByName(form.Assignee)
+			assignee, err := db.GetUserByName(form.Assignee)
 			if err != nil {
 				if errors.IsUserNotExist(err) {
 					c.Error(http.StatusUnprocessableEntity, "", fmt.Sprintf("assignee does not exist: [name: %s]", form.Assignee))
@@ -100,7 +100,7 @@ func CreateIssue(c *context.APIContext, form api.CreateIssueOption) {
 		form.Labels = nil
 	}
 
-	if err := models.NewIssue(c.Repo.Repository, issue, form.Labels, nil); err != nil {
+	if err := db.NewIssue(c.Repo.Repository, issue, form.Labels, nil); err != nil {
 		c.ServerError("NewIssue", err)
 		return
 	}
@@ -114,7 +114,7 @@ func CreateIssue(c *context.APIContext, form api.CreateIssueOption) {
 
 	// Refetch from database to assign some automatic values
 	var err error
-	issue, err = models.GetIssueByID(issue.ID)
+	issue, err = db.GetIssueByID(issue.ID)
 	if err != nil {
 		c.ServerError("GetIssueByID", err)
 		return
@@ -123,7 +123,7 @@ func CreateIssue(c *context.APIContext, form api.CreateIssueOption) {
 }
 
 func EditIssue(c *context.APIContext, form api.EditIssueOption) {
-	issue, err := models.GetIssueByIndex(c.Repo.Repository.ID, c.ParamsInt64(":index"))
+	issue, err := db.GetIssueByIndex(c.Repo.Repository.ID, c.ParamsInt64(":index"))
 	if err != nil {
 		c.NotFoundOrServerError("GetIssueByIndex", errors.IsIssueNotExist, err)
 		return
@@ -146,7 +146,7 @@ func EditIssue(c *context.APIContext, form api.EditIssueOption) {
 		if len(*form.Assignee) == 0 {
 			issue.AssigneeID = 0
 		} else {
-			assignee, err := models.GetUserByName(*form.Assignee)
+			assignee, err := db.GetUserByName(*form.Assignee)
 			if err != nil {
 				if errors.IsUserNotExist(err) {
 					c.Error(http.StatusUnprocessableEntity, "", fmt.Sprintf("assignee does not exist: [name: %s]", *form.Assignee))
@@ -158,7 +158,7 @@ func EditIssue(c *context.APIContext, form api.EditIssueOption) {
 			issue.AssigneeID = assignee.ID
 		}
 
-		if err = models.UpdateIssueUserByAssignee(issue); err != nil {
+		if err = db.UpdateIssueUserByAssignee(issue); err != nil {
 			c.ServerError("UpdateIssueUserByAssignee", err)
 			return
 		}
@@ -167,13 +167,13 @@ func EditIssue(c *context.APIContext, form api.EditIssueOption) {
 		issue.MilestoneID != *form.Milestone {
 		oldMilestoneID := issue.MilestoneID
 		issue.MilestoneID = *form.Milestone
-		if err = models.ChangeMilestoneAssign(c.User, issue, oldMilestoneID); err != nil {
+		if err = db.ChangeMilestoneAssign(c.User, issue, oldMilestoneID); err != nil {
 			c.ServerError("ChangeMilestoneAssign", err)
 			return
 		}
 	}
 
-	if err = models.UpdateIssue(issue); err != nil {
+	if err = db.UpdateIssue(issue); err != nil {
 		c.ServerError("UpdateIssue", err)
 		return
 	}
@@ -185,7 +185,7 @@ func EditIssue(c *context.APIContext, form api.EditIssueOption) {
 	}
 
 	// Refetch from database to assign some automatic values
-	issue, err = models.GetIssueByID(issue.ID)
+	issue, err = db.GetIssueByID(issue.ID)
 	if err != nil {
 		c.ServerError("GetIssueByID", err)
 		return
diff --git a/routes/api/v1/repo/issue_comment.go b/internal/route/api/v1/repo/issue_comment.go
index 2d0c3e62..4f86e13b 100644
--- a/routes/api/v1/repo/issue_comment.go
+++ b/internal/route/api/v1/repo/issue_comment.go
@@ -9,8 +9,8 @@ import (
 
 	api "github.com/gogs/go-gogs-client"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/pkg/context"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
 )
 
 func ListIssueComments(c *context.APIContext) {
@@ -24,14 +24,14 @@ func ListIssueComments(c *context.APIContext) {
 		}
 	}
 
-	// comments,err:=models.GetCommentsByIssueIDSince(, since)
-	issue, err := models.GetRawIssueByIndex(c.Repo.Repository.ID, c.ParamsInt64(":index"))
+	// comments,err:=db.GetCommentsByIssueIDSince(, since)
+	issue, err := db.GetRawIssueByIndex(c.Repo.Repository.ID, c.ParamsInt64(":index"))
 	if err != nil {
 		c.ServerError("GetRawIssueByIndex", err)
 		return
 	}
 
-	comments, err := models.GetCommentsByIssueIDSince(issue.ID, since.Unix())
+	comments, err := db.GetCommentsByIssueIDSince(issue.ID, since.Unix())
 	if err != nil {
 		c.ServerError("GetCommentsByIssueIDSince", err)
 		return
@@ -55,7 +55,7 @@ func ListRepoIssueComments(c *context.APIContext) {
 		}
 	}
 
-	comments, err := models.GetCommentsByRepoIDSince(c.Repo.Repository.ID, since.Unix())
+	comments, err := db.GetCommentsByRepoIDSince(c.Repo.Repository.ID, since.Unix())
 	if err != nil {
 		c.ServerError("GetCommentsByRepoIDSince", err)
 		return
@@ -69,13 +69,13 @@ func ListRepoIssueComments(c *context.APIContext) {
 }
 
 func CreateIssueComment(c *context.APIContext, form api.CreateIssueCommentOption) {
-	issue, err := models.GetIssueByIndex(c.Repo.Repository.ID, c.ParamsInt64(":index"))
+	issue, err := db.GetIssueByIndex(c.Repo.Repository.ID, c.ParamsInt64(":index"))
 	if err != nil {
 		c.ServerError("GetIssueByIndex", err)
 		return
 	}
 
-	comment, err := models.CreateIssueComment(c.User, c.Repo.Repository, issue, form.Body, nil)
+	comment, err := db.CreateIssueComment(c.User, c.Repo.Repository, issue, form.Body, nil)
 	if err != nil {
 		c.ServerError("CreateIssueComment", err)
 		return
@@ -85,23 +85,23 @@ func CreateIssueComment(c *context.APIContext, form api.CreateIssueCommentOption
 }
 
 func EditIssueComment(c *context.APIContext, form api.EditIssueCommentOption) {
-	comment, err := models.GetCommentByID(c.ParamsInt64(":id"))
+	comment, err := db.GetCommentByID(c.ParamsInt64(":id"))
 	if err != nil {
-		c.NotFoundOrServerError("GetCommentByID", models.IsErrCommentNotExist, err)
+		c.NotFoundOrServerError("GetCommentByID", db.IsErrCommentNotExist, err)
 		return
 	}
 
 	if c.User.ID != comment.PosterID && !c.Repo.IsAdmin() {
 		c.Status(http.StatusForbidden)
 		return
-	} else if comment.Type != models.COMMENT_TYPE_COMMENT {
+	} else if comment.Type != db.COMMENT_TYPE_COMMENT {
 		c.NoContent()
 		return
 	}
 
 	oldContent := comment.Content
 	comment.Content = form.Body
-	if err := models.UpdateComment(c.User, comment, oldContent); err != nil {
+	if err := db.UpdateComment(c.User, comment, oldContent); err != nil {
 		c.ServerError("UpdateComment", err)
 		return
 	}
@@ -109,21 +109,21 @@ func EditIssueComment(c *context.APIContext, form api.EditIssueCommentOption) {
 }
 
 func DeleteIssueComment(c *context.APIContext) {
-	comment, err := models.GetCommentByID(c.ParamsInt64(":id"))
+	comment, err := db.GetCommentByID(c.ParamsInt64(":id"))
 	if err != nil {
-		c.NotFoundOrServerError("GetCommentByID", models.IsErrCommentNotExist, err)
+		c.NotFoundOrServerError("GetCommentByID", db.IsErrCommentNotExist, err)
 		return
 	}
 
 	if c.User.ID != comment.PosterID && !c.Repo.IsAdmin() {
 		c.Status(http.StatusForbidden)
 		return
-	} else if comment.Type != models.COMMENT_TYPE_COMMENT {
+	} else if comment.Type != db.COMMENT_TYPE_COMMENT {
 		c.NoContent()
 		return
 	}
 
-	if err = models.DeleteCommentByID(c.User, comment.ID); err != nil {
+	if err = db.DeleteCommentByID(c.User, comment.ID); err != nil {
 		c.ServerError("DeleteCommentByID", err)
 		return
 	}
diff --git a/routes/api/v1/repo/issue_label.go b/internal/route/api/v1/repo/issue_label.go
index 173ddb42..7c8b7982 100644
--- a/routes/api/v1/repo/issue_label.go
+++ b/internal/route/api/v1/repo/issue_label.go
@@ -9,13 +9,13 @@ import (
 
 	api "github.com/gogs/go-gogs-client"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/context"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/db/errors"
 )
 
 func ListIssueLabels(c *context.APIContext) {
-	issue, err := models.GetIssueByIndex(c.Repo.Repository.ID, c.ParamsInt64(":index"))
+	issue, err := db.GetIssueByIndex(c.Repo.Repository.ID, c.ParamsInt64(":index"))
 	if err != nil {
 		c.NotFoundOrServerError("GetIssueByIndex", errors.IsIssueNotExist, err)
 		return
@@ -29,13 +29,13 @@ func ListIssueLabels(c *context.APIContext) {
 }
 
 func AddIssueLabels(c *context.APIContext, form api.IssueLabelsOption) {
-	issue, err := models.GetIssueByIndex(c.Repo.Repository.ID, c.ParamsInt64(":index"))
+	issue, err := db.GetIssueByIndex(c.Repo.Repository.ID, c.ParamsInt64(":index"))
 	if err != nil {
 		c.NotFoundOrServerError("GetIssueByIndex", errors.IsIssueNotExist, err)
 		return
 	}
 
-	labels, err := models.GetLabelsInRepoByIDs(c.Repo.Repository.ID, form.Labels)
+	labels, err := db.GetLabelsInRepoByIDs(c.Repo.Repository.ID, form.Labels)
 	if err != nil {
 		c.ServerError("GetLabelsInRepoByIDs", err)
 		return
@@ -46,7 +46,7 @@ func AddIssueLabels(c *context.APIContext, form api.IssueLabelsOption) {
 		return
 	}
 
-	labels, err = models.GetLabelsByIssueID(issue.ID)
+	labels, err = db.GetLabelsByIssueID(issue.ID)
 	if err != nil {
 		c.ServerError("GetLabelsByIssueID", err)
 		return
@@ -60,15 +60,15 @@ func AddIssueLabels(c *context.APIContext, form api.IssueLabelsOption) {
 }
 
 func DeleteIssueLabel(c *context.APIContext) {
-	issue, err := models.GetIssueByIndex(c.Repo.Repository.ID, c.ParamsInt64(":index"))
+	issue, err := db.GetIssueByIndex(c.Repo.Repository.ID, c.ParamsInt64(":index"))
 	if err != nil {
 		c.NotFoundOrServerError("GetIssueByIndex", errors.IsIssueNotExist, err)
 		return
 	}
 
-	label, err := models.GetLabelOfRepoByID(c.Repo.Repository.ID, c.ParamsInt64(":id"))
+	label, err := db.GetLabelOfRepoByID(c.Repo.Repository.ID, c.ParamsInt64(":id"))
 	if err != nil {
-		if models.IsErrLabelNotExist(err) {
+		if db.IsErrLabelNotExist(err) {
 			c.Error(http.StatusUnprocessableEntity, "", err)
 		} else {
 			c.ServerError("GetLabelInRepoByID", err)
@@ -76,7 +76,7 @@ func DeleteIssueLabel(c *context.APIContext) {
 		return
 	}
 
-	if err := models.DeleteIssueLabel(issue, label); err != nil {
+	if err := db.DeleteIssueLabel(issue, label); err != nil {
 		c.ServerError("DeleteIssueLabel", err)
 		return
 	}
@@ -85,13 +85,13 @@ func DeleteIssueLabel(c *context.APIContext) {
 }
 
 func ReplaceIssueLabels(c *context.APIContext, form api.IssueLabelsOption) {
-	issue, err := models.GetIssueByIndex(c.Repo.Repository.ID, c.ParamsInt64(":index"))
+	issue, err := db.GetIssueByIndex(c.Repo.Repository.ID, c.ParamsInt64(":index"))
 	if err != nil {
 		c.NotFoundOrServerError("GetIssueByIndex", errors.IsIssueNotExist, err)
 		return
 	}
 
-	labels, err := models.GetLabelsInRepoByIDs(c.Repo.Repository.ID, form.Labels)
+	labels, err := db.GetLabelsInRepoByIDs(c.Repo.Repository.ID, form.Labels)
 	if err != nil {
 		c.ServerError("GetLabelsInRepoByIDs", err)
 		return
@@ -102,7 +102,7 @@ func ReplaceIssueLabels(c *context.APIContext, form api.IssueLabelsOption) {
 		return
 	}
 
-	labels, err = models.GetLabelsByIssueID(issue.ID)
+	labels, err = db.GetLabelsByIssueID(issue.ID)
 	if err != nil {
 		c.ServerError("GetLabelsByIssueID", err)
 		return
@@ -116,7 +116,7 @@ func ReplaceIssueLabels(c *context.APIContext, form api.IssueLabelsOption) {
 }
 
 func ClearIssueLabels(c *context.APIContext) {
-	issue, err := models.GetIssueByIndex(c.Repo.Repository.ID, c.ParamsInt64(":index"))
+	issue, err := db.GetIssueByIndex(c.Repo.Repository.ID, c.ParamsInt64(":index"))
 	if err != nil {
 		c.NotFoundOrServerError("GetIssueByIndex", errors.IsIssueNotExist, err)
 		return
diff --git a/routes/api/v1/repo/key.go b/internal/route/api/v1/repo/key.go
index 17ae7084..d47d4b46 100644
--- a/routes/api/v1/repo/key.go
+++ b/internal/route/api/v1/repo/key.go
@@ -6,13 +6,13 @@ package repo
 
 import (
 	"fmt"
+	convert2 "gogs.io/gogs/internal/route/api/v1/convert"
 
 	api "github.com/gogs/go-gogs-client"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/routes/api/v1/convert"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/setting"
 )
 
 func composeDeployKeysAPILink(repoPath string) string {
@@ -21,7 +21,7 @@ func composeDeployKeysAPILink(repoPath string) string {
 
 // https://github.com/gogs/go-gogs-client/wiki/Repositories-Deploy-Keys#list-deploy-keys
 func ListDeployKeys(c *context.APIContext) {
-	keys, err := models.ListDeployKeys(c.Repo.Repository.ID)
+	keys, err := db.ListDeployKeys(c.Repo.Repository.ID)
 	if err != nil {
 		c.Error(500, "ListDeployKeys", err)
 		return
@@ -34,7 +34,7 @@ func ListDeployKeys(c *context.APIContext) {
 			c.Error(500, "GetContent", err)
 			return
 		}
-		apiKeys[i] = convert.ToDeployKey(apiLink, keys[i])
+		apiKeys[i] = convert2.ToDeployKey(apiLink, keys[i])
 	}
 
 	c.JSON(200, &apiKeys)
@@ -42,9 +42,9 @@ func ListDeployKeys(c *context.APIContext) {
 
 // https://github.com/gogs/go-gogs-client/wiki/Repositories-Deploy-Keys#get-a-deploy-key
 func GetDeployKey(c *context.APIContext) {
-	key, err := models.GetDeployKeyByID(c.ParamsInt64(":id"))
+	key, err := db.GetDeployKeyByID(c.ParamsInt64(":id"))
 	if err != nil {
-		if models.IsErrDeployKeyNotExist(err) {
+		if db.IsErrDeployKeyNotExist(err) {
 			c.Status(404)
 		} else {
 			c.Error(500, "GetDeployKeyByID", err)
@@ -58,11 +58,11 @@ func GetDeployKey(c *context.APIContext) {
 	}
 
 	apiLink := composeDeployKeysAPILink(c.Repo.Owner.Name + "/" + c.Repo.Repository.Name)
-	c.JSON(200, convert.ToDeployKey(apiLink, key))
+	c.JSON(200, convert2.ToDeployKey(apiLink, key))
 }
 
 func HandleCheckKeyStringError(c *context.APIContext, err error) {
-	if models.IsErrKeyUnableVerify(err) {
+	if db.IsErrKeyUnableVerify(err) {
 		c.Error(422, "", "Unable to verify key content")
 	} else {
 		c.Error(422, "", fmt.Errorf("Invalid key content: %v", err))
@@ -71,9 +71,9 @@ func HandleCheckKeyStringError(c *context.APIContext, err error) {
 
 func HandleAddKeyError(c *context.APIContext, err error) {
 	switch {
-	case models.IsErrKeyAlreadyExist(err):
+	case db.IsErrKeyAlreadyExist(err):
 		c.Error(422, "", "Key content has been used as non-deploy key")
-	case models.IsErrKeyNameAlreadyUsed(err):
+	case db.IsErrKeyNameAlreadyUsed(err):
 		c.Error(422, "", "Key title has been used")
 	default:
 		c.Error(500, "AddKey", err)
@@ -82,13 +82,13 @@ func HandleAddKeyError(c *context.APIContext, err error) {
 
 // https://github.com/gogs/go-gogs-client/wiki/Repositories-Deploy-Keys#add-a-new-deploy-key
 func CreateDeployKey(c *context.APIContext, form api.CreateKeyOption) {
-	content, err := models.CheckPublicKeyString(form.Key)
+	content, err := db.CheckPublicKeyString(form.Key)
 	if err != nil {
 		HandleCheckKeyStringError(c, err)
 		return
 	}
 
-	key, err := models.AddDeployKey(c.Repo.Repository.ID, form.Title, content)
+	key, err := db.AddDeployKey(c.Repo.Repository.ID, form.Title, content)
 	if err != nil {
 		HandleAddKeyError(c, err)
 		return
@@ -96,13 +96,13 @@ func CreateDeployKey(c *context.APIContext, form api.CreateKeyOption) {
 
 	key.Content = content
 	apiLink := composeDeployKeysAPILink(c.Repo.Owner.Name + "/" + c.Repo.Repository.Name)
-	c.JSON(201, convert.ToDeployKey(apiLink, key))
+	c.JSON(201, convert2.ToDeployKey(apiLink, key))
 }
 
 // https://github.com/gogs/go-gogs-client/wiki/Repositories-Deploy-Keys#remove-a-deploy-key
 func DeleteDeploykey(c *context.APIContext) {
-	if err := models.DeleteDeployKey(c.User, c.ParamsInt64(":id")); err != nil {
-		if models.IsErrKeyAccessDenied(err) {
+	if err := db.DeleteDeployKey(c.User, c.ParamsInt64(":id")); err != nil {
+		if db.IsErrKeyAccessDenied(err) {
 			c.Error(403, "", "You do not have access to this key")
 		} else {
 			c.Error(500, "DeleteDeployKey", err)
diff --git a/routes/api/v1/repo/label.go b/internal/route/api/v1/repo/label.go
index 189d3fdb..9dd2d7d0 100644
--- a/routes/api/v1/repo/label.go
+++ b/internal/route/api/v1/repo/label.go
@@ -11,12 +11,12 @@ import (
 
 	api "github.com/gogs/go-gogs-client"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/pkg/context"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
 )
 
 func ListLabels(c *context.APIContext) {
-	labels, err := models.GetLabelsByRepoID(c.Repo.Repository.ID)
+	labels, err := db.GetLabelsByRepoID(c.Repo.Repository.ID)
 	if err != nil {
 		c.ServerError("GetLabelsByRepoID", err)
 		return
@@ -30,16 +30,16 @@ func ListLabels(c *context.APIContext) {
 }
 
 func GetLabel(c *context.APIContext) {
-	var label *models.Label
+	var label *db.Label
 	var err error
 	idStr := c.Params(":id")
 	if id := com.StrTo(idStr).MustInt64(); id > 0 {
-		label, err = models.GetLabelOfRepoByID(c.Repo.Repository.ID, id)
+		label, err = db.GetLabelOfRepoByID(c.Repo.Repository.ID, id)
 	} else {
-		label, err = models.GetLabelOfRepoByName(c.Repo.Repository.ID, idStr)
+		label, err = db.GetLabelOfRepoByName(c.Repo.Repository.ID, idStr)
 	}
 	if err != nil {
-		c.NotFoundOrServerError("GetLabel", models.IsErrLabelNotExist, err)
+		c.NotFoundOrServerError("GetLabel", db.IsErrLabelNotExist, err)
 		return
 	}
 
@@ -47,12 +47,12 @@ func GetLabel(c *context.APIContext) {
 }
 
 func CreateLabel(c *context.APIContext, form api.CreateLabelOption) {
-	label := &models.Label{
+	label := &db.Label{
 		Name:   form.Name,
 		Color:  form.Color,
 		RepoID: c.Repo.Repository.ID,
 	}
-	if err := models.NewLabels(label); err != nil {
+	if err := db.NewLabels(label); err != nil {
 		c.ServerError("NewLabel", err)
 		return
 	}
@@ -60,9 +60,9 @@ func CreateLabel(c *context.APIContext, form api.CreateLabelOption) {
 }
 
 func EditLabel(c *context.APIContext, form api.EditLabelOption) {
-	label, err := models.GetLabelOfRepoByID(c.Repo.Repository.ID, c.ParamsInt64(":id"))
+	label, err := db.GetLabelOfRepoByID(c.Repo.Repository.ID, c.ParamsInt64(":id"))
 	if err != nil {
-		c.NotFoundOrServerError("GetLabelOfRepoByID", models.IsErrLabelNotExist, err)
+		c.NotFoundOrServerError("GetLabelOfRepoByID", db.IsErrLabelNotExist, err)
 		return
 	}
 
@@ -72,7 +72,7 @@ func EditLabel(c *context.APIContext, form api.EditLabelOption) {
 	if form.Color != nil {
 		label.Color = *form.Color
 	}
-	if err := models.UpdateLabel(label); err != nil {
+	if err := db.UpdateLabel(label); err != nil {
 		c.ServerError("UpdateLabel", err)
 		return
 	}
@@ -80,7 +80,7 @@ func EditLabel(c *context.APIContext, form api.EditLabelOption) {
 }
 
 func DeleteLabel(c *context.APIContext) {
-	if err := models.DeleteLabel(c.Repo.Repository.ID, c.ParamsInt64(":id")); err != nil {
+	if err := db.DeleteLabel(c.Repo.Repository.ID, c.ParamsInt64(":id")); err != nil {
 		c.ServerError("DeleteLabel", err)
 		return
 	}
diff --git a/routes/api/v1/repo/milestone.go b/internal/route/api/v1/repo/milestone.go
index 7d2f9957..6f5fea17 100644
--- a/routes/api/v1/repo/milestone.go
+++ b/internal/route/api/v1/repo/milestone.go
@@ -10,12 +10,12 @@ import (
 
 	api "github.com/gogs/go-gogs-client"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/pkg/context"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
 )
 
 func ListMilestones(c *context.APIContext) {
-	milestones, err := models.GetMilestonesByRepoID(c.Repo.Repository.ID)
+	milestones, err := db.GetMilestonesByRepoID(c.Repo.Repository.ID)
 	if err != nil {
 		c.ServerError("GetMilestonesByRepoID", err)
 		return
@@ -29,9 +29,9 @@ func ListMilestones(c *context.APIContext) {
 }
 
 func GetMilestone(c *context.APIContext) {
-	milestone, err := models.GetMilestoneByRepoID(c.Repo.Repository.ID, c.ParamsInt64(":id"))
+	milestone, err := db.GetMilestoneByRepoID(c.Repo.Repository.ID, c.ParamsInt64(":id"))
 	if err != nil {
-		c.NotFoundOrServerError("GetMilestoneByRepoID", models.IsErrMilestoneNotExist, err)
+		c.NotFoundOrServerError("GetMilestoneByRepoID", db.IsErrMilestoneNotExist, err)
 		return
 	}
 	c.JSONSuccess(milestone.APIFormat())
@@ -43,14 +43,14 @@ func CreateMilestone(c *context.APIContext, form api.CreateMilestoneOption) {
 		form.Deadline = &defaultDeadline
 	}
 
-	milestone := &models.Milestone{
+	milestone := &db.Milestone{
 		RepoID:   c.Repo.Repository.ID,
 		Name:     form.Title,
 		Content:  form.Description,
 		Deadline: *form.Deadline,
 	}
 
-	if err := models.NewMilestone(milestone); err != nil {
+	if err := db.NewMilestone(milestone); err != nil {
 		c.ServerError("NewMilestone", err)
 		return
 	}
@@ -58,9 +58,9 @@ func CreateMilestone(c *context.APIContext, form api.CreateMilestoneOption) {
 }
 
 func EditMilestone(c *context.APIContext, form api.EditMilestoneOption) {
-	milestone, err := models.GetMilestoneByRepoID(c.Repo.Repository.ID, c.ParamsInt64(":id"))
+	milestone, err := db.GetMilestoneByRepoID(c.Repo.Repository.ID, c.ParamsInt64(":id"))
 	if err != nil {
-		c.NotFoundOrServerError("GetMilestoneByRepoID", models.IsErrMilestoneNotExist, err)
+		c.NotFoundOrServerError("GetMilestoneByRepoID", db.IsErrMilestoneNotExist, err)
 		return
 	}
 
@@ -79,7 +79,7 @@ func EditMilestone(c *context.APIContext, form api.EditMilestoneOption) {
 			c.ServerError("ChangeStatus", err)
 			return
 		}
-	} else if err = models.UpdateMilestone(milestone); err != nil {
+	} else if err = db.UpdateMilestone(milestone); err != nil {
 		c.ServerError("UpdateMilestone", err)
 		return
 	}
@@ -88,7 +88,7 @@ func EditMilestone(c *context.APIContext, form api.EditMilestoneOption) {
 }
 
 func DeleteMilestone(c *context.APIContext) {
-	if err := models.DeleteMilestoneOfRepoByID(c.Repo.Repository.ID, c.ParamsInt64(":id")); err != nil {
+	if err := db.DeleteMilestoneOfRepoByID(c.Repo.Repository.ID, c.ParamsInt64(":id")); err != nil {
 		c.ServerError("DeleteMilestoneByRepoID", err)
 		return
 	}
diff --git a/routes/api/v1/repo/repo.go b/internal/route/api/v1/repo/repo.go
index 67623ffa..096096fb 100644
--- a/routes/api/v1/repo/repo.go
+++ b/internal/route/api/v1/repo/repo.go
@@ -6,6 +6,7 @@ package repo
 
 import (
 	"fmt"
+	convert2 "gogs.io/gogs/internal/route/api/v1/convert"
 	"net/http"
 	"path"
 
@@ -13,19 +14,18 @@ import (
 
 	api "github.com/gogs/go-gogs-client"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/form"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/routes/api/v1/convert"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/form"
+	"gogs.io/gogs/internal/setting"
 )
 
 func Search(c *context.APIContext) {
-	opts := &models.SearchRepoOptions{
+	opts := &db.SearchRepoOptions{
 		Keyword:  path.Base(c.Query("q")),
 		OwnerID:  c.QueryInt64("uid"),
-		PageSize: convert.ToCorrectPageSize(c.QueryInt("limit")),
+		PageSize: convert2.ToCorrectPageSize(c.QueryInt("limit")),
 		Page:     c.QueryInt("page"),
 	}
 
@@ -34,7 +34,7 @@ func Search(c *context.APIContext) {
 		if c.User.ID == opts.OwnerID {
 			opts.Private = true
 		} else {
-			u, err := models.GetUserByID(opts.OwnerID)
+			u, err := db.GetUserByID(opts.OwnerID)
 			if err != nil {
 				c.JSON(http.StatusInternalServerError, map[string]interface{}{
 					"ok":    false,
@@ -49,7 +49,7 @@ func Search(c *context.APIContext) {
 		}
 	}
 
-	repos, count, err := models.SearchRepositoryByName(opts)
+	repos, count, err := db.SearchRepositoryByName(opts)
 	if err != nil {
 		c.JSON(http.StatusInternalServerError, map[string]interface{}{
 			"ok":    false,
@@ -58,7 +58,7 @@ func Search(c *context.APIContext) {
 		return
 	}
 
-	if err = models.RepositoryList(repos).LoadAttributes(); err != nil {
+	if err = db.RepositoryList(repos).LoadAttributes(); err != nil {
 		c.JSON(http.StatusInternalServerError, map[string]interface{}{
 			"ok":    false,
 			"error": err.Error(),
@@ -79,7 +79,7 @@ func Search(c *context.APIContext) {
 }
 
 func listUserRepositories(c *context.APIContext, username string) {
-	user, err := models.GetUserByName(username)
+	user, err := db.GetUserByName(username)
 	if err != nil {
 		c.NotFoundOrServerError("GetUserByName", errors.IsUserNotExist, err)
 		return
@@ -87,11 +87,11 @@ func listUserRepositories(c *context.APIContext, username string) {
 
 	// Only list public repositories if user requests someone else's repository list,
 	// or an organization isn't a member of.
-	var ownRepos []*models.Repository
+	var ownRepos []*db.Repository
 	if user.IsOrganization() {
 		ownRepos, _, err = user.GetUserRepositories(c.User.ID, 1, user.NumRepos)
 	} else {
-		ownRepos, err = models.GetUserRepositories(&models.UserRepoOptions{
+		ownRepos, err = db.GetUserRepositories(&db.UserRepoOptions{
 			UserID:   user.ID,
 			Private:  c.User.ID == user.ID,
 			Page:     1,
@@ -103,7 +103,7 @@ func listUserRepositories(c *context.APIContext, username string) {
 		return
 	}
 
-	if err = models.RepositoryList(ownRepos).LoadAttributes(); err != nil {
+	if err = db.RepositoryList(ownRepos).LoadAttributes(); err != nil {
 		c.ServerError("LoadAttributes(ownRepos)", err)
 		return
 	}
@@ -133,8 +133,8 @@ func listUserRepositories(c *context.APIContext, username string) {
 	i := numOwnRepos
 	for repo, access := range accessibleRepos {
 		repos[i] = repo.APIFormat(&api.Permission{
-			Admin: access >= models.ACCESS_MODE_ADMIN,
-			Push:  access >= models.ACCESS_MODE_WRITE,
+			Admin: access >= db.ACCESS_MODE_ADMIN,
+			Push:  access >= db.ACCESS_MODE_WRITE,
 			Pull:  true,
 		})
 		i++
@@ -155,8 +155,8 @@ func ListOrgRepositories(c *context.APIContext) {
 	listUserRepositories(c, c.Params(":org"))
 }
 
-func CreateUserRepo(c *context.APIContext, owner *models.User, opt api.CreateRepoOption) {
-	repo, err := models.CreateRepository(c.User, owner, models.CreateRepoOptions{
+func CreateUserRepo(c *context.APIContext, owner *db.User, opt api.CreateRepoOption) {
+	repo, err := db.CreateRepository(c.User, owner, db.CreateRepoOptions{
 		Name:        opt.Name,
 		Description: opt.Description,
 		Gitignores:  opt.Gitignores,
@@ -166,13 +166,13 @@ func CreateUserRepo(c *context.APIContext, owner *models.User, opt api.CreateRep
 		AutoInit:    opt.AutoInit,
 	})
 	if err != nil {
-		if models.IsErrRepoAlreadyExist(err) ||
-			models.IsErrNameReserved(err) ||
-			models.IsErrNamePatternNotAllowed(err) {
+		if db.IsErrRepoAlreadyExist(err) ||
+			db.IsErrNameReserved(err) ||
+			db.IsErrNamePatternNotAllowed(err) {
 			c.Error(http.StatusUnprocessableEntity, "", err)
 		} else {
 			if repo != nil {
-				if err = models.DeleteRepository(c.User.ID, repo.ID); err != nil {
+				if err = db.DeleteRepository(c.User.ID, repo.ID); err != nil {
 					log.Error(2, "DeleteRepository: %v", err)
 				}
 			}
@@ -194,7 +194,7 @@ func Create(c *context.APIContext, opt api.CreateRepoOption) {
 }
 
 func CreateOrgRepo(c *context.APIContext, opt api.CreateRepoOption) {
-	org, err := models.GetOrgByName(c.Params(":org"))
+	org, err := db.GetOrgByName(c.Params(":org"))
 	if err != nil {
 		c.NotFoundOrServerError("GetOrgByName", errors.IsUserNotExist, err)
 		return
@@ -212,7 +212,7 @@ func Migrate(c *context.APIContext, f form.MigrateRepo) {
 	// Not equal means context user is an organization,
 	// or is another user/organization if current user is admin.
 	if f.Uid != ctxUser.ID {
-		org, err := models.GetUserByID(f.Uid)
+		org, err := db.GetUserByID(f.Uid)
 		if err != nil {
 			if errors.IsUserNotExist(err) {
 				c.Error(http.StatusUnprocessableEntity, "", err)
@@ -242,8 +242,8 @@ func Migrate(c *context.APIContext, f form.MigrateRepo) {
 
 	remoteAddr, err := f.ParseRemoteAddr(c.User)
 	if err != nil {
-		if models.IsErrInvalidCloneAddr(err) {
-			addrErr := err.(models.ErrInvalidCloneAddr)
+		if db.IsErrInvalidCloneAddr(err) {
+			addrErr := err.(db.ErrInvalidCloneAddr)
 			switch {
 			case addrErr.IsURLError:
 				c.Error(http.StatusUnprocessableEntity, "", err)
@@ -260,7 +260,7 @@ func Migrate(c *context.APIContext, f form.MigrateRepo) {
 		return
 	}
 
-	repo, err := models.MigrateRepository(c.User, ctxUser, models.MigrateRepoOptions{
+	repo, err := db.MigrateRepository(c.User, ctxUser, db.MigrateRepoOptions{
 		Name:        f.RepoName,
 		Description: f.Description,
 		IsPrivate:   f.Private || setting.Repository.ForcePrivate,
@@ -269,7 +269,7 @@ func Migrate(c *context.APIContext, f form.MigrateRepo) {
 	})
 	if err != nil {
 		if repo != nil {
-			if errDelete := models.DeleteRepository(ctxUser.ID, repo.ID); errDelete != nil {
+			if errDelete := db.DeleteRepository(ctxUser.ID, repo.ID); errDelete != nil {
 				log.Error(2, "DeleteRepository: %v", errDelete)
 			}
 		}
@@ -277,7 +277,7 @@ func Migrate(c *context.APIContext, f form.MigrateRepo) {
 		if errors.IsReachLimitOfRepo(err) {
 			c.Error(http.StatusUnprocessableEntity, "", err)
 		} else {
-			c.ServerError("MigrateRepository", errors.New(models.HandleMirrorCredentials(err.Error(), true)))
+			c.ServerError("MigrateRepository", errors.New(db.HandleMirrorCredentials(err.Error(), true)))
 		}
 		return
 	}
@@ -287,8 +287,8 @@ func Migrate(c *context.APIContext, f form.MigrateRepo) {
 }
 
 // FIXME: inject in the handler chain
-func parseOwnerAndRepo(c *context.APIContext) (*models.User, *models.Repository) {
-	owner, err := models.GetUserByName(c.Params(":username"))
+func parseOwnerAndRepo(c *context.APIContext) (*db.User, *db.Repository) {
+	owner, err := db.GetUserByName(c.Params(":username"))
 	if err != nil {
 		if errors.IsUserNotExist(err) {
 			c.Error(http.StatusUnprocessableEntity, "", err)
@@ -298,7 +298,7 @@ func parseOwnerAndRepo(c *context.APIContext) (*models.User, *models.Repository)
 		return nil, nil
 	}
 
-	repo, err := models.GetRepositoryByName(owner.ID, c.Params(":reponame"))
+	repo, err := db.GetRepositoryByName(owner.ID, c.Params(":reponame"))
 	if err != nil {
 		c.NotFoundOrServerError("GetRepositoryByName", errors.IsRepoNotExist, err)
 		return nil, nil
@@ -331,7 +331,7 @@ func Delete(c *context.APIContext) {
 		return
 	}
 
-	if err := models.DeleteRepository(owner.ID, repo.ID); err != nil {
+	if err := db.DeleteRepository(owner.ID, repo.ID); err != nil {
 		c.ServerError("DeleteRepository", err)
 		return
 	}
@@ -385,7 +385,7 @@ func IssueTracker(c *context.APIContext, form api.EditIssueTrackerOption) {
 		repo.ExternalTrackerStyle = *form.TrackerIssueStyle
 	}
 
-	if err := models.UpdateRepository(repo, false); err != nil {
+	if err := db.UpdateRepository(repo, false); err != nil {
 		c.ServerError("UpdateRepository", err)
 		return
 	}
@@ -402,6 +402,6 @@ func MirrorSync(c *context.APIContext) {
 		return
 	}
 
-	go models.MirrorQueue.Add(repo.ID)
+	go db.MirrorQueue.Add(repo.ID)
 	c.Status(http.StatusAccepted)
 }
diff --git a/routes/api/v1/user/app.go b/internal/route/api/v1/user/app.go
index 4e0b2fee..5db0175b 100644
--- a/routes/api/v1/user/app.go
+++ b/internal/route/api/v1/user/app.go
@@ -9,13 +9,13 @@ import (
 
 	api "github.com/gogs/go-gogs-client"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/context"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/db/errors"
 )
 
 func ListAccessTokens(c *context.APIContext) {
-	tokens, err := models.ListAccessTokens(c.User.ID)
+	tokens, err := db.ListAccessTokens(c.User.ID)
 	if err != nil {
 		c.ServerError("ListAccessTokens", err)
 		return
@@ -29,11 +29,11 @@ func ListAccessTokens(c *context.APIContext) {
 }
 
 func CreateAccessToken(c *context.APIContext, form api.CreateAccessTokenOption) {
-	t := &models.AccessToken{
+	t := &db.AccessToken{
 		UID:  c.User.ID,
 		Name: form.Name,
 	}
-	if err := models.NewAccessToken(t); err != nil {
+	if err := db.NewAccessToken(t); err != nil {
 		if errors.IsAccessTokenNameAlreadyExist(err) {
 			c.Error(http.StatusUnprocessableEntity, "", err)
 		} else {
diff --git a/routes/api/v1/user/email.go b/internal/route/api/v1/user/email.go
index 7091beb6..e4baaefa 100644
--- a/routes/api/v1/user/email.go
+++ b/internal/route/api/v1/user/email.go
@@ -5,25 +5,25 @@
 package user
 
 import (
+	convert2 "gogs.io/gogs/internal/route/api/v1/convert"
 	"net/http"
 
 	api "github.com/gogs/go-gogs-client"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/routes/api/v1/convert"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/setting"
 )
 
 func ListEmails(c *context.APIContext) {
-	emails, err := models.GetEmailAddresses(c.User.ID)
+	emails, err := db.GetEmailAddresses(c.User.ID)
 	if err != nil {
 		c.ServerError("GetEmailAddresses", err)
 		return
 	}
 	apiEmails := make([]*api.Email, len(emails))
 	for i := range emails {
-		apiEmails[i] = convert.ToEmail(emails[i])
+		apiEmails[i] = convert2.ToEmail(emails[i])
 	}
 	c.JSONSuccess(&apiEmails)
 }
@@ -34,18 +34,18 @@ func AddEmail(c *context.APIContext, form api.CreateEmailOption) {
 		return
 	}
 
-	emails := make([]*models.EmailAddress, len(form.Emails))
+	emails := make([]*db.EmailAddress, len(form.Emails))
 	for i := range form.Emails {
-		emails[i] = &models.EmailAddress{
+		emails[i] = &db.EmailAddress{
 			UID:         c.User.ID,
 			Email:       form.Emails[i],
 			IsActivated: !setting.Service.RegisterEmailConfirm,
 		}
 	}
 
-	if err := models.AddEmailAddresses(emails); err != nil {
-		if models.IsErrEmailAlreadyUsed(err) {
-			c.Error(http.StatusUnprocessableEntity, "", "email address has been used: "+err.(models.ErrEmailAlreadyUsed).Email)
+	if err := db.AddEmailAddresses(emails); err != nil {
+		if db.IsErrEmailAlreadyUsed(err) {
+			c.Error(http.StatusUnprocessableEntity, "", "email address has been used: "+err.(db.ErrEmailAlreadyUsed).Email)
 		} else {
 			c.Error(http.StatusInternalServerError, "AddEmailAddresses", err)
 		}
@@ -54,7 +54,7 @@ func AddEmail(c *context.APIContext, form api.CreateEmailOption) {
 
 	apiEmails := make([]*api.Email, len(emails))
 	for i := range emails {
-		apiEmails[i] = convert.ToEmail(emails[i])
+		apiEmails[i] = convert2.ToEmail(emails[i])
 	}
 	c.JSON(http.StatusCreated, &apiEmails)
 }
@@ -65,15 +65,15 @@ func DeleteEmail(c *context.APIContext, form api.CreateEmailOption) {
 		return
 	}
 
-	emails := make([]*models.EmailAddress, len(form.Emails))
+	emails := make([]*db.EmailAddress, len(form.Emails))
 	for i := range form.Emails {
-		emails[i] = &models.EmailAddress{
+		emails[i] = &db.EmailAddress{
 			UID:   c.User.ID,
 			Email: form.Emails[i],
 		}
 	}
 
-	if err := models.DeleteEmailAddresses(emails); err != nil {
+	if err := db.DeleteEmailAddresses(emails); err != nil {
 		c.Error(http.StatusInternalServerError, "DeleteEmailAddresses", err)
 		return
 	}
diff --git a/routes/api/v1/user/follower.go b/internal/route/api/v1/user/follower.go
index 022bd8c5..3a3d0298 100644
--- a/routes/api/v1/user/follower.go
+++ b/internal/route/api/v1/user/follower.go
@@ -7,11 +7,11 @@ package user
 import (
 	api "github.com/gogs/go-gogs-client"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/pkg/context"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
 )
 
-func responseApiUsers(c *context.APIContext, users []*models.User) {
+func responseApiUsers(c *context.APIContext, users []*db.User) {
 	apiUsers := make([]*api.User, len(users))
 	for i := range users {
 		apiUsers[i] = users[i].APIFormat()
@@ -19,7 +19,7 @@ func responseApiUsers(c *context.APIContext, users []*models.User) {
 	c.JSONSuccess(&apiUsers)
 }
 
-func listUserFollowers(c *context.APIContext, u *models.User) {
+func listUserFollowers(c *context.APIContext, u *db.User) {
 	users, err := u.GetFollowers(c.QueryInt("page"))
 	if err != nil {
 		c.ServerError("GetUserFollowers", err)
@@ -40,7 +40,7 @@ func ListFollowers(c *context.APIContext) {
 	listUserFollowers(c, u)
 }
 
-func listUserFollowing(c *context.APIContext, u *models.User) {
+func listUserFollowing(c *context.APIContext, u *db.User) {
 	users, err := u.GetFollowing(c.QueryInt("page"))
 	if err != nil {
 		c.ServerError("GetFollowing", err)
@@ -61,7 +61,7 @@ func ListFollowing(c *context.APIContext) {
 	listUserFollowing(c, u)
 }
 
-func checkUserFollowing(c *context.APIContext, u *models.User, followID int64) {
+func checkUserFollowing(c *context.APIContext, u *db.User, followID int64) {
 	if u.IsFollowing(followID) {
 		c.NoContent()
 	} else {
@@ -94,7 +94,7 @@ func Follow(c *context.APIContext) {
 	if c.Written() {
 		return
 	}
-	if err := models.FollowUser(c.User.ID, target.ID); err != nil {
+	if err := db.FollowUser(c.User.ID, target.ID); err != nil {
 		c.ServerError("FollowUser", err)
 		return
 	}
@@ -106,7 +106,7 @@ func Unfollow(c *context.APIContext) {
 	if c.Written() {
 		return
 	}
-	if err := models.UnfollowUser(c.User.ID, target.ID); err != nil {
+	if err := db.UnfollowUser(c.User.ID, target.ID); err != nil {
 		c.ServerError("UnfollowUser", err)
 		return
 	}
diff --git a/routes/api/v1/user/key.go b/internal/route/api/v1/user/key.go
index c0757811..9cdb4e20 100644
--- a/routes/api/v1/user/key.go
+++ b/internal/route/api/v1/user/key.go
@@ -6,18 +6,18 @@ package user
 
 import (
 	api "github.com/gogs/go-gogs-client"
+	convert2 "gogs.io/gogs/internal/route/api/v1/convert"
+	repo2 "gogs.io/gogs/internal/route/api/v1/repo"
 	"net/http"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/routes/api/v1/convert"
-	"gogs.io/gogs/routes/api/v1/repo"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/setting"
 )
 
-func GetUserByParamsName(c *context.APIContext, name string) *models.User {
-	user, err := models.GetUserByName(c.Params(name))
+func GetUserByParamsName(c *context.APIContext, name string) *db.User {
+	user, err := db.GetUserByName(c.Params(name))
 	if err != nil {
 		c.NotFoundOrServerError("GetUserByName", errors.IsUserNotExist, err)
 		return nil
@@ -26,7 +26,7 @@ func GetUserByParamsName(c *context.APIContext, name string) *models.User {
 }
 
 // GetUserByParams returns user whose name is presented in URL paramenter.
-func GetUserByParams(c *context.APIContext) *models.User {
+func GetUserByParams(c *context.APIContext) *db.User {
 	return GetUserByParamsName(c, ":username")
 }
 
@@ -35,7 +35,7 @@ func composePublicKeysAPILink() string {
 }
 
 func listPublicKeys(c *context.APIContext, uid int64) {
-	keys, err := models.ListPublicKeys(uid)
+	keys, err := db.ListPublicKeys(uid)
 	if err != nil {
 		c.ServerError("ListPublicKeys", err)
 		return
@@ -44,7 +44,7 @@ func listPublicKeys(c *context.APIContext, uid int64) {
 	apiLink := composePublicKeysAPILink()
 	apiKeys := make([]*api.PublicKey, len(keys))
 	for i := range keys {
-		apiKeys[i] = convert.ToPublicKey(apiLink, keys[i])
+		apiKeys[i] = convert2.ToPublicKey(apiLink, keys[i])
 	}
 
 	c.JSONSuccess(&apiKeys)
@@ -63,31 +63,31 @@ func ListPublicKeys(c *context.APIContext) {
 }
 
 func GetPublicKey(c *context.APIContext) {
-	key, err := models.GetPublicKeyByID(c.ParamsInt64(":id"))
+	key, err := db.GetPublicKeyByID(c.ParamsInt64(":id"))
 	if err != nil {
-		c.NotFoundOrServerError("GetPublicKeyByID", models.IsErrKeyNotExist, err)
+		c.NotFoundOrServerError("GetPublicKeyByID", db.IsErrKeyNotExist, err)
 		return
 	}
 
 	apiLink := composePublicKeysAPILink()
-	c.JSONSuccess(convert.ToPublicKey(apiLink, key))
+	c.JSONSuccess(convert2.ToPublicKey(apiLink, key))
 }
 
 // CreateUserPublicKey creates new public key to given user by ID.
 func CreateUserPublicKey(c *context.APIContext, form api.CreateKeyOption, uid int64) {
-	content, err := models.CheckPublicKeyString(form.Key)
+	content, err := db.CheckPublicKeyString(form.Key)
 	if err != nil {
-		repo.HandleCheckKeyStringError(c, err)
+		repo2.HandleCheckKeyStringError(c, err)
 		return
 	}
 
-	key, err := models.AddPublicKey(uid, form.Title, content)
+	key, err := db.AddPublicKey(uid, form.Title, content)
 	if err != nil {
-		repo.HandleAddKeyError(c, err)
+		repo2.HandleAddKeyError(c, err)
 		return
 	}
 	apiLink := composePublicKeysAPILink()
-	c.JSON(http.StatusCreated, convert.ToPublicKey(apiLink, key))
+	c.JSON(http.StatusCreated, convert2.ToPublicKey(apiLink, key))
 }
 
 func CreatePublicKey(c *context.APIContext, form api.CreateKeyOption) {
@@ -95,8 +95,8 @@ func CreatePublicKey(c *context.APIContext, form api.CreateKeyOption) {
 }
 
 func DeletePublicKey(c *context.APIContext) {
-	if err := models.DeletePublicKey(c.User, c.ParamsInt64(":id")); err != nil {
-		if models.IsErrKeyAccessDenied(err) {
+	if err := db.DeletePublicKey(c.User, c.ParamsInt64(":id")); err != nil {
+		if db.IsErrKeyAccessDenied(err) {
 			c.Error(http.StatusForbidden, "", "you do not have access to this key")
 		} else {
 			c.Error(http.StatusInternalServerError, "DeletePublicKey", err)
diff --git a/routes/api/v1/user/user.go b/internal/route/api/v1/user/user.go
index 121deeb7..8da3b734 100644
--- a/routes/api/v1/user/user.go
+++ b/internal/route/api/v1/user/user.go
@@ -11,23 +11,23 @@ import (
 
 	api "github.com/gogs/go-gogs-client"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/markup"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/markup"
 )
 
 func Search(c *context.APIContext) {
-	opts := &models.SearchUserOptions{
+	opts := &db.SearchUserOptions{
 		Keyword:  c.Query("q"),
-		Type:     models.USER_TYPE_INDIVIDUAL,
+		Type:     db.USER_TYPE_INDIVIDUAL,
 		PageSize: com.StrTo(c.Query("limit")).MustInt(),
 	}
 	if opts.PageSize == 0 {
 		opts.PageSize = 10
 	}
 
-	users, _, err := models.SearchUserByName(opts)
+	users, _, err := db.SearchUserByName(opts)
 	if err != nil {
 		c.JSON(http.StatusInternalServerError, map[string]interface{}{
 			"ok":    false,
@@ -56,7 +56,7 @@ func Search(c *context.APIContext) {
 }
 
 func GetInfo(c *context.APIContext) {
-	u, err := models.GetUserByName(c.Params(":username"))
+	u, err := db.GetUserByName(c.Params(":username"))
 	if err != nil {
 		c.NotFoundOrServerError("GetUserByName", errors.IsUserNotExist, err)
 		return
diff --git a/routes/dev/template.go b/internal/route/dev/template.go
index 8d6b6da6..38e35b39 100644
--- a/routes/dev/template.go
+++ b/internal/route/dev/template.go
@@ -5,13 +5,13 @@
 package dev
 
 import (
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/setting"
 )
 
 func TemplatePreview(c *context.Context) {
-	c.Data["User"] = models.User{Name: "Unknown"}
+	c.Data["User"] = db.User{Name: "Unknown"}
 	c.Data["AppName"] = setting.AppName
 	c.Data["AppVer"] = setting.AppVer
 	c.Data["AppURL"] = setting.AppURL
diff --git a/routes/home.go b/internal/route/home.go
index e7a6e607..f208bcb4 100644
--- a/routes/home.go
+++ b/internal/route/home.go
@@ -2,15 +2,15 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package routes
+package route
 
 import (
 	"github.com/unknwon/paginater"
+	user2 "gogs.io/gogs/internal/route/user"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/routes/user"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/setting"
 )
 
 const (
@@ -24,9 +24,9 @@ func Home(c *context.Context) {
 	if c.IsLogged {
 		if !c.User.IsActive && setting.Service.RegisterEmailConfirm {
 			c.Data["Title"] = c.Tr("auth.active_your_account")
-			c.Success(user.ACTIVATE)
+			c.Success(user2.ACTIVATE)
 		} else {
-			user.Dashboard(c)
+			user2.Dashboard(c)
 		}
 		return
 	}
@@ -53,7 +53,7 @@ func ExploreRepos(c *context.Context) {
 	}
 
 	keyword := c.Query("q")
-	repos, count, err := models.SearchRepositoryByName(&models.SearchRepoOptions{
+	repos, count, err := db.SearchRepositoryByName(&db.SearchRepoOptions{
 		Keyword:  keyword,
 		UserID:   c.UserID(),
 		OrderBy:  "updated_unix DESC",
@@ -68,7 +68,7 @@ func ExploreRepos(c *context.Context) {
 	c.Data["Total"] = count
 	c.Data["Page"] = paginater.New(int(count), setting.UI.ExplorePagingNum, page, 5)
 
-	if err = models.RepositoryList(repos).LoadAttributes(); err != nil {
+	if err = db.RepositoryList(repos).LoadAttributes(); err != nil {
 		c.ServerError("RepositoryList.LoadAttributes", err)
 		return
 	}
@@ -78,9 +78,9 @@ func ExploreRepos(c *context.Context) {
 }
 
 type UserSearchOptions struct {
-	Type     models.UserType
+	Type     db.UserType
 	Counter  func() int64
-	Ranger   func(int, int) ([]*models.User, error)
+	Ranger   func(int, int) ([]*db.User, error)
 	PageSize int
 	OrderBy  string
 	TplName  string
@@ -93,7 +93,7 @@ func RenderUserSearch(c *context.Context, opts *UserSearchOptions) {
 	}
 
 	var (
-		users []*models.User
+		users []*db.User
 		count int64
 		err   error
 	)
@@ -107,7 +107,7 @@ func RenderUserSearch(c *context.Context, opts *UserSearchOptions) {
 		}
 		count = opts.Counter()
 	} else {
-		users, count, err = models.SearchUserByName(&models.SearchUserOptions{
+		users, count, err = db.SearchUserByName(&db.SearchUserOptions{
 			Keyword:  keyword,
 			Type:     opts.Type,
 			OrderBy:  opts.OrderBy,
@@ -133,9 +133,9 @@ func ExploreUsers(c *context.Context) {
 	c.Data["PageIsExploreUsers"] = true
 
 	RenderUserSearch(c, &UserSearchOptions{
-		Type:     models.USER_TYPE_INDIVIDUAL,
-		Counter:  models.CountUsers,
-		Ranger:   models.Users,
+		Type:     db.USER_TYPE_INDIVIDUAL,
+		Counter:  db.CountUsers,
+		Ranger:   db.Users,
 		PageSize: setting.UI.ExplorePagingNum,
 		OrderBy:  "updated_unix DESC",
 		TplName:  EXPLORE_USERS,
@@ -148,9 +148,9 @@ func ExploreOrganizations(c *context.Context) {
 	c.Data["PageIsExploreOrganizations"] = true
 
 	RenderUserSearch(c, &UserSearchOptions{
-		Type:     models.USER_TYPE_ORGANIZATION,
-		Counter:  models.CountOrganizations,
-		Ranger:   models.Organizations,
+		Type:     db.USER_TYPE_ORGANIZATION,
+		Counter:  db.CountOrganizations,
+		Ranger:   db.Organizations,
 		PageSize: setting.UI.ExplorePagingNum,
 		OrderBy:  "updated_unix DESC",
 		TplName:  EXPLORE_ORGANIZATIONS,
diff --git a/routes/install.go b/internal/route/install.go
index 6a5d3e22..dcd7a727 100644
--- a/routes/install.go
+++ b/internal/route/install.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 
-package routes
+package route
 
 import (
 	"net/mail"
@@ -12,24 +12,24 @@ import (
 	"strings"
 
 	"github.com/unknwon/com"
-	"xorm.io/xorm"
 	log "gopkg.in/clog.v1"
 	"gopkg.in/ini.v1"
 	"gopkg.in/macaron.v1"
+	"xorm.io/xorm"
 
 	"github.com/gogs/git-module"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/cron"
-	"gogs.io/gogs/pkg/form"
-	"gogs.io/gogs/pkg/mailer"
-	"gogs.io/gogs/pkg/markup"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/pkg/ssh"
-	"gogs.io/gogs/pkg/template/highlight"
-	"gogs.io/gogs/pkg/tool"
-	"gogs.io/gogs/pkg/user"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/cron"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/form"
+	"gogs.io/gogs/internal/mailer"
+	"gogs.io/gogs/internal/markup"
+	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/ssh"
+	"gogs.io/gogs/internal/template/highlight"
+	"gogs.io/gogs/internal/tool"
+	"gogs.io/gogs/internal/user"
 )
 
 const (
@@ -56,28 +56,28 @@ func GlobalInit() {
 	setting.NewContext()
 	log.Trace("Custom path: %s", setting.CustomPath)
 	log.Trace("Log path: %s", setting.LogRootPath)
-	models.LoadConfigs()
+	db.LoadConfigs()
 	NewServices()
 
 	if setting.InstallLock {
 		highlight.NewContext()
 		markup.NewSanitizer()
-		if err := models.NewEngine(); err != nil {
+		if err := db.NewEngine(); err != nil {
 			log.Fatal(2, "Fail to initialize ORM engine: %v", err)
 		}
-		models.HasEngine = true
+		db.HasEngine = true
 
-		models.LoadAuthSources()
-		models.LoadRepoConfig()
-		models.NewRepoContext()
+		db.LoadAuthSources()
+		db.LoadRepoConfig()
+		db.NewRepoContext()
 
 		// Booting long running goroutines.
 		cron.NewContext()
-		models.InitSyncMirrors()
-		models.InitDeliverHooks()
-		models.InitTestPullRequests()
+		db.InitSyncMirrors()
+		db.InitDeliverHooks()
+		db.InitTestPullRequests()
 	}
-	if models.EnableSQLite3 {
+	if db.EnableSQLite3 {
 		log.Info("SQLite3 Supported")
 	}
 	if setting.SupportMiniWinService {
@@ -96,7 +96,7 @@ func GlobalInit() {
 	}
 
 	if setting.SSH.RewriteAuthorizedKeysAtStart {
-		if err := models.RewriteAuthorizedKeys(); err != nil {
+		if err := db.RewriteAuthorizedKeys(); err != nil {
 			log.Warn("Failed to rewrite authorized_keys file: %v", err)
 		}
 	}
@@ -112,7 +112,7 @@ func InstallInit(c *context.Context) {
 	c.PageIs("Install")
 
 	dbOpts := []string{"MySQL", "PostgreSQL", "MSSQL"}
-	if models.EnableSQLite3 {
+	if db.EnableSQLite3 {
 		dbOpts = append(dbOpts, "SQLite3")
 	}
 	c.Data["DbOptions"] = dbOpts
@@ -122,19 +122,19 @@ func Install(c *context.Context) {
 	f := form.Install{}
 
 	// Database settings
-	f.DbHost = models.DbCfg.Host
-	f.DbUser = models.DbCfg.User
-	f.DbName = models.DbCfg.Name
-	f.DbPath = models.DbCfg.Path
+	f.DbHost = db.DbCfg.Host
+	f.DbUser = db.DbCfg.User
+	f.DbName = db.DbCfg.Name
+	f.DbPath = db.DbCfg.Path
 
 	c.Data["CurDbOption"] = "MySQL"
-	switch models.DbCfg.Type {
+	switch db.DbCfg.Type {
 	case "postgres":
 		c.Data["CurDbOption"] = "PostgreSQL"
 	case "mssql":
 		c.Data["CurDbOption"] = "MSSQL"
 	case "sqlite3":
-		if models.EnableSQLite3 {
+		if db.EnableSQLite3 {
 			c.Data["CurDbOption"] = "SQLite3"
 		}
 	}
@@ -204,15 +204,15 @@ func InstallPost(c *context.Context, f form.Install) {
 	// Pass basic check, now test configuration.
 	// Test database setting.
 	dbTypes := map[string]string{"MySQL": "mysql", "PostgreSQL": "postgres", "MSSQL": "mssql", "SQLite3": "sqlite3", "TiDB": "tidb"}
-	models.DbCfg.Type = dbTypes[f.DbType]
-	models.DbCfg.Host = f.DbHost
-	models.DbCfg.User = f.DbUser
-	models.DbCfg.Passwd = f.DbPasswd
-	models.DbCfg.Name = f.DbName
-	models.DbCfg.SSLMode = f.SSLMode
-	models.DbCfg.Path = f.DbPath
-
-	if models.DbCfg.Type == "sqlite3" && len(models.DbCfg.Path) == 0 {
+	db.DbCfg.Type = dbTypes[f.DbType]
+	db.DbCfg.Host = f.DbHost
+	db.DbCfg.User = f.DbUser
+	db.DbCfg.Passwd = f.DbPasswd
+	db.DbCfg.Name = f.DbName
+	db.DbCfg.SSLMode = f.SSLMode
+	db.DbCfg.Path = f.DbPath
+
+	if db.DbCfg.Type == "sqlite3" && len(db.DbCfg.Path) == 0 {
 		c.FormErr("DbPath")
 		c.RenderWithErr(c.Tr("install.err_empty_db_path"), INSTALL, &f)
 		return
@@ -220,7 +220,7 @@ func InstallPost(c *context.Context, f form.Install) {
 
 	// Set test engine.
 	var x *xorm.Engine
-	if err := models.NewTestEngine(x); err != nil {
+	if err := db.NewTestEngine(x); err != nil {
 		if strings.Contains(err.Error(), `Unknown database type: sqlite3`) {
 			c.FormErr("DbType")
 			c.RenderWithErr(c.Tr("install.sqlite3_not_available", "https://gogs.io/docs/installation/install_from_binary.html"), INSTALL, &f)
@@ -302,13 +302,13 @@ func InstallPost(c *context.Context, f form.Install) {
 			log.Error(2, "Fail to load custom conf '%s': %v", setting.CustomConf, err)
 		}
 	}
-	cfg.Section("database").Key("DB_TYPE").SetValue(models.DbCfg.Type)
-	cfg.Section("database").Key("HOST").SetValue(models.DbCfg.Host)
-	cfg.Section("database").Key("NAME").SetValue(models.DbCfg.Name)
-	cfg.Section("database").Key("USER").SetValue(models.DbCfg.User)
-	cfg.Section("database").Key("PASSWD").SetValue(models.DbCfg.Passwd)
-	cfg.Section("database").Key("SSL_MODE").SetValue(models.DbCfg.SSLMode)
-	cfg.Section("database").Key("PATH").SetValue(models.DbCfg.Path)
+	cfg.Section("database").Key("DB_TYPE").SetValue(db.DbCfg.Type)
+	cfg.Section("database").Key("HOST").SetValue(db.DbCfg.Host)
+	cfg.Section("database").Key("NAME").SetValue(db.DbCfg.Name)
+	cfg.Section("database").Key("USER").SetValue(db.DbCfg.User)
+	cfg.Section("database").Key("PASSWD").SetValue(db.DbCfg.Passwd)
+	cfg.Section("database").Key("SSL_MODE").SetValue(db.DbCfg.SSLMode)
+	cfg.Section("database").Key("PATH").SetValue(db.DbCfg.Path)
 
 	cfg.Section("").Key("APP_NAME").SetValue(f.AppName)
 	cfg.Section("repository").Key("ROOT").SetValue(f.RepoRootPath)
@@ -374,22 +374,22 @@ func InstallPost(c *context.Context, f form.Install) {
 
 	// Create admin account
 	if len(f.AdminName) > 0 {
-		u := &models.User{
+		u := &db.User{
 			Name:     f.AdminName,
 			Email:    f.AdminEmail,
 			Passwd:   f.AdminPasswd,
 			IsAdmin:  true,
 			IsActive: true,
 		}
-		if err := models.CreateUser(u); err != nil {
-			if !models.IsErrUserAlreadyExist(err) {
+		if err := db.CreateUser(u); err != nil {
+			if !db.IsErrUserAlreadyExist(err) {
 				setting.InstallLock = false
 				c.FormErr("AdminName", "AdminEmail")
 				c.RenderWithErr(c.Tr("install.invalid_admin_setting", err), INSTALL, &f)
 				return
 			}
 			log.Info("Admin account already exist")
-			u, _ = models.GetUserByName(u.Name)
+			u, _ = db.GetUserByName(u.Name)
 		}
 
 		// Auto-login for admin
diff --git a/routes/org/members.go b/internal/route/org/members.go
index f0e3fc1a..fa156b19 100644
--- a/routes/org/members.go
+++ b/internal/route/org/members.go
@@ -8,10 +8,10 @@ import (
 	"github.com/unknwon/com"
 	log "gopkg.in/clog.v1"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/setting"
 )
 
 const (
@@ -48,27 +48,27 @@ func MembersAction(c *context.Context) {
 			c.Error(404)
 			return
 		}
-		err = models.ChangeOrgUserStatus(org.ID, uid, false)
+		err = db.ChangeOrgUserStatus(org.ID, uid, false)
 	case "public":
 		if c.User.ID != uid && !c.Org.IsOwner {
 			c.Error(404)
 			return
 		}
-		err = models.ChangeOrgUserStatus(org.ID, uid, true)
+		err = db.ChangeOrgUserStatus(org.ID, uid, true)
 	case "remove":
 		if !c.Org.IsOwner {
 			c.Error(404)
 			return
 		}
 		err = org.RemoveMember(uid)
-		if models.IsErrLastOrgOwner(err) {
+		if db.IsErrLastOrgOwner(err) {
 			c.Flash.Error(c.Tr("form.last_org_owner"))
 			c.Redirect(c.Org.OrgLink + "/members")
 			return
 		}
 	case "leave":
 		err = org.RemoveMember(c.User.ID)
-		if models.IsErrLastOrgOwner(err) {
+		if db.IsErrLastOrgOwner(err) {
 			c.Flash.Error(c.Tr("form.last_org_owner"))
 			c.Redirect(c.Org.OrgLink + "/members")
 			return
@@ -98,7 +98,7 @@ func Invitation(c *context.Context) {
 
 	if c.Req.Method == "POST" {
 		uname := c.Query("uname")
-		u, err := models.GetUserByName(uname)
+		u, err := db.GetUserByName(uname)
 		if err != nil {
 			if errors.IsUserNotExist(err) {
 				c.Flash.Error(c.Tr("form.user_not_exist"))
diff --git a/routes/org/org.go b/internal/route/org/org.go
index c2742d7c..f3f70ac8 100644
--- a/routes/org/org.go
+++ b/internal/route/org/org.go
@@ -7,10 +7,10 @@ package org
 import (
 	log "gopkg.in/clog.v1"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/form"
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/form"
+	"gogs.io/gogs/internal/setting"
 )
 
 const (
@@ -30,21 +30,21 @@ func CreatePost(c *context.Context, f form.CreateOrg) {
 		return
 	}
 
-	org := &models.User{
+	org := &db.User{
 		Name:     f.OrgName,
 		IsActive: true,
-		Type:     models.USER_TYPE_ORGANIZATION,
+		Type:     db.USER_TYPE_ORGANIZATION,
 	}
 
-	if err := models.CreateOrganization(org, c.User); err != nil {
+	if err := db.CreateOrganization(org, c.User); err != nil {
 		c.Data["Err_OrgName"] = true
 		switch {
-		case models.IsErrUserAlreadyExist(err):
+		case db.IsErrUserAlreadyExist(err):
 			c.RenderWithErr(c.Tr("form.org_name_been_taken"), CREATE, &f)
-		case models.IsErrNameReserved(err):
-			c.RenderWithErr(c.Tr("org.form.name_reserved", err.(models.ErrNameReserved).Name), CREATE, &f)
-		case models.IsErrNamePatternNotAllowed(err):
-			c.RenderWithErr(c.Tr("org.form.name_pattern_not_allowed", err.(models.ErrNamePatternNotAllowed).Pattern), CREATE, &f)
+		case db.IsErrNameReserved(err):
+			c.RenderWithErr(c.Tr("org.form.name_reserved", err.(db.ErrNameReserved).Name), CREATE, &f)
+		case db.IsErrNamePatternNotAllowed(err):
+			c.RenderWithErr(c.Tr("org.form.name_pattern_not_allowed", err.(db.ErrNamePatternNotAllowed).Pattern), CREATE, &f)
 		default:
 			c.Handle(500, "CreateOrganization", err)
 		}
diff --git a/routes/org/setting.go b/internal/route/org/setting.go
index 6c29d5b3..ab1dd7ff 100644
--- a/routes/org/setting.go
+++ b/internal/route/org/setting.go
@@ -5,16 +5,16 @@
 package org
 
 import (
+	user2 "gogs.io/gogs/internal/route/user"
 	"strings"
 
 	log "gopkg.in/clog.v1"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/form"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/routes/user"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/form"
+	"gogs.io/gogs/internal/setting"
 )
 
 const (
@@ -42,7 +42,7 @@ func SettingsPost(c *context.Context, f form.UpdateOrgSetting) {
 
 	// Check if organization name has been changed.
 	if org.LowerName != strings.ToLower(f.Name) {
-		isExist, err := models.IsUserExist(org.ID, f.Name)
+		isExist, err := db.IsUserExist(org.ID, f.Name)
 		if err != nil {
 			c.Handle(500, "IsUserExist", err)
 			return
@@ -50,12 +50,12 @@ func SettingsPost(c *context.Context, f form.UpdateOrgSetting) {
 			c.Data["OrgName"] = true
 			c.RenderWithErr(c.Tr("form.username_been_taken"), SETTINGS_OPTIONS, &f)
 			return
-		} else if err = models.ChangeUserName(org, f.Name); err != nil {
+		} else if err = db.ChangeUserName(org, f.Name); err != nil {
 			c.Data["OrgName"] = true
 			switch {
-			case models.IsErrNameReserved(err):
+			case db.IsErrNameReserved(err):
 				c.RenderWithErr(c.Tr("user.form.name_reserved"), SETTINGS_OPTIONS, &f)
-			case models.IsErrNamePatternNotAllowed(err):
+			case db.IsErrNamePatternNotAllowed(err):
 				c.RenderWithErr(c.Tr("user.form.name_pattern_not_allowed"), SETTINGS_OPTIONS, &f)
 			default:
 				c.Handle(500, "ChangeUserName", err)
@@ -78,7 +78,7 @@ func SettingsPost(c *context.Context, f form.UpdateOrgSetting) {
 	org.Description = f.Description
 	org.Website = f.Website
 	org.Location = f.Location
-	if err := models.UpdateUser(org); err != nil {
+	if err := db.UpdateUser(org); err != nil {
 		c.Handle(500, "UpdateUser", err)
 		return
 	}
@@ -89,7 +89,7 @@ func SettingsPost(c *context.Context, f form.UpdateOrgSetting) {
 
 func SettingsAvatar(c *context.Context, f form.Avatar) {
 	f.Source = form.AVATAR_LOCAL
-	if err := user.UpdateAvatarSetting(c, f, c.Org.Organization); err != nil {
+	if err := user2.UpdateAvatarSetting(c, f, c.Org.Organization); err != nil {
 		c.Flash.Error(err.Error())
 	} else {
 		c.Flash.Success(c.Tr("org.settings.update_avatar_success"))
@@ -112,7 +112,7 @@ func SettingsDelete(c *context.Context) {
 
 	org := c.Org.Organization
 	if c.Req.Method == "POST" {
-		if _, err := models.UserLogin(c.User.Name, c.Query("password"), c.User.LoginSource); err != nil {
+		if _, err := db.UserLogin(c.User.Name, c.Query("password"), c.User.LoginSource); err != nil {
 			if errors.IsUserNotExist(err) {
 				c.RenderWithErr(c.Tr("form.enterred_invalid_password"), SETTINGS_DELETE, nil)
 			} else {
@@ -121,8 +121,8 @@ func SettingsDelete(c *context.Context) {
 			return
 		}
 
-		if err := models.DeleteOrganization(org); err != nil {
-			if models.IsErrUserOwnRepos(err) {
+		if err := db.DeleteOrganization(org); err != nil {
+			if db.IsErrUserOwnRepos(err) {
 				c.Flash.Error(c.Tr("form.org_still_own_repo"))
 				c.Redirect(c.Org.OrgLink + "/settings/delete")
 			} else {
@@ -145,7 +145,7 @@ func Webhooks(c *context.Context) {
 	c.Data["Description"] = c.Tr("org.settings.hooks_desc")
 	c.Data["Types"] = setting.Webhook.Types
 
-	ws, err := models.GetWebhooksByOrgID(c.Org.Organization.ID)
+	ws, err := db.GetWebhooksByOrgID(c.Org.Organization.ID)
 	if err != nil {
 		c.Handle(500, "GetWebhooksByOrgId", err)
 		return
@@ -156,7 +156,7 @@ func Webhooks(c *context.Context) {
 }
 
 func DeleteWebhook(c *context.Context) {
-	if err := models.DeleteWebhookOfOrgByID(c.Org.Organization.ID, c.QueryInt64("id")); err != nil {
+	if err := db.DeleteWebhookOfOrgByID(c.Org.Organization.ID, c.QueryInt64("id")); err != nil {
 		c.Flash.Error("DeleteWebhookByOrgID: " + err.Error())
 	} else {
 		c.Flash.Success(c.Tr("repo.settings.webhook_deletion_success"))
diff --git a/routes/org/teams.go b/internal/route/org/teams.go
index de1d2987..779ecb4c 100644
--- a/routes/org/teams.go
+++ b/internal/route/org/teams.go
@@ -10,10 +10,10 @@ import (
 	"github.com/unknwon/com"
 	log "gopkg.in/clog.v1"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/form"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/form"
 )
 
 const (
@@ -70,8 +70,8 @@ func TeamsAction(c *context.Context) {
 			return
 		}
 		uname := c.Query("uname")
-		var u *models.User
-		u, err = models.GetUserByName(uname)
+		var u *db.User
+		u, err = db.GetUserByName(uname)
 		if err != nil {
 			if errors.IsUserNotExist(err) {
 				c.Flash.Error(c.Tr("form.user_not_exist"))
@@ -87,7 +87,7 @@ func TeamsAction(c *context.Context) {
 	}
 
 	if err != nil {
-		if models.IsErrLastOrgOwner(err) {
+		if db.IsErrLastOrgOwner(err) {
 			c.Flash.Error(c.Tr("form.last_org_owner"))
 		} else {
 			log.Error(3, "Action(%s): %v", c.Params(":action"), err)
@@ -117,8 +117,8 @@ func TeamsRepoAction(c *context.Context) {
 	switch c.Params(":action") {
 	case "add":
 		repoName := path.Base(c.Query("repo_name"))
-		var repo *models.Repository
-		repo, err = models.GetRepositoryByName(c.Org.Organization.ID, repoName)
+		var repo *db.Repository
+		repo, err = db.GetRepositoryByName(c.Org.Organization.ID, repoName)
 		if err != nil {
 			if errors.IsRepoNotExist(err) {
 				c.Flash.Error(c.Tr("org.teams.add_nonexistent_repo"))
@@ -145,7 +145,7 @@ func NewTeam(c *context.Context) {
 	c.Data["Title"] = c.Org.Organization.FullName
 	c.Data["PageIsOrgTeams"] = true
 	c.Data["PageIsOrgTeamsNew"] = true
-	c.Data["Team"] = &models.Team{}
+	c.Data["Team"] = &db.Team{}
 	c.HTML(200, TEAM_NEW)
 }
 
@@ -154,11 +154,11 @@ func NewTeamPost(c *context.Context, f form.CreateTeam) {
 	c.Data["PageIsOrgTeams"] = true
 	c.Data["PageIsOrgTeamsNew"] = true
 
-	t := &models.Team{
+	t := &db.Team{
 		OrgID:       c.Org.Organization.ID,
 		Name:        f.TeamName,
 		Description: f.Description,
-		Authorize:   models.ParseAccessMode(f.Permission),
+		Authorize:   db.ParseAccessMode(f.Permission),
 	}
 	c.Data["Team"] = t
 
@@ -167,13 +167,13 @@ func NewTeamPost(c *context.Context, f form.CreateTeam) {
 		return
 	}
 
-	if err := models.NewTeam(t); err != nil {
+	if err := db.NewTeam(t); err != nil {
 		c.Data["Err_TeamName"] = true
 		switch {
-		case models.IsErrTeamAlreadyExist(err):
+		case db.IsErrTeamAlreadyExist(err):
 			c.RenderWithErr(c.Tr("form.team_name_been_taken"), TEAM_NEW, &f)
-		case models.IsErrNameReserved(err):
-			c.RenderWithErr(c.Tr("org.form.team_name_reserved", err.(models.ErrNameReserved).Name), TEAM_NEW, &f)
+		case db.IsErrNameReserved(err):
+			c.RenderWithErr(c.Tr("org.form.team_name_reserved", err.(db.ErrNameReserved).Name), TEAM_NEW, &f)
 		default:
 			c.Handle(500, "NewTeam", err)
 		}
@@ -225,14 +225,14 @@ func EditTeamPost(c *context.Context, f form.CreateTeam) {
 	isAuthChanged := false
 	if !t.IsOwnerTeam() {
 		// Validate permission level.
-		var auth models.AccessMode
+		var auth db.AccessMode
 		switch f.Permission {
 		case "read":
-			auth = models.ACCESS_MODE_READ
+			auth = db.ACCESS_MODE_READ
 		case "write":
-			auth = models.ACCESS_MODE_WRITE
+			auth = db.ACCESS_MODE_WRITE
 		case "admin":
-			auth = models.ACCESS_MODE_ADMIN
+			auth = db.ACCESS_MODE_ADMIN
 		default:
 			c.Error(401)
 			return
@@ -245,10 +245,10 @@ func EditTeamPost(c *context.Context, f form.CreateTeam) {
 		}
 	}
 	t.Description = f.Description
-	if err := models.UpdateTeam(t, isAuthChanged); err != nil {
+	if err := db.UpdateTeam(t, isAuthChanged); err != nil {
 		c.Data["Err_TeamName"] = true
 		switch {
-		case models.IsErrTeamAlreadyExist(err):
+		case db.IsErrTeamAlreadyExist(err):
 			c.RenderWithErr(c.Tr("form.team_name_been_taken"), TEAM_NEW, &f)
 		default:
 			c.Handle(500, "UpdateTeam", err)
@@ -259,7 +259,7 @@ func EditTeamPost(c *context.Context, f form.CreateTeam) {
 }
 
 func DeleteTeam(c *context.Context) {
-	if err := models.DeleteTeam(c.Org.Team); err != nil {
+	if err := db.DeleteTeam(c.Org.Team); err != nil {
 		c.Flash.Error("DeleteTeam: " + err.Error())
 	} else {
 		c.Flash.Success(c.Tr("org.teams.delete_team_success"))
diff --git a/routes/repo/branch.go b/internal/route/repo/branch.go
index 96308616..a51c4246 100644
--- a/routes/repo/branch.go
+++ b/internal/route/repo/branch.go
@@ -12,9 +12,9 @@ import (
 	"github.com/gogs/git-module"
 	api "github.com/gogs/go-gogs-client"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/tool"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/tool"
 )
 
 const (
@@ -35,7 +35,7 @@ func loadBranches(c *context.Context) []*Branch {
 		return nil
 	}
 
-	protectBranches, err := models.GetProtectBranchesByRepoID(c.Repo.Repository.ID)
+	protectBranches, err := db.GetProtectBranchesByRepoID(c.Repo.Repository.ID)
 	if err != nil {
 		c.Handle(500, "GetProtectBranchesByRepoID", err)
 		return nil
@@ -142,14 +142,14 @@ func DeleteBranchPost(c *context.Context) {
 		return
 	}
 
-	if err := models.PrepareWebhooks(c.Repo.Repository, models.HOOK_EVENT_DELETE, &api.DeletePayload{
+	if err := db.PrepareWebhooks(c.Repo.Repository, db.HOOK_EVENT_DELETE, &api.DeletePayload{
 		Ref:        branchName,
 		RefType:    "branch",
 		PusherType: api.PUSHER_TYPE_USER,
 		Repo:       c.Repo.Repository.APIFormat(nil),
 		Sender:     c.User.APIFormat(),
 	}); err != nil {
-		log.Error(2, "Failed to prepare webhooks for %q: %v", models.HOOK_EVENT_DELETE, err)
+		log.Error(2, "Failed to prepare webhooks for %q: %v", db.HOOK_EVENT_DELETE, err)
 		return
 	}
 }
diff --git a/routes/repo/commit.go b/internal/route/repo/commit.go
index 504f76b8..e058afc4 100644
--- a/routes/repo/commit.go
+++ b/internal/route/repo/commit.go
@@ -10,10 +10,10 @@ import (
 
 	"github.com/gogs/git-module"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/pkg/tool"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/tool"
 )
 
 const (
@@ -69,7 +69,7 @@ func renderCommits(c *context.Context, filename string) {
 		return
 	}
 	commits = RenderIssueLinks(commits, c.Repo.RepoLink)
-	commits = models.ValidateCommitsWithEmails(commits)
+	commits = db.ValidateCommitsWithEmails(commits)
 	c.Data["Commits"] = commits
 
 	if page > 1 {
@@ -106,7 +106,7 @@ func SearchCommits(c *context.Context) {
 		return
 	}
 	commits = RenderIssueLinks(commits, c.Repo.RepoLink)
-	commits = models.ValidateCommitsWithEmails(commits)
+	commits = db.ValidateCommitsWithEmails(commits)
 	c.Data["Commits"] = commits
 
 	c.Data["Keyword"] = keyword
@@ -134,7 +134,7 @@ func Diff(c *context.Context) {
 		return
 	}
 
-	diff, err := models.GetDiffCommit(models.RepoPath(userName, repoName),
+	diff, err := db.GetDiffCommit(db.RepoPath(userName, repoName),
 		commitID, setting.Git.MaxGitDiffLines,
 		setting.Git.MaxGitDiffLineCharacters, setting.Git.MaxGitDiffFiles)
 	if err != nil {
@@ -164,7 +164,7 @@ func Diff(c *context.Context) {
 	c.Data["Reponame"] = repoName
 	c.Data["IsImageFile"] = commit.IsImageFile
 	c.Data["Commit"] = commit
-	c.Data["Author"] = models.ValidateCommitWithEmail(commit)
+	c.Data["Author"] = db.ValidateCommitWithEmail(commit)
 	c.Data["Diff"] = diff
 	c.Data["Parents"] = parents
 	c.Data["DiffNotAvailable"] = diff.NumFiles() == 0
@@ -178,7 +178,7 @@ func Diff(c *context.Context) {
 
 func RawDiff(c *context.Context) {
 	if err := git.GetRawDiff(
-		models.RepoPath(c.Repo.Owner.Name, c.Repo.Repository.Name),
+		db.RepoPath(c.Repo.Owner.Name, c.Repo.Repository.Name),
 		c.Params(":sha"),
 		git.RawDiffType(c.Params(":ext")),
 		c.Resp,
@@ -201,7 +201,7 @@ func CompareDiff(c *context.Context) {
 		return
 	}
 
-	diff, err := models.GetDiffRange(models.RepoPath(userName, repoName), beforeCommitID,
+	diff, err := db.GetDiffRange(db.RepoPath(userName, repoName), beforeCommitID,
 		afterCommitID, setting.Git.MaxGitDiffLines,
 		setting.Git.MaxGitDiffLineCharacters, setting.Git.MaxGitDiffFiles)
 	if err != nil {
@@ -214,7 +214,7 @@ func CompareDiff(c *context.Context) {
 		c.Handle(500, "CommitsBeforeUntil", err)
 		return
 	}
-	commits = models.ValidateCommitsWithEmails(commits)
+	commits = db.ValidateCommitsWithEmails(commits)
 
 	c.Data["IsSplitStyle"] = c.Query("style") == "split"
 	c.Data["CommitRepoLink"] = c.Repo.RepoLink
diff --git a/routes/repo/download.go b/internal/route/repo/download.go
index 9b90a017..88b75082 100644
--- a/routes/repo/download.go
+++ b/internal/route/repo/download.go
@@ -12,9 +12,9 @@ import (
 
 	"github.com/gogs/git-module"
 
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/pkg/tool"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/tool"
 )
 
 func ServeData(c *context.Context, name string, reader io.Reader) error {
diff --git a/routes/repo/editor.go b/internal/route/repo/editor.go
index e1beb184..a3ca3d70 100644
--- a/routes/repo/editor.go
+++ b/internal/route/repo/editor.go
@@ -14,13 +14,13 @@ import (
 	log "gopkg.in/clog.v1"
 
 	"github.com/gogs/git-module"
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/form"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/pkg/template"
-	"gogs.io/gogs/pkg/tool"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/form"
+	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/template"
+	"gogs.io/gogs/internal/tool"
 )
 
 const (
@@ -267,7 +267,7 @@ func editFilePost(c *context.Context, f form.EditRepoFile, isNewFile bool) {
 		message += "\n\n" + f.CommitMessage
 	}
 
-	if err := c.Repo.Repository.UpdateRepoFile(c.User, models.UpdateRepoFileOptions{
+	if err := c.Repo.Repository.UpdateRepoFile(c.User, db.UpdateRepoFileOptions{
 		LastCommitID: lastCommit,
 		OldBranch:    oldBranchName,
 		NewBranch:    branchName,
@@ -375,7 +375,7 @@ func DeleteFilePost(c *context.Context, f form.DeleteRepoFile) {
 		message += "\n\n" + f.CommitMessage
 	}
 
-	if err := c.Repo.Repository.DeleteRepoFile(c.User, models.DeleteRepoFileOptions{
+	if err := c.Repo.Repository.DeleteRepoFile(c.User, db.DeleteRepoFileOptions{
 		LastCommitID: c.Repo.CommitID,
 		OldBranch:    oldBranchName,
 		NewBranch:    branchName,
@@ -494,7 +494,7 @@ func UploadFilePost(c *context.Context, f form.UploadRepoFile) {
 		message += "\n\n" + f.CommitMessage
 	}
 
-	if err := c.Repo.Repository.UploadRepoFiles(c.User, models.UploadRepoFileOptions{
+	if err := c.Repo.Repository.UploadRepoFiles(c.User, db.UploadRepoFileOptions{
 		LastCommitID: c.Repo.CommitID,
 		OldBranch:    oldBranchName,
 		NewBranch:    branchName,
@@ -546,7 +546,7 @@ func UploadFileToServer(c *context.Context) {
 		}
 	}
 
-	upload, err := models.NewUpload(header.Filename, buf, file)
+	upload, err := db.NewUpload(header.Filename, buf, file)
 	if err != nil {
 		c.Error(http.StatusInternalServerError, fmt.Sprintf("NewUpload: %v", err))
 		return
@@ -564,7 +564,7 @@ func RemoveUploadFileFromServer(c *context.Context, f form.RemoveUploadFile) {
 		return
 	}
 
-	if err := models.DeleteUploadByUUID(f.File); err != nil {
+	if err := db.DeleteUploadByUUID(f.File); err != nil {
 		c.Error(500, fmt.Sprintf("DeleteUploadByUUID: %v", err))
 		return
 	}
diff --git a/routes/repo/http.go b/internal/route/repo/http.go
index 57aa0213..d1589e92 100644
--- a/routes/repo/http.go
+++ b/internal/route/repo/http.go
@@ -20,11 +20,11 @@ import (
 	log "gopkg.in/clog.v1"
 	"gopkg.in/macaron.v1"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/pkg/tool"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/tool"
 )
 
 type HTTPContext struct {
@@ -33,7 +33,7 @@ type HTTPContext struct {
 	OwnerSalt string
 	RepoID    int64
 	RepoName  string
-	AuthUser  *models.User
+	AuthUser  *db.User
 }
 
 // askCredentials responses HTTP header and status which informs client to provide credentials.
@@ -64,13 +64,13 @@ func HTTPContexter() macaron.Handler {
 			strings.HasSuffix(c.Req.URL.Path, "git-upload-pack") ||
 			c.Req.Method == "GET"
 
-		owner, err := models.GetUserByName(ownerName)
+		owner, err := db.GetUserByName(ownerName)
 		if err != nil {
 			c.NotFoundOrServerError("GetUserByName", errors.IsUserNotExist, err)
 			return
 		}
 
-		repo, err := models.GetRepositoryByName(owner.ID, repoName)
+		repo, err := db.GetRepositoryByName(owner.ID, repoName)
 		if err != nil {
 			c.NotFoundOrServerError("GetRepositoryByName", errors.IsRepoNotExist, err)
 			return
@@ -112,7 +112,7 @@ func HTTPContexter() macaron.Handler {
 			return
 		}
 
-		authUser, err := models.UserLogin(authUsername, authPassword, -1)
+		authUser, err := db.UserLogin(authUsername, authPassword, -1)
 		if err != nil && !errors.IsUserNotExist(err) {
 			c.Handle(http.StatusInternalServerError, "UserLogin", err)
 			return
@@ -120,9 +120,9 @@ func HTTPContexter() macaron.Handler {
 
 		// If username and password combination failed, try again using username as a token.
 		if authUser == nil {
-			token, err := models.GetAccessTokenBySHA(authUsername)
+			token, err := db.GetAccessTokenBySHA(authUsername)
 			if err != nil {
-				if models.IsErrAccessTokenEmpty(err) || models.IsErrAccessTokenNotExist(err) {
+				if db.IsErrAccessTokenEmpty(err) || db.IsErrAccessTokenNotExist(err) {
 					askCredentials(c, http.StatusUnauthorized, "")
 				} else {
 					c.Handle(http.StatusInternalServerError, "GetAccessTokenBySHA", err)
@@ -132,7 +132,7 @@ func HTTPContexter() macaron.Handler {
 			token.Updated = time.Now()
 			// TODO: verify or update token.Updated in database
 
-			authUser, err = models.GetUserByID(token.UID)
+			authUser, err = db.GetUserByID(token.UID)
 			if err != nil {
 				// Once we found token, we're supposed to find its related user,
 				// thus any error is unexpected.
@@ -147,11 +147,11 @@ Please create and use personal access token on user settings page`)
 
 		log.Trace("HTTPGit - Authenticated user: %s", authUser.Name)
 
-		mode := models.ACCESS_MODE_WRITE
+		mode := db.ACCESS_MODE_WRITE
 		if isPull {
-			mode = models.ACCESS_MODE_READ
+			mode = db.ACCESS_MODE_READ
 		}
-		has, err := models.HasAccess(authUser.ID, repo, mode)
+		has, err := db.HasAccess(authUser.ID, repo, mode)
 		if err != nil {
 			c.Handle(http.StatusInternalServerError, "HasAccess", err)
 			return
@@ -182,7 +182,7 @@ type serviceHandler struct {
 	dir  string
 	file string
 
-	authUser  *models.User
+	authUser  *db.User
 	ownerName string
 	ownerSalt string
 	repoID    int64
@@ -244,7 +244,7 @@ func serviceRPC(h serviceHandler, service string) {
 	var stderr bytes.Buffer
 	cmd := exec.Command("git", service, "--stateless-rpc", h.dir)
 	if service == "receive-pack" {
-		cmd.Env = append(os.Environ(), models.ComposeHookEnvs(models.ComposeHookEnvsOptions{
+		cmd.Env = append(os.Environ(), db.ComposeHookEnvs(db.ComposeHookEnvsOptions{
 			AuthUser:  h.authUser,
 			OwnerName: h.ownerName,
 			OwnerSalt: h.ownerSalt,
@@ -384,7 +384,7 @@ func HTTP(c *HTTPContext) {
 			continue
 		}
 
-		// We perform check here because routes matched in cmd/web.go is wider than needed,
+		// We perform check here because route matched in cmd/web.go is wider than needed,
 		// but we only want to output this message only if user is really trying to access
 		// Git HTTP endpoints.
 		if setting.Repository.DisableHTTPGit {
diff --git a/routes/repo/issue.go b/internal/route/repo/issue.go
index a9d739c5..470575a0 100644
--- a/routes/repo/issue.go
+++ b/internal/route/repo/issue.go
@@ -17,14 +17,14 @@ import (
 	"github.com/unknwon/paginater"
 	log "gopkg.in/clog.v1"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/form"
-	"gogs.io/gogs/pkg/markup"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/pkg/template"
-	"gogs.io/gogs/pkg/tool"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/form"
+	"gogs.io/gogs/internal/markup"
+	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/template"
+	"gogs.io/gogs/internal/tool"
 )
 
 const (
@@ -78,7 +78,7 @@ func MustAllowPulls(c *context.Context) {
 }
 
 func RetrieveLabels(c *context.Context) {
-	labels, err := models.GetLabelsByRepoID(c.Repo.Repository.ID)
+	labels, err := db.GetLabelsByRepoID(c.Repo.Repository.ID)
 	if err != nil {
 		c.Handle(500, "RetrieveLabels.GetLabels", err)
 		return
@@ -126,16 +126,16 @@ func issues(c *context.Context, isPullList bool) {
 		assigneeID = c.QueryInt64("assignee")
 		posterID   int64
 	)
-	filterMode := models.FILTER_MODE_YOUR_REPOS
+	filterMode := db.FILTER_MODE_YOUR_REPOS
 	switch viewType {
 	case "assigned":
-		filterMode = models.FILTER_MODE_ASSIGN
+		filterMode = db.FILTER_MODE_ASSIGN
 		assigneeID = c.User.ID
 	case "created_by":
-		filterMode = models.FILTER_MODE_CREATE
+		filterMode = db.FILTER_MODE_CREATE
 		posterID = c.User.ID
 	case "mentioned":
-		filterMode = models.FILTER_MODE_MENTION
+		filterMode = db.FILTER_MODE_MENTION
 	}
 
 	var uid int64 = -1
@@ -147,7 +147,7 @@ func issues(c *context.Context, isPullList bool) {
 	selectLabels := c.Query("labels")
 	milestoneID := c.QueryInt64("milestone")
 	isShowClosed := c.Query("state") == "closed"
-	issueStats := models.GetIssueStats(&models.IssueStatsOptions{
+	issueStats := db.GetIssueStats(&db.IssueStatsOptions{
 		RepoID:      repo.ID,
 		UserID:      uid,
 		Labels:      selectLabels,
@@ -171,7 +171,7 @@ func issues(c *context.Context, isPullList bool) {
 	pager := paginater.New(total, setting.UI.IssuePagingNum, page, 5)
 	c.Data["Page"] = pager
 
-	issues, err := models.Issues(&models.IssuesOptions{
+	issues, err := db.Issues(&db.IssuesOptions{
 		UserID:      uid,
 		AssigneeID:  assigneeID,
 		RepoID:      repo.ID,
@@ -179,7 +179,7 @@ func issues(c *context.Context, isPullList bool) {
 		MilestoneID: milestoneID,
 		Page:        pager.Current(),
 		IsClosed:    isShowClosed,
-		IsMention:   filterMode == models.FILTER_MODE_MENTION,
+		IsMention:   filterMode == db.FILTER_MODE_MENTION,
 		IsPull:      isPullList,
 		Labels:      selectLabels,
 		SortType:    sortType,
@@ -190,7 +190,7 @@ func issues(c *context.Context, isPullList bool) {
 	}
 
 	// Get issue-user relations.
-	pairs, err := models.GetIssueUsers(repo.ID, posterID, isShowClosed)
+	pairs, err := db.GetIssueUsers(repo.ID, posterID, isShowClosed)
 	if err != nil {
 		c.Handle(500, "GetIssueUsers", err)
 		return
@@ -204,7 +204,7 @@ func issues(c *context.Context, isPullList bool) {
 		}
 
 		// Check read status.
-		idx := models.PairsContains(pairs, issues[i].ID, c.User.ID)
+		idx := db.PairsContains(pairs, issues[i].ID, c.User.ID)
 		if idx > -1 {
 			issues[i].IsRead = pairs[idx].IsRead
 		} else {
@@ -214,7 +214,7 @@ func issues(c *context.Context, isPullList bool) {
 	c.Data["Issues"] = issues
 
 	// Get milestones.
-	c.Data["Milestones"], err = models.GetMilestonesByRepoID(repo.ID)
+	c.Data["Milestones"], err = db.GetMilestonesByRepoID(repo.ID)
 	if err != nil {
 		c.Handle(500, "GetAllRepoMilestones", err)
 		return
@@ -263,14 +263,14 @@ func renderAttachmentSettings(c *context.Context) {
 	c.Data["AttachmentMaxFiles"] = setting.AttachmentMaxFiles
 }
 
-func RetrieveRepoMilestonesAndAssignees(c *context.Context, repo *models.Repository) {
+func RetrieveRepoMilestonesAndAssignees(c *context.Context, repo *db.Repository) {
 	var err error
-	c.Data["OpenMilestones"], err = models.GetMilestones(repo.ID, -1, false)
+	c.Data["OpenMilestones"], err = db.GetMilestones(repo.ID, -1, false)
 	if err != nil {
 		c.Handle(500, "GetMilestones", err)
 		return
 	}
-	c.Data["ClosedMilestones"], err = models.GetMilestones(repo.ID, -1, true)
+	c.Data["ClosedMilestones"], err = db.GetMilestones(repo.ID, -1, true)
 	if err != nil {
 		c.Handle(500, "GetMilestones", err)
 		return
@@ -283,12 +283,12 @@ func RetrieveRepoMilestonesAndAssignees(c *context.Context, repo *models.Reposit
 	}
 }
 
-func RetrieveRepoMetas(c *context.Context, repo *models.Repository) []*models.Label {
+func RetrieveRepoMetas(c *context.Context, repo *db.Repository) []*db.Label {
 	if !c.Repo.IsWriter() {
 		return nil
 	}
 
-	labels, err := models.GetLabelsByRepoID(repo.ID)
+	labels, err := db.GetLabelsByRepoID(repo.ID)
 	if err != nil {
 		c.Handle(500, "GetLabelsByRepoID", err)
 		return nil
@@ -434,7 +434,7 @@ func NewIssuePost(c *context.Context, f form.NewIssue) {
 		attachments = f.Files
 	}
 
-	issue := &models.Issue{
+	issue := &db.Issue{
 		RepoID:      c.Repo.Repository.ID,
 		Title:       f.Title,
 		PosterID:    c.User.ID,
@@ -443,7 +443,7 @@ func NewIssuePost(c *context.Context, f form.NewIssue) {
 		AssigneeID:  assigneeID,
 		Content:     f.Content,
 	}
-	if err := models.NewIssue(c.Repo.Repository, issue, labelIDs, attachments); err != nil {
+	if err := db.NewIssue(c.Repo.Repository, issue, labelIDs, attachments); err != nil {
 		c.Handle(500, "NewIssue", err)
 		return
 	}
@@ -481,7 +481,7 @@ func uploadAttachment(c *context.Context, allowedTypes []string) {
 		return
 	}
 
-	attach, err := models.NewAttachment(header.Filename, buf, file)
+	attach, err := db.NewAttachment(header.Filename, buf, file)
 	if err != nil {
 		c.Error(500, fmt.Sprintf("NewAttachment: %v", err))
 		return
@@ -513,7 +513,7 @@ func viewIssue(c *context.Context, isPullList bool) {
 		return
 	}
 
-	issue, err := models.GetIssueByIndex(c.Repo.Repository.ID, index)
+	issue, err := db.GetIssueByIndex(c.Repo.Repository.ID, index)
 	if err != nil {
 		c.NotFoundOrServerError("GetIssueByIndex", errors.IsIssueNotExist, err)
 		return
@@ -567,7 +567,7 @@ func viewIssue(c *context.Context, isPullList bool) {
 	for i := range issue.Labels {
 		labelIDMark[issue.Labels[i].ID] = true
 	}
-	labels, err := models.GetLabelsByRepoID(repo.ID)
+	labels, err := db.GetLabelsByRepoID(repo.ID)
 	if err != nil {
 		c.Handle(500, "GetLabelsByRepoID", err)
 		return
@@ -599,17 +599,17 @@ func viewIssue(c *context.Context, isPullList bool) {
 	}
 
 	var (
-		tag          models.CommentTag
+		tag          db.CommentTag
 		ok           bool
-		marked       = make(map[int64]models.CommentTag)
-		comment      *models.Comment
-		participants = make([]*models.User, 1, 10)
+		marked       = make(map[int64]db.CommentTag)
+		comment      *db.Comment
+		participants = make([]*db.User, 1, 10)
 	)
 
 	// Render comments and and fetch participants.
 	participants[0] = issue.Poster
 	for _, comment = range issue.Comments {
-		if comment.Type == models.COMMENT_TYPE_COMMENT {
+		if comment.Type == db.COMMENT_TYPE_COMMENT {
 			comment.RenderedContent = string(markup.Markdown(comment.Content, c.Repo.RepoLink, c.Repo.Repository.ComposeMetas()))
 
 			// Check tag.
@@ -621,11 +621,11 @@ func viewIssue(c *context.Context, isPullList bool) {
 
 			if repo.IsOwnedBy(comment.PosterID) ||
 				(repo.Owner.IsOrganization() && repo.Owner.IsOwnedBy(comment.PosterID)) {
-				comment.ShowTag = models.COMMENT_TAG_OWNER
+				comment.ShowTag = db.COMMENT_TAG_OWNER
 			} else if comment.Poster.IsWriterOfRepo(repo) {
-				comment.ShowTag = models.COMMENT_TAG_WRITER
+				comment.ShowTag = db.COMMENT_TAG_WRITER
 			} else if comment.PosterID == issue.PosterID {
-				comment.ShowTag = models.COMMENT_TAG_POSTER
+				comment.ShowTag = db.COMMENT_TAG_POSTER
 			}
 
 			marked[comment.PosterID] = comment.ShowTag
@@ -646,7 +646,7 @@ func viewIssue(c *context.Context, isPullList bool) {
 	if issue.IsPull && issue.PullRequest.HasMerged {
 		pull := issue.PullRequest
 		branchProtected := false
-		protectBranch, err := models.GetProtectBranchOfRepoByName(pull.BaseRepoID, pull.HeadBranch)
+		protectBranch, err := db.GetProtectBranchOfRepoByName(pull.BaseRepoID, pull.HeadBranch)
 		if err != nil {
 			if !errors.IsErrBranchNotExist(err) {
 				c.ServerError("GetProtectBranchOfRepoByName", err)
@@ -680,8 +680,8 @@ func ViewPull(c *context.Context) {
 	viewIssue(c, true)
 }
 
-func getActionIssue(c *context.Context) *models.Issue {
-	issue, err := models.GetIssueByIndex(c.Repo.Repository.ID, c.ParamsInt64(":index"))
+func getActionIssue(c *context.Context) *db.Issue {
+	issue, err := db.GetIssueByIndex(c.Repo.Repository.ID, c.ParamsInt64(":index"))
 	if err != nil {
 		c.NotFoundOrServerError("GetIssueByIndex", errors.IsIssueNotExist, err)
 		return nil
@@ -758,9 +758,9 @@ func UpdateIssueLabel(c *context.Context) {
 		}
 	} else {
 		isAttach := c.Query("action") == "attach"
-		label, err := models.GetLabelOfRepoByID(c.Repo.Repository.ID, c.QueryInt64("id"))
+		label, err := db.GetLabelOfRepoByID(c.Repo.Repository.ID, c.QueryInt64("id"))
 		if err != nil {
-			if models.IsErrLabelNotExist(err) {
+			if db.IsErrLabelNotExist(err) {
 				c.Error(404, "GetLabelByID")
 			} else {
 				c.Handle(500, "GetLabelByID", err)
@@ -803,7 +803,7 @@ func UpdateIssueMilestone(c *context.Context) {
 
 	// Not check for invalid milestone id and give responsibility to owners.
 	issue.MilestoneID = milestoneID
-	if err := models.ChangeMilestoneAssign(c.User, issue, oldMilestoneID); err != nil {
+	if err := db.ChangeMilestoneAssign(c.User, issue, oldMilestoneID); err != nil {
 		c.Handle(500, "ChangeMilestoneAssign", err)
 		return
 	}
@@ -855,7 +855,7 @@ func NewComment(c *context.Context, f form.CreateComment) {
 	}
 
 	var err error
-	var comment *models.Comment
+	var comment *db.Comment
 	defer func() {
 		// Check if issue admin/poster changes the status of issue.
 		if (c.Repo.IsWriter() || (c.IsLogged && issue.IsPoster(c.User.ID))) &&
@@ -863,13 +863,13 @@ func NewComment(c *context.Context, f form.CreateComment) {
 			!(issue.IsPull && issue.PullRequest.HasMerged) {
 
 			// Duplication and conflict check should apply to reopen pull request.
-			var pr *models.PullRequest
+			var pr *db.PullRequest
 
 			if f.Status == "reopen" && issue.IsPull {
 				pull := issue.PullRequest
-				pr, err = models.GetUnmergedPullRequest(pull.HeadRepoID, pull.BaseRepoID, pull.HeadBranch, pull.BaseBranch)
+				pr, err = db.GetUnmergedPullRequest(pull.HeadRepoID, pull.BaseRepoID, pull.HeadBranch, pull.BaseBranch)
 				if err != nil {
-					if !models.IsErrPullRequestNotExist(err) {
+					if !db.IsErrPullRequestNotExist(err) {
 						c.ServerError("GetUnmergedPullRequest", err)
 						return
 					}
@@ -914,7 +914,7 @@ func NewComment(c *context.Context, f form.CreateComment) {
 		return
 	}
 
-	comment, err = models.CreateIssueComment(c.User, c.Repo.Repository, issue, f.Content, attachments)
+	comment, err = db.CreateIssueComment(c.User, c.Repo.Repository, issue, f.Content, attachments)
 	if err != nil {
 		c.ServerError("CreateIssueComment", err)
 		return
@@ -924,16 +924,16 @@ func NewComment(c *context.Context, f form.CreateComment) {
 }
 
 func UpdateCommentContent(c *context.Context) {
-	comment, err := models.GetCommentByID(c.ParamsInt64(":id"))
+	comment, err := db.GetCommentByID(c.ParamsInt64(":id"))
 	if err != nil {
-		c.NotFoundOrServerError("GetCommentByID", models.IsErrCommentNotExist, err)
+		c.NotFoundOrServerError("GetCommentByID", db.IsErrCommentNotExist, err)
 		return
 	}
 
 	if c.UserID() != comment.PosterID && !c.Repo.IsAdmin() {
 		c.Error(404)
 		return
-	} else if comment.Type != models.COMMENT_TYPE_COMMENT {
+	} else if comment.Type != db.COMMENT_TYPE_COMMENT {
 		c.Error(204)
 		return
 	}
@@ -946,7 +946,7 @@ func UpdateCommentContent(c *context.Context) {
 		})
 		return
 	}
-	if err = models.UpdateComment(c.User, comment, oldContent); err != nil {
+	if err = db.UpdateComment(c.User, comment, oldContent); err != nil {
 		c.Handle(500, "UpdateComment", err)
 		return
 	}
@@ -957,21 +957,21 @@ func UpdateCommentContent(c *context.Context) {
 }
 
 func DeleteComment(c *context.Context) {
-	comment, err := models.GetCommentByID(c.ParamsInt64(":id"))
+	comment, err := db.GetCommentByID(c.ParamsInt64(":id"))
 	if err != nil {
-		c.NotFoundOrServerError("GetCommentByID", models.IsErrCommentNotExist, err)
+		c.NotFoundOrServerError("GetCommentByID", db.IsErrCommentNotExist, err)
 		return
 	}
 
 	if c.UserID() != comment.PosterID && !c.Repo.IsAdmin() {
 		c.Error(404)
 		return
-	} else if comment.Type != models.COMMENT_TYPE_COMMENT {
+	} else if comment.Type != db.COMMENT_TYPE_COMMENT {
 		c.Error(204)
 		return
 	}
 
-	if err = models.DeleteCommentByID(c.User, comment.ID); err != nil {
+	if err = db.DeleteCommentByID(c.User, comment.ID); err != nil {
 		c.Handle(500, "DeleteCommentByID", err)
 		return
 	}
@@ -984,7 +984,7 @@ func Labels(c *context.Context) {
 	c.Data["PageIsIssueList"] = true
 	c.Data["PageIsLabels"] = true
 	c.Data["RequireMinicolors"] = true
-	c.Data["LabelTemplates"] = models.LabelTemplates
+	c.Data["LabelTemplates"] = db.LabelTemplates
 	c.HTML(200, LABELS)
 }
 
@@ -993,22 +993,22 @@ func InitializeLabels(c *context.Context, f form.InitializeLabels) {
 		c.Redirect(c.Repo.RepoLink + "/labels")
 		return
 	}
-	list, err := models.GetLabelTemplateFile(f.TemplateName)
+	list, err := db.GetLabelTemplateFile(f.TemplateName)
 	if err != nil {
 		c.Flash.Error(c.Tr("repo.issues.label_templates.fail_to_load_file", f.TemplateName, err))
 		c.Redirect(c.Repo.RepoLink + "/labels")
 		return
 	}
 
-	labels := make([]*models.Label, len(list))
+	labels := make([]*db.Label, len(list))
 	for i := 0; i < len(list); i++ {
-		labels[i] = &models.Label{
+		labels[i] = &db.Label{
 			RepoID: c.Repo.Repository.ID,
 			Name:   list[i][0],
 			Color:  list[i][1],
 		}
 	}
-	if err := models.NewLabels(labels...); err != nil {
+	if err := db.NewLabels(labels...); err != nil {
 		c.Handle(500, "NewLabels", err)
 		return
 	}
@@ -1025,12 +1025,12 @@ func NewLabel(c *context.Context, f form.CreateLabel) {
 		return
 	}
 
-	l := &models.Label{
+	l := &db.Label{
 		RepoID: c.Repo.Repository.ID,
 		Name:   f.Title,
 		Color:  f.Color,
 	}
-	if err := models.NewLabels(l); err != nil {
+	if err := db.NewLabels(l); err != nil {
 		c.Handle(500, "NewLabel", err)
 		return
 	}
@@ -1038,10 +1038,10 @@ func NewLabel(c *context.Context, f form.CreateLabel) {
 }
 
 func UpdateLabel(c *context.Context, f form.CreateLabel) {
-	l, err := models.GetLabelByID(f.ID)
+	l, err := db.GetLabelByID(f.ID)
 	if err != nil {
 		switch {
-		case models.IsErrLabelNotExist(err):
+		case db.IsErrLabelNotExist(err):
 			c.Error(404)
 		default:
 			c.Handle(500, "UpdateLabel", err)
@@ -1051,7 +1051,7 @@ func UpdateLabel(c *context.Context, f form.CreateLabel) {
 
 	l.Name = f.Title
 	l.Color = f.Color
-	if err := models.UpdateLabel(l); err != nil {
+	if err := db.UpdateLabel(l); err != nil {
 		c.Handle(500, "UpdateLabel", err)
 		return
 	}
@@ -1059,7 +1059,7 @@ func UpdateLabel(c *context.Context, f form.CreateLabel) {
 }
 
 func DeleteLabel(c *context.Context) {
-	if err := models.DeleteLabel(c.Repo.Repository.ID, c.QueryInt64("id")); err != nil {
+	if err := db.DeleteLabel(c.Repo.Repository.ID, c.QueryInt64("id")); err != nil {
 		c.Flash.Error("DeleteLabel: " + err.Error())
 	} else {
 		c.Flash.Success(c.Tr("repo.issues.label_deletion_success"))
@@ -1077,7 +1077,7 @@ func Milestones(c *context.Context) {
 	c.Data["PageIsMilestones"] = true
 
 	isShowClosed := c.Query("state") == "closed"
-	openCount, closedCount := models.MilestoneStats(c.Repo.Repository.ID)
+	openCount, closedCount := db.MilestoneStats(c.Repo.Repository.ID)
 	c.Data["OpenCount"] = openCount
 	c.Data["ClosedCount"] = closedCount
 
@@ -1094,7 +1094,7 @@ func Milestones(c *context.Context) {
 	}
 	c.Data["Page"] = paginater.New(total, setting.UI.IssuePagingNum, page, 5)
 
-	miles, err := models.GetMilestones(c.Repo.Repository.ID, page, isShowClosed)
+	miles, err := db.GetMilestones(c.Repo.Repository.ID, page, isShowClosed)
 	if err != nil {
 		c.Handle(500, "GetMilestones", err)
 		return
@@ -1150,7 +1150,7 @@ func NewMilestonePost(c *context.Context, f form.CreateMilestone) {
 		return
 	}
 
-	if err = models.NewMilestone(&models.Milestone{
+	if err = db.NewMilestone(&db.Milestone{
 		RepoID:   c.Repo.Repository.ID,
 		Name:     f.Title,
 		Content:  f.Content,
@@ -1171,9 +1171,9 @@ func EditMilestone(c *context.Context) {
 	c.Data["RequireDatetimepicker"] = true
 	c.Data["DateLang"] = setting.DateLang(c.Locale.Language())
 
-	m, err := models.GetMilestoneByRepoID(c.Repo.Repository.ID, c.ParamsInt64(":id"))
+	m, err := db.GetMilestoneByRepoID(c.Repo.Repository.ID, c.ParamsInt64(":id"))
 	if err != nil {
-		if models.IsErrMilestoneNotExist(err) {
+		if db.IsErrMilestoneNotExist(err) {
 			c.Handle(404, "", nil)
 		} else {
 			c.Handle(500, "GetMilestoneByRepoID", err)
@@ -1210,9 +1210,9 @@ func EditMilestonePost(c *context.Context, f form.CreateMilestone) {
 		return
 	}
 
-	m, err := models.GetMilestoneByRepoID(c.Repo.Repository.ID, c.ParamsInt64(":id"))
+	m, err := db.GetMilestoneByRepoID(c.Repo.Repository.ID, c.ParamsInt64(":id"))
 	if err != nil {
-		if models.IsErrMilestoneNotExist(err) {
+		if db.IsErrMilestoneNotExist(err) {
 			c.Handle(404, "", nil)
 		} else {
 			c.Handle(500, "GetMilestoneByRepoID", err)
@@ -1222,7 +1222,7 @@ func EditMilestonePost(c *context.Context, f form.CreateMilestone) {
 	m.Name = f.Title
 	m.Content = f.Content
 	m.Deadline = deadline
-	if err = models.UpdateMilestone(m); err != nil {
+	if err = db.UpdateMilestone(m); err != nil {
 		c.Handle(500, "UpdateMilestone", err)
 		return
 	}
@@ -1232,9 +1232,9 @@ func EditMilestonePost(c *context.Context, f form.CreateMilestone) {
 }
 
 func ChangeMilestonStatus(c *context.Context) {
-	m, err := models.GetMilestoneByRepoID(c.Repo.Repository.ID, c.ParamsInt64(":id"))
+	m, err := db.GetMilestoneByRepoID(c.Repo.Repository.ID, c.ParamsInt64(":id"))
 	if err != nil {
-		if models.IsErrMilestoneNotExist(err) {
+		if db.IsErrMilestoneNotExist(err) {
 			c.Handle(404, "", err)
 		} else {
 			c.Handle(500, "GetMilestoneByRepoID", err)
@@ -1245,7 +1245,7 @@ func ChangeMilestonStatus(c *context.Context) {
 	switch c.Params(":action") {
 	case "open":
 		if m.IsClosed {
-			if err = models.ChangeMilestoneStatus(m, false); err != nil {
+			if err = db.ChangeMilestoneStatus(m, false); err != nil {
 				c.Handle(500, "ChangeMilestoneStatus", err)
 				return
 			}
@@ -1254,7 +1254,7 @@ func ChangeMilestonStatus(c *context.Context) {
 	case "close":
 		if !m.IsClosed {
 			m.ClosedDate = time.Now()
-			if err = models.ChangeMilestoneStatus(m, true); err != nil {
+			if err = db.ChangeMilestoneStatus(m, true); err != nil {
 				c.Handle(500, "ChangeMilestoneStatus", err)
 				return
 			}
@@ -1266,7 +1266,7 @@ func ChangeMilestonStatus(c *context.Context) {
 }
 
 func DeleteMilestone(c *context.Context) {
-	if err := models.DeleteMilestoneOfRepoByID(c.Repo.Repository.ID, c.QueryInt64("id")); err != nil {
+	if err := db.DeleteMilestoneOfRepoByID(c.Repo.Repository.ID, c.QueryInt64("id")); err != nil {
 		c.Flash.Error("DeleteMilestoneByRepoID: " + err.Error())
 	} else {
 		c.Flash.Success(c.Tr("repo.milestones.deletion_success"))
diff --git a/routes/repo/pull.go b/internal/route/repo/pull.go
index a5f76654..b6ae9875 100644
--- a/routes/repo/pull.go
+++ b/internal/route/repo/pull.go
@@ -14,12 +14,12 @@ import (
 
 	"github.com/gogs/git-module"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/form"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/pkg/tool"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/form"
+	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/tool"
 )
 
 const (
@@ -39,8 +39,8 @@ var (
 	}
 )
 
-func parseBaseRepository(c *context.Context) *models.Repository {
-	baseRepo, err := models.GetRepositoryByID(c.ParamsInt64(":repoid"))
+func parseBaseRepository(c *context.Context) *db.Repository {
+	baseRepo, err := db.GetRepositoryByID(c.ParamsInt64(":repoid"))
 	if err != nil {
 		c.NotFoundOrServerError("GetRepositoryByID", errors.IsRepoNotExist, err)
 		return nil
@@ -101,7 +101,7 @@ func ForkPost(c *context.Context, f form.CreateRepo) {
 		return
 	}
 
-	repo, has, err := models.HasForkedRepo(ctxUser.ID, baseRepo.ID)
+	repo, has, err := db.HasForkedRepo(ctxUser.ID, baseRepo.ID)
 	if err != nil {
 		c.ServerError("HasForkedRepo", err)
 		return
@@ -122,18 +122,18 @@ func ForkPost(c *context.Context, f form.CreateRepo) {
 		return
 	}
 
-	repo, err = models.ForkRepository(c.User, ctxUser, baseRepo, f.RepoName, f.Description)
+	repo, err = db.ForkRepository(c.User, ctxUser, baseRepo, f.RepoName, f.Description)
 	if err != nil {
 		c.Data["Err_RepoName"] = true
 		switch {
 		case errors.IsReachLimitOfRepo(err):
 			c.RenderWithErr(c.Tr("repo.form.reach_limit_of_creation", c.User.RepoCreationNum()), FORK, &f)
-		case models.IsErrRepoAlreadyExist(err):
+		case db.IsErrRepoAlreadyExist(err):
 			c.RenderWithErr(c.Tr("repo.settings.new_owner_has_same_repo"), FORK, &f)
-		case models.IsErrNameReserved(err):
-			c.RenderWithErr(c.Tr("repo.form.name_reserved", err.(models.ErrNameReserved).Name), FORK, &f)
-		case models.IsErrNamePatternNotAllowed(err):
-			c.RenderWithErr(c.Tr("repo.form.name_pattern_not_allowed", err.(models.ErrNamePatternNotAllowed).Pattern), FORK, &f)
+		case db.IsErrNameReserved(err):
+			c.RenderWithErr(c.Tr("repo.form.name_reserved", err.(db.ErrNameReserved).Name), FORK, &f)
+		case db.IsErrNamePatternNotAllowed(err):
+			c.RenderWithErr(c.Tr("repo.form.name_pattern_not_allowed", err.(db.ErrNamePatternNotAllowed).Pattern), FORK, &f)
 		default:
 			c.ServerError("ForkPost", err)
 		}
@@ -144,8 +144,8 @@ func ForkPost(c *context.Context, f form.CreateRepo) {
 	c.Redirect(repo.Link())
 }
 
-func checkPullInfo(c *context.Context) *models.Issue {
-	issue, err := models.GetIssueByIndex(c.Repo.Repository.ID, c.ParamsInt64(":index"))
+func checkPullInfo(c *context.Context) *db.Issue {
+	issue, err := db.GetIssueByIndex(c.Repo.Repository.ID, c.ParamsInt64(":index"))
 	if err != nil {
 		c.NotFoundOrServerError("GetIssueByIndex", errors.IsIssueNotExist, err)
 		return nil
@@ -169,7 +169,7 @@ func checkPullInfo(c *context.Context) *models.Issue {
 	return issue
 }
 
-func PrepareMergedViewPullInfo(c *context.Context, issue *models.Issue) {
+func PrepareMergedViewPullInfo(c *context.Context, issue *db.Issue) {
 	pull := issue.PullRequest
 	c.Data["HasMerged"] = true
 	c.Data["HeadTarget"] = issue.PullRequest.HeadUserName + "/" + pull.HeadBranch
@@ -188,7 +188,7 @@ func PrepareMergedViewPullInfo(c *context.Context, issue *models.Issue) {
 	}
 }
 
-func PrepareViewPullInfo(c *context.Context, issue *models.Issue) *git.PullRequestInfo {
+func PrepareViewPullInfo(c *context.Context, issue *db.Issue) *git.PullRequestInfo {
 	repo := c.Repo.Repository
 	pull := issue.PullRequest
 
@@ -216,7 +216,7 @@ func PrepareViewPullInfo(c *context.Context, issue *models.Issue) *git.PullReque
 		return nil
 	}
 
-	prInfo, err := headGitRepo.GetPullRequestInfo(models.RepoPath(repo.Owner.Name, repo.Name),
+	prInfo, err := headGitRepo.GetPullRequestInfo(db.RepoPath(repo.Owner.Name, repo.Name),
 		pull.BaseBranch, pull.HeadBranch)
 	if err != nil {
 		if strings.Contains(err.Error(), "fatal: Not a valid object name") {
@@ -283,7 +283,7 @@ func ViewPullCommits(c *context.Context) {
 		commits = prInfo.Commits
 	}
 
-	commits = models.ValidateCommitsWithEmails(commits)
+	commits = db.ValidateCommitsWithEmails(commits)
 	c.Data["Commits"] = commits
 	c.Data["CommitsCount"] = commits.Len()
 
@@ -326,7 +326,7 @@ func ViewPullFiles(c *context.Context) {
 			return
 		}
 
-		headRepoPath := models.RepoPath(pull.HeadUserName, pull.HeadRepo.Name)
+		headRepoPath := db.RepoPath(pull.HeadUserName, pull.HeadRepo.Name)
 
 		headGitRepo, err := git.OpenRepository(headRepoPath)
 		if err != nil {
@@ -346,7 +346,7 @@ func ViewPullFiles(c *context.Context) {
 		gitRepo = headGitRepo
 	}
 
-	diff, err := models.GetDiffRange(diffRepoPath,
+	diff, err := db.GetDiffRange(diffRepoPath,
 		startCommitID, endCommitID, setting.Git.MaxGitDiffLines,
 		setting.Git.MaxGitDiffLineCharacters, setting.Git.MaxGitDiffFiles)
 	if err != nil {
@@ -395,9 +395,9 @@ func MergePullRequest(c *context.Context) {
 		return
 	}
 
-	pr, err := models.GetPullRequestByIssueID(issue.ID)
+	pr, err := db.GetPullRequestByIssueID(issue.ID)
 	if err != nil {
-		c.NotFoundOrServerError("GetPullRequestByIssueID", models.IsErrPullRequestNotExist, err)
+		c.NotFoundOrServerError("GetPullRequestByIssueID", db.IsErrPullRequestNotExist, err)
 		return
 	}
 
@@ -408,7 +408,7 @@ func MergePullRequest(c *context.Context) {
 
 	pr.Issue = issue
 	pr.Issue.Repo = c.Repo.Repository
-	if err = pr.Merge(c.User, c.Repo.GitRepo, models.MergeStyle(c.Query("merge_style")), c.Query("commit_description")); err != nil {
+	if err = pr.Merge(c.User, c.Repo.GitRepo, db.MergeStyle(c.Query("merge_style")), c.Query("commit_description")); err != nil {
 		c.ServerError("Merge", err)
 		return
 	}
@@ -417,7 +417,7 @@ func MergePullRequest(c *context.Context) {
 	c.Redirect(c.Repo.RepoLink + "/pulls/" + com.ToStr(pr.Index))
 }
 
-func ParseCompareInfo(c *context.Context) (*models.User, *models.Repository, *git.Repository, *git.PullRequestInfo, string, string) {
+func ParseCompareInfo(c *context.Context) (*db.User, *db.Repository, *git.Repository, *git.PullRequestInfo, string, string) {
 	baseRepo := c.Repo.Repository
 
 	// Get compared branches information
@@ -435,7 +435,7 @@ func ParseCompareInfo(c *context.Context) (*models.User, *models.Repository, *gi
 	c.Data["BaseBranch"] = baseBranch
 
 	var (
-		headUser   *models.User
+		headUser   *db.User
 		headBranch string
 		isSameRepo bool
 		err        error
@@ -449,7 +449,7 @@ func ParseCompareInfo(c *context.Context) (*models.User, *models.Repository, *gi
 		headBranch = headInfos[0]
 
 	} else if len(headInfos) == 2 {
-		headUser, err = models.GetUserByName(headInfos[0])
+		headUser, err = db.GetUserByName(headInfos[0])
 		if err != nil {
 			c.NotFoundOrServerError("GetUserByName", errors.IsUserNotExist, err)
 			return nil, nil, nil, nil, "", ""
@@ -472,7 +472,7 @@ func ParseCompareInfo(c *context.Context) (*models.User, *models.Repository, *gi
 	}
 
 	var (
-		headRepo    *models.Repository
+		headRepo    *db.Repository
 		headGitRepo *git.Repository
 	)
 
@@ -480,7 +480,7 @@ func ParseCompareInfo(c *context.Context) (*models.User, *models.Repository, *gi
 	// no need to check the fork relation.
 	if !isSameRepo {
 		var has bool
-		headRepo, has, err = models.HasForkedRepo(headUser.ID, baseRepo.ID)
+		headRepo, has, err = db.HasForkedRepo(headUser.ID, baseRepo.ID)
 		if err != nil {
 			c.ServerError("HasForkedRepo", err)
 			return nil, nil, nil, nil, "", ""
@@ -490,7 +490,7 @@ func ParseCompareInfo(c *context.Context) (*models.User, *models.Repository, *gi
 			return nil, nil, nil, nil, "", ""
 		}
 
-		headGitRepo, err = git.OpenRepository(models.RepoPath(headUser.Name, headRepo.Name))
+		headGitRepo, err = git.OpenRepository(db.RepoPath(headUser.Name, headRepo.Name))
 		if err != nil {
 			c.ServerError("OpenRepository", err)
 			return nil, nil, nil, nil, "", ""
@@ -519,7 +519,7 @@ func ParseCompareInfo(c *context.Context) (*models.User, *models.Repository, *gi
 	}
 	c.Data["HeadBranches"] = headBranches
 
-	prInfo, err := headGitRepo.GetPullRequestInfo(models.RepoPath(baseRepo.Owner.Name, baseRepo.Name), baseBranch, headBranch)
+	prInfo, err := headGitRepo.GetPullRequestInfo(db.RepoPath(baseRepo.Owner.Name, baseRepo.Name), baseBranch, headBranch)
 	if err != nil {
 		if git.IsErrNoMergeBase(err) {
 			c.Data["IsNoMergeBase"] = true
@@ -536,8 +536,8 @@ func ParseCompareInfo(c *context.Context) (*models.User, *models.Repository, *gi
 
 func PrepareCompareDiff(
 	c *context.Context,
-	headUser *models.User,
-	headRepo *models.Repository,
+	headUser *db.User,
+	headRepo *db.Repository,
 	headGitRepo *git.Repository,
 	prInfo *git.PullRequestInfo,
 	baseBranch, headBranch string) bool {
@@ -562,7 +562,7 @@ func PrepareCompareDiff(
 		return true
 	}
 
-	diff, err := models.GetDiffRange(models.RepoPath(headUser.Name, headRepo.Name),
+	diff, err := db.GetDiffRange(db.RepoPath(headUser.Name, headRepo.Name),
 		prInfo.MergeBase, headCommitID, setting.Git.MaxGitDiffLines,
 		setting.Git.MaxGitDiffLineCharacters, setting.Git.MaxGitDiffFiles)
 	if err != nil {
@@ -578,7 +578,7 @@ func PrepareCompareDiff(
 		return false
 	}
 
-	prInfo.Commits = models.ValidateCommitsWithEmails(prInfo.Commits)
+	prInfo.Commits = db.ValidateCommitsWithEmails(prInfo.Commits)
 	c.Data["Commits"] = prInfo.Commits
 	c.Data["CommitCount"] = prInfo.Commits.Len()
 	c.Data["Username"] = headUser.Name
@@ -605,9 +605,9 @@ func CompareAndPullRequest(c *context.Context) {
 		return
 	}
 
-	pr, err := models.GetUnmergedPullRequest(headRepo.ID, c.Repo.Repository.ID, headBranch, baseBranch)
+	pr, err := db.GetUnmergedPullRequest(headRepo.ID, c.Repo.Repository.ID, headBranch, baseBranch)
 	if err != nil {
-		if !models.IsErrPullRequestNotExist(err) {
+		if !db.IsErrPullRequestNotExist(err) {
 			c.ServerError("GetUnmergedPullRequest", err)
 			return
 		}
@@ -686,7 +686,7 @@ func CompareAndPullRequestPost(c *context.Context, f form.NewIssue) {
 		return
 	}
 
-	pullIssue := &models.Issue{
+	pullIssue := &db.Issue{
 		RepoID:      repo.ID,
 		Index:       repo.NextIssueIndex(),
 		Title:       f.Title,
@@ -697,7 +697,7 @@ func CompareAndPullRequestPost(c *context.Context, f form.NewIssue) {
 		IsPull:      true,
 		Content:     f.Content,
 	}
-	pullRequest := &models.PullRequest{
+	pullRequest := &db.PullRequest{
 		HeadRepoID:   headRepo.ID,
 		BaseRepoID:   repo.ID,
 		HeadUserName: headUser.Name,
@@ -706,11 +706,11 @@ func CompareAndPullRequestPost(c *context.Context, f form.NewIssue) {
 		HeadRepo:     headRepo,
 		BaseRepo:     repo,
 		MergeBase:    prInfo.MergeBase,
-		Type:         models.PULL_REQUEST_GOGS,
+		Type:         db.PULL_REQUEST_GOGS,
 	}
 	// FIXME: check error in the case two people send pull request at almost same time, give nice error prompt
 	// instead of 500.
-	if err := models.NewPullRequest(repo, pullIssue, labelIDs, attachments, pullRequest, patch); err != nil {
+	if err := db.NewPullRequest(repo, pullIssue, labelIDs, attachments, pullRequest, patch); err != nil {
 		c.ServerError("NewPullRequest", err)
 		return
 	} else if err := pullRequest.PushToBaseRepo(); err != nil {
@@ -722,14 +722,14 @@ func CompareAndPullRequestPost(c *context.Context, f form.NewIssue) {
 	c.Redirect(c.Repo.RepoLink + "/pulls/" + com.ToStr(pullIssue.Index))
 }
 
-func parseOwnerAndRepo(c *context.Context) (*models.User, *models.Repository) {
-	owner, err := models.GetUserByName(c.Params(":username"))
+func parseOwnerAndRepo(c *context.Context) (*db.User, *db.Repository) {
+	owner, err := db.GetUserByName(c.Params(":username"))
 	if err != nil {
 		c.NotFoundOrServerError("GetUserByName", errors.IsUserNotExist, err)
 		return nil, nil
 	}
 
-	repo, err := models.GetRepositoryByName(owner.ID, c.Params(":reponame"))
+	repo, err := db.GetRepositoryByName(owner.ID, c.Params(":reponame"))
 	if err != nil {
 		c.NotFoundOrServerError("GetRepositoryByName", errors.IsRepoNotExist, err)
 		return nil, nil
@@ -757,7 +757,7 @@ func TriggerTask(c *context.Context) {
 		return
 	}
 
-	pusher, err := models.GetUserByID(pusherID)
+	pusher, err := db.GetUserByID(pusherID)
 	if err != nil {
 		c.NotFoundOrServerError("GetUserByID", errors.IsUserNotExist, err)
 		return
@@ -765,7 +765,7 @@ func TriggerTask(c *context.Context) {
 
 	log.Trace("TriggerTask '%s/%s' by '%s'", repo.Name, branch, pusher.Name)
 
-	go models.HookQueue.Add(repo.ID)
-	go models.AddTestPullRequestTask(pusher, repo.ID, branch, true)
+	go db.HookQueue.Add(repo.ID)
+	go db.AddTestPullRequestTask(pusher, repo.ID, branch, true)
 	c.Status(202)
 }
diff --git a/routes/repo/release.go b/internal/route/repo/release.go
index 468f8965..0ec048e2 100644
--- a/routes/repo/release.go
+++ b/internal/route/repo/release.go
@@ -10,11 +10,11 @@ import (
 
 	log "gopkg.in/clog.v1"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/form"
-	"gogs.io/gogs/pkg/markup"
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/form"
+	"gogs.io/gogs/internal/markup"
+	"gogs.io/gogs/internal/setting"
 )
 
 const (
@@ -23,7 +23,7 @@ const (
 )
 
 // calReleaseNumCommitsBehind calculates given release has how many commits behind release target.
-func calReleaseNumCommitsBehind(repoCtx *context.Repository, release *models.Release, countCache map[string]int64) error {
+func calReleaseNumCommitsBehind(repoCtx *context.Repository, release *db.Release, countCache map[string]int64) error {
 	// Get count if not exists
 	if _, ok := countCache[release.Target]; !ok {
 		if repoCtx.GitRepo.IsBranchExist(release.Target) {
@@ -55,7 +55,7 @@ func Releases(c *context.Context) {
 		return
 	}
 
-	releases, err := models.GetPublishedReleasesByRepoID(c.Repo.Repository.ID, tagsResult.Tags...)
+	releases, err := db.GetPublishedReleasesByRepoID(c.Repo.Repository.ID, tagsResult.Tags...)
 	if err != nil {
 		c.Handle(500, "GetPublishedReleasesByRepoID", err)
 		return
@@ -64,7 +64,7 @@ func Releases(c *context.Context) {
 	// Temproray cache commits count of used branches to speed up.
 	countCache := make(map[string]int64)
 
-	results := make([]*models.Release, len(tagsResult.Tags))
+	results := make([]*db.Release, len(tagsResult.Tags))
 	for i, rawTag := range tagsResult.Tags {
 		for j, r := range releases {
 			if r == nil || r.TagName != rawTag {
@@ -95,7 +95,7 @@ func Releases(c *context.Context) {
 				return
 			}
 
-			results[i] = &models.Release{
+			results[i] = &db.Release{
 				Title:   rawTag,
 				TagName: rawTag,
 				Sha1:    commit.ID.String(),
@@ -109,12 +109,12 @@ func Releases(c *context.Context) {
 			results[i].NumCommitsBehind = c.Repo.CommitsCount - results[i].NumCommits
 		}
 	}
-	models.SortReleases(results)
+	db.SortReleases(results)
 
 	// Only show drafts if user is viewing the latest page
-	var drafts []*models.Release
+	var drafts []*db.Release
 	if tagsResult.HasLatest {
-		drafts, err = models.GetDraftReleasesByRepoID(c.Repo.Repository.ID)
+		drafts, err = db.GetDraftReleasesByRepoID(c.Repo.Repository.ID)
 		if err != nil {
 			c.Handle(500, "GetDraftReleasesByRepoID", err)
 			return
@@ -207,7 +207,7 @@ func NewReleasePost(c *context.Context, f form.NewRelease) {
 		attachments = f.Files
 	}
 
-	rel := &models.Release{
+	rel := &db.Release{
 		RepoID:       c.Repo.Repository.ID,
 		PublisherID:  c.User.ID,
 		Title:        f.Title,
@@ -220,12 +220,12 @@ func NewReleasePost(c *context.Context, f form.NewRelease) {
 		IsPrerelease: f.Prerelease,
 		CreatedUnix:  tagCreatedUnix,
 	}
-	if err = models.NewRelease(c.Repo.GitRepo, rel, attachments); err != nil {
+	if err = db.NewRelease(c.Repo.GitRepo, rel, attachments); err != nil {
 		c.Data["Err_TagName"] = true
 		switch {
-		case models.IsErrReleaseAlreadyExist(err):
+		case db.IsErrReleaseAlreadyExist(err):
 			c.RenderWithErr(c.Tr("repo.release.tag_name_already_exist"), RELEASE_NEW, &f)
-		case models.IsErrInvalidTagName(err):
+		case db.IsErrInvalidTagName(err):
 			c.RenderWithErr(c.Tr("repo.release.tag_name_invalid"), RELEASE_NEW, &f)
 		default:
 			c.Handle(500, "NewRelease", err)
@@ -244,9 +244,9 @@ func EditRelease(c *context.Context) {
 	renderReleaseAttachmentSettings(c)
 
 	tagName := c.Params("*")
-	rel, err := models.GetRelease(c.Repo.Repository.ID, tagName)
+	rel, err := db.GetRelease(c.Repo.Repository.ID, tagName)
 	if err != nil {
-		if models.IsErrReleaseNotExist(err) {
+		if db.IsErrReleaseNotExist(err) {
 			c.Handle(404, "GetRelease", err)
 		} else {
 			c.Handle(500, "GetRelease", err)
@@ -272,9 +272,9 @@ func EditReleasePost(c *context.Context, f form.EditRelease) {
 	renderReleaseAttachmentSettings(c)
 
 	tagName := c.Params("*")
-	rel, err := models.GetRelease(c.Repo.Repository.ID, tagName)
+	rel, err := db.GetRelease(c.Repo.Repository.ID, tagName)
 	if err != nil {
-		if models.IsErrReleaseNotExist(err) {
+		if db.IsErrReleaseNotExist(err) {
 			c.Handle(404, "GetRelease", err)
 		} else {
 			c.Handle(500, "GetRelease", err)
@@ -304,7 +304,7 @@ func EditReleasePost(c *context.Context, f form.EditRelease) {
 	rel.Note = f.Content
 	rel.IsDraft = len(f.Draft) > 0
 	rel.IsPrerelease = f.Prerelease
-	if err = models.UpdateRelease(c.User, c.Repo.GitRepo, rel, isPublish, attachments); err != nil {
+	if err = db.UpdateRelease(c.User, c.Repo.GitRepo, rel, isPublish, attachments); err != nil {
 		c.Handle(500, "UpdateRelease", err)
 		return
 	}
@@ -320,7 +320,7 @@ func UploadReleaseAttachment(c *context.Context) {
 }
 
 func DeleteRelease(c *context.Context) {
-	if err := models.DeleteReleaseOfRepoByID(c.Repo.Repository.ID, c.QueryInt64("id")); err != nil {
+	if err := db.DeleteReleaseOfRepoByID(c.Repo.Repository.ID, c.QueryInt64("id")); err != nil {
 		c.Flash.Error("DeleteReleaseByID: " + err.Error())
 	} else {
 		c.Flash.Success(c.Tr("repo.release.deletion_success"))
diff --git a/routes/repo/repo.go b/internal/route/repo/repo.go
index 19c1e7fd..c6582815 100644
--- a/routes/repo/repo.go
+++ b/internal/route/repo/repo.go
@@ -15,12 +15,12 @@ import (
 
 	"github.com/gogs/git-module"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/form"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/pkg/tool"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/form"
+	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/tool"
 )
 
 const (
@@ -34,8 +34,8 @@ func MustBeNotBare(c *context.Context) {
 	}
 }
 
-func checkContextUser(c *context.Context, uid int64) *models.User {
-	orgs, err := models.GetOwnedOrgsByUserIDDesc(c.User.ID, "updated_unix")
+func checkContextUser(c *context.Context, uid int64) *db.User {
+	orgs, err := db.GetOwnedOrgsByUserIDDesc(c.User.ID, "updated_unix")
 	if err != nil {
 		c.Handle(500, "GetOwnedOrgsByUserIDDesc", err)
 		return nil
@@ -47,7 +47,7 @@ func checkContextUser(c *context.Context, uid int64) *models.User {
 		return c.User
 	}
 
-	org, err := models.GetUserByID(uid)
+	org, err := db.GetUserByID(uid)
 	if errors.IsUserNotExist(err) {
 		return c.User
 	}
@@ -70,9 +70,9 @@ func Create(c *context.Context) {
 	c.RequireAutosize()
 
 	// Give default value for template to render.
-	c.Data["Gitignores"] = models.Gitignores
-	c.Data["Licenses"] = models.Licenses
-	c.Data["Readmes"] = models.Readmes
+	c.Data["Gitignores"] = db.Gitignores
+	c.Data["Licenses"] = db.Licenses
+	c.Data["Readmes"] = db.Readmes
 	c.Data["readme"] = "Default"
 	c.Data["private"] = c.User.LastRepoVisibility
 	c.Data["IsForcedPrivate"] = setting.Repository.ForcePrivate
@@ -86,19 +86,19 @@ func Create(c *context.Context) {
 	c.HTML(200, CREATE)
 }
 
-func handleCreateError(c *context.Context, owner *models.User, err error, name, tpl string, form interface{}) {
+func handleCreateError(c *context.Context, owner *db.User, err error, name, tpl string, form interface{}) {
 	switch {
 	case errors.IsReachLimitOfRepo(err):
 		c.RenderWithErr(c.Tr("repo.form.reach_limit_of_creation", owner.RepoCreationNum()), tpl, form)
-	case models.IsErrRepoAlreadyExist(err):
+	case db.IsErrRepoAlreadyExist(err):
 		c.Data["Err_RepoName"] = true
 		c.RenderWithErr(c.Tr("form.repo_name_been_taken"), tpl, form)
-	case models.IsErrNameReserved(err):
+	case db.IsErrNameReserved(err):
 		c.Data["Err_RepoName"] = true
-		c.RenderWithErr(c.Tr("repo.form.name_reserved", err.(models.ErrNameReserved).Name), tpl, form)
-	case models.IsErrNamePatternNotAllowed(err):
+		c.RenderWithErr(c.Tr("repo.form.name_reserved", err.(db.ErrNameReserved).Name), tpl, form)
+	case db.IsErrNamePatternNotAllowed(err):
 		c.Data["Err_RepoName"] = true
-		c.RenderWithErr(c.Tr("repo.form.name_pattern_not_allowed", err.(models.ErrNamePatternNotAllowed).Pattern), tpl, form)
+		c.RenderWithErr(c.Tr("repo.form.name_pattern_not_allowed", err.(db.ErrNamePatternNotAllowed).Pattern), tpl, form)
 	default:
 		c.Handle(500, name, err)
 	}
@@ -107,9 +107,9 @@ func handleCreateError(c *context.Context, owner *models.User, err error, name,
 func CreatePost(c *context.Context, f form.CreateRepo) {
 	c.Data["Title"] = c.Tr("new_repo")
 
-	c.Data["Gitignores"] = models.Gitignores
-	c.Data["Licenses"] = models.Licenses
-	c.Data["Readmes"] = models.Readmes
+	c.Data["Gitignores"] = db.Gitignores
+	c.Data["Licenses"] = db.Licenses
+	c.Data["Readmes"] = db.Readmes
 
 	ctxUser := checkContextUser(c, f.UserID)
 	if c.Written() {
@@ -122,7 +122,7 @@ func CreatePost(c *context.Context, f form.CreateRepo) {
 		return
 	}
 
-	repo, err := models.CreateRepository(c.User, ctxUser, models.CreateRepoOptions{
+	repo, err := db.CreateRepository(c.User, ctxUser, db.CreateRepoOptions{
 		Name:        f.RepoName,
 		Description: f.Description,
 		Gitignores:  f.Gitignores,
@@ -138,7 +138,7 @@ func CreatePost(c *context.Context, f form.CreateRepo) {
 	}
 
 	if repo != nil {
-		if errDelete := models.DeleteRepository(ctxUser.ID, repo.ID); errDelete != nil {
+		if errDelete := db.DeleteRepository(ctxUser.ID, repo.ID); errDelete != nil {
 			log.Error(4, "DeleteRepository: %v", errDelete)
 		}
 	}
@@ -177,9 +177,9 @@ func MigratePost(c *context.Context, f form.MigrateRepo) {
 
 	remoteAddr, err := f.ParseRemoteAddr(c.User)
 	if err != nil {
-		if models.IsErrInvalidCloneAddr(err) {
+		if db.IsErrInvalidCloneAddr(err) {
 			c.Data["Err_CloneAddr"] = true
-			addrErr := err.(models.ErrInvalidCloneAddr)
+			addrErr := err.(db.ErrInvalidCloneAddr)
 			switch {
 			case addrErr.IsURLError:
 				c.RenderWithErr(c.Tr("form.url_error"), MIGRATE, &f)
@@ -196,7 +196,7 @@ func MigratePost(c *context.Context, f form.MigrateRepo) {
 		return
 	}
 
-	repo, err := models.MigrateRepository(c.User, ctxUser, models.MigrateRepoOptions{
+	repo, err := db.MigrateRepository(c.User, ctxUser, db.MigrateRepoOptions{
 		Name:        f.RepoName,
 		Description: f.Description,
 		IsPrivate:   f.Private || setting.Repository.ForcePrivate,
@@ -210,7 +210,7 @@ func MigratePost(c *context.Context, f form.MigrateRepo) {
 	}
 
 	if repo != nil {
-		if errDelete := models.DeleteRepository(ctxUser.ID, repo.ID); errDelete != nil {
+		if errDelete := db.DeleteRepository(ctxUser.ID, repo.ID); errDelete != nil {
 			log.Error(4, "DeleteRepository: %v", errDelete)
 		}
 	}
@@ -218,11 +218,11 @@ func MigratePost(c *context.Context, f form.MigrateRepo) {
 	if strings.Contains(err.Error(), "Authentication failed") ||
 		strings.Contains(err.Error(), "could not read Username") {
 		c.Data["Err_Auth"] = true
-		c.RenderWithErr(c.Tr("form.auth_failed", models.HandleMirrorCredentials(err.Error(), true)), MIGRATE, &f)
+		c.RenderWithErr(c.Tr("form.auth_failed", db.HandleMirrorCredentials(err.Error(), true)), MIGRATE, &f)
 		return
 	} else if strings.Contains(err.Error(), "fatal:") {
 		c.Data["Err_CloneAddr"] = true
-		c.RenderWithErr(c.Tr("repo.migrate.failed", models.HandleMirrorCredentials(err.Error(), true)), MIGRATE, &f)
+		c.RenderWithErr(c.Tr("repo.migrate.failed", db.HandleMirrorCredentials(err.Error(), true)), MIGRATE, &f)
 		return
 	}
 
@@ -233,19 +233,19 @@ func Action(c *context.Context) {
 	var err error
 	switch c.Params(":action") {
 	case "watch":
-		err = models.WatchRepo(c.User.ID, c.Repo.Repository.ID, true)
+		err = db.WatchRepo(c.User.ID, c.Repo.Repository.ID, true)
 	case "unwatch":
 		if userID := c.QueryInt64("user_id"); userID != 0 {
 			if c.User.IsAdmin {
-				err = models.WatchRepo(userID, c.Repo.Repository.ID, false)
+				err = db.WatchRepo(userID, c.Repo.Repository.ID, false)
 			}
 		} else {
-			err = models.WatchRepo(c.User.ID, c.Repo.Repository.ID, false)
+			err = db.WatchRepo(c.User.ID, c.Repo.Repository.ID, false)
 		}
 	case "star":
-		err = models.StarRepo(c.User.ID, c.Repo.Repository.ID, true)
+		err = db.StarRepo(c.User.ID, c.Repo.Repository.ID, true)
 	case "unstar":
-		err = models.StarRepo(c.User.ID, c.Repo.Repository.ID, false)
+		err = db.StarRepo(c.User.ID, c.Repo.Repository.ID, false)
 	case "desc": // FIXME: this is not used
 		if !c.Repo.IsOwner() {
 			c.NotFound()
@@ -254,7 +254,7 @@ func Action(c *context.Context) {
 
 		c.Repo.Repository.Description = c.Query("desc")
 		c.Repo.Repository.Website = c.Query("site")
-		err = models.UpdateRepository(c.Repo.Repository, false)
+		err = db.UpdateRepository(c.Repo.Repository, false)
 	}
 
 	if err != nil {
diff --git a/routes/repo/setting.go b/internal/route/repo/setting.go
index 9015916b..e0305702 100644
--- a/routes/repo/setting.go
+++ b/internal/route/repo/setting.go
@@ -10,17 +10,17 @@ import (
 	"strings"
 	"time"
 
-	"github.com/unknwon/com"
 	"github.com/gogs/git-module"
+	"github.com/unknwon/com"
 	log "gopkg.in/clog.v1"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/form"
-	"gogs.io/gogs/pkg/mailer"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/pkg/tool"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/form"
+	"gogs.io/gogs/internal/mailer"
+	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/tool"
 )
 
 const (
@@ -61,15 +61,15 @@ func SettingsPost(c *context.Context, f form.RepoSetting) {
 		// Check if repository name has been changed.
 		if repo.LowerName != strings.ToLower(newRepoName) {
 			isNameChanged = true
-			if err := models.ChangeRepositoryName(c.Repo.Owner, repo.Name, newRepoName); err != nil {
+			if err := db.ChangeRepositoryName(c.Repo.Owner, repo.Name, newRepoName); err != nil {
 				c.FormErr("RepoName")
 				switch {
-				case models.IsErrRepoAlreadyExist(err):
+				case db.IsErrRepoAlreadyExist(err):
 					c.RenderWithErr(c.Tr("form.repo_name_been_taken"), SETTINGS_OPTIONS, &f)
-				case models.IsErrNameReserved(err):
-					c.RenderWithErr(c.Tr("repo.form.name_reserved", err.(models.ErrNameReserved).Name), SETTINGS_OPTIONS, &f)
-				case models.IsErrNamePatternNotAllowed(err):
-					c.RenderWithErr(c.Tr("repo.form.name_pattern_not_allowed", err.(models.ErrNamePatternNotAllowed).Pattern), SETTINGS_OPTIONS, &f)
+				case db.IsErrNameReserved(err):
+					c.RenderWithErr(c.Tr("repo.form.name_reserved", err.(db.ErrNameReserved).Name), SETTINGS_OPTIONS, &f)
+				case db.IsErrNamePatternNotAllowed(err):
+					c.RenderWithErr(c.Tr("repo.form.name_pattern_not_allowed", err.(db.ErrNamePatternNotAllowed).Pattern), SETTINGS_OPTIONS, &f)
 				default:
 					c.ServerError("ChangeRepositoryName", err)
 				}
@@ -92,14 +92,14 @@ func SettingsPost(c *context.Context, f form.RepoSetting) {
 
 		visibilityChanged := repo.IsPrivate != f.Private
 		repo.IsPrivate = f.Private
-		if err := models.UpdateRepository(repo, visibilityChanged); err != nil {
+		if err := db.UpdateRepository(repo, visibilityChanged); err != nil {
 			c.ServerError("UpdateRepository", err)
 			return
 		}
 		log.Trace("Repository basic settings updated: %s/%s", c.Repo.Owner.Name, repo.Name)
 
 		if isNameChanged {
-			if err := models.RenameRepoAction(c.User, oldRepoName, repo); err != nil {
+			if err := db.RenameRepoAction(c.User, oldRepoName, repo); err != nil {
 				log.Error(2, "RenameRepoAction: %v", err)
 			}
 		}
@@ -117,7 +117,7 @@ func SettingsPost(c *context.Context, f form.RepoSetting) {
 			c.Repo.Mirror.EnablePrune = f.EnablePrune
 			c.Repo.Mirror.Interval = f.Interval
 			c.Repo.Mirror.NextSync = time.Now().Add(time.Duration(f.Interval) * time.Hour)
-			if err := models.UpdateMirror(c.Repo.Mirror); err != nil {
+			if err := db.UpdateMirror(c.Repo.Mirror); err != nil {
 				c.ServerError("UpdateMirror", err)
 				return
 			}
@@ -136,7 +136,7 @@ func SettingsPost(c *context.Context, f form.RepoSetting) {
 			return
 		}
 
-		go models.MirrorQueue.Add(repo.ID)
+		go db.MirrorQueue.Add(repo.ID)
 		c.Flash.Info(c.Tr("repo.settings.mirror_sync_in_progress"))
 		c.Redirect(repo.Link() + "/settings")
 
@@ -155,7 +155,7 @@ func SettingsPost(c *context.Context, f form.RepoSetting) {
 		repo.PullsIgnoreWhitespace = f.PullsIgnoreWhitespace
 		repo.PullsAllowRebase = f.PullsAllowRebase
 
-		if err := models.UpdateRepository(repo, false); err != nil {
+		if err := db.UpdateRepository(repo, false); err != nil {
 			c.ServerError("UpdateRepository", err)
 			return
 		}
@@ -187,10 +187,10 @@ func SettingsPost(c *context.Context, f form.RepoSetting) {
 		}
 		repo.IsMirror = false
 
-		if _, err := models.CleanUpMigrateInfo(repo); err != nil {
+		if _, err := db.CleanUpMigrateInfo(repo); err != nil {
 			c.ServerError("CleanUpMigrateInfo", err)
 			return
-		} else if err = models.DeleteMirrorByRepoID(c.Repo.Repository.ID); err != nil {
+		} else if err = db.DeleteMirrorByRepoID(c.Repo.Repository.ID); err != nil {
 			c.ServerError("DeleteMirrorByRepoID", err)
 			return
 		}
@@ -216,7 +216,7 @@ func SettingsPost(c *context.Context, f form.RepoSetting) {
 		}
 
 		newOwner := c.Query("new_owner_name")
-		isExist, err := models.IsUserExist(0, newOwner)
+		isExist, err := db.IsUserExist(0, newOwner)
 		if err != nil {
 			c.ServerError("IsUserExist", err)
 			return
@@ -225,8 +225,8 @@ func SettingsPost(c *context.Context, f form.RepoSetting) {
 			return
 		}
 
-		if err = models.TransferOwnership(c.User, newOwner, repo); err != nil {
-			if models.IsErrRepoAlreadyExist(err) {
+		if err = db.TransferOwnership(c.User, newOwner, repo); err != nil {
+			if db.IsErrRepoAlreadyExist(err) {
 				c.RenderWithErr(c.Tr("repo.settings.new_owner_has_same_repo"), SETTINGS_OPTIONS, nil)
 			} else {
 				c.ServerError("TransferOwnership", err)
@@ -254,7 +254,7 @@ func SettingsPost(c *context.Context, f form.RepoSetting) {
 			}
 		}
 
-		if err := models.DeleteRepository(c.Repo.Owner.ID, repo.ID); err != nil {
+		if err := db.DeleteRepository(c.Repo.Owner.ID, repo.ID); err != nil {
 			c.ServerError("DeleteRepository", err)
 			return
 		}
@@ -284,7 +284,7 @@ func SettingsPost(c *context.Context, f form.RepoSetting) {
 		log.Trace("Repository wiki deleted: %s/%s", c.Repo.Owner.Name, repo.Name)
 
 		repo.EnableWiki = false
-		if err := models.UpdateRepository(repo, false); err != nil {
+		if err := db.UpdateRepository(repo, false); err != nil {
 			c.ServerError("UpdateRepository", err)
 			return
 		}
@@ -321,7 +321,7 @@ func SettingsDeleteAvatar(c *context.Context) {
 }
 
 // FIXME: limit upload size
-func UpdateAvatarSetting(c *context.Context, f form.Avatar, ctxRepo *models.Repository) error {
+func UpdateAvatarSetting(c *context.Context, f form.Avatar, ctxRepo *db.Repository) error {
 	ctxRepo.UseCustomAvatar = true
 	if f.Avatar != nil {
 		r, err := f.Avatar.Open()
@@ -347,7 +347,7 @@ func UpdateAvatarSetting(c *context.Context, f form.Avatar, ctxRepo *models.Repo
 		}
 	}
 
-	if err := models.UpdateRepository(ctxRepo, false); err != nil {
+	if err := db.UpdateRepository(ctxRepo, false); err != nil {
 		return fmt.Errorf("update repository: %v", err)
 	}
 
@@ -375,7 +375,7 @@ func SettingsCollaborationPost(c *context.Context) {
 		return
 	}
 
-	u, err := models.GetUserByName(name)
+	u, err := db.GetUserByName(name)
 	if err != nil {
 		if errors.IsUserNotExist(err) {
 			c.Flash.Error(c.Tr("form.user_not_exist"))
@@ -399,7 +399,7 @@ func SettingsCollaborationPost(c *context.Context) {
 	}
 
 	if setting.Service.EnableNotifyMail {
-		mailer.SendCollaboratorMail(models.NewMailerUser(u), models.NewMailerUser(c.User), models.NewMailerRepo(c.Repo.Repository))
+		mailer.SendCollaboratorMail(db.NewMailerUser(u), db.NewMailerUser(c.User), db.NewMailerRepo(c.Repo.Repository))
 	}
 
 	c.Flash.Success(c.Tr("repo.settings.add_collaborator_success"))
@@ -409,7 +409,7 @@ func SettingsCollaborationPost(c *context.Context) {
 func ChangeCollaborationAccessMode(c *context.Context) {
 	if err := c.Repo.Repository.ChangeCollaborationAccessMode(
 		c.QueryInt64("uid"),
-		models.AccessMode(c.QueryInt("mode"))); err != nil {
+		db.AccessMode(c.QueryInt("mode"))); err != nil {
 		log.Error(2, "ChangeCollaborationAccessMode: %v", err)
 		return
 	}
@@ -439,7 +439,7 @@ func SettingsBranches(c *context.Context) {
 		return
 	}
 
-	protectBranches, err := models.GetProtectBranchesByRepoID(c.Repo.Repository.ID)
+	protectBranches, err := db.GetProtectBranchesByRepoID(c.Repo.Repository.ID)
 	if err != nil {
 		c.Handle(500, "GetProtectBranchesByRepoID", err)
 		return
@@ -474,7 +474,7 @@ func UpdateDefaultBranch(c *context.Context) {
 		}
 	}
 
-	if err := models.UpdateRepository(c.Repo.Repository, false); err != nil {
+	if err := db.UpdateRepository(c.Repo.Repository, false); err != nil {
 		c.Handle(500, "UpdateRepository", err)
 		return
 	}
@@ -493,7 +493,7 @@ func SettingsProtectedBranch(c *context.Context) {
 	c.Data["Title"] = c.Tr("repo.settings.protected_branches") + " - " + branch
 	c.Data["PageIsSettingsBranches"] = true
 
-	protectBranch, err := models.GetProtectBranchOfRepoByName(c.Repo.Repository.ID, branch)
+	protectBranch, err := db.GetProtectBranchOfRepoByName(c.Repo.Repository.ID, branch)
 	if err != nil {
 		if !errors.IsErrBranchNotExist(err) {
 			c.Handle(500, "GetProtectBranchOfRepoByName", err)
@@ -501,7 +501,7 @@ func SettingsProtectedBranch(c *context.Context) {
 		}
 
 		// No options found, create defaults.
-		protectBranch = &models.ProtectBranch{
+		protectBranch = &db.ProtectBranch{
 			Name: branch,
 		}
 	}
@@ -515,7 +515,7 @@ func SettingsProtectedBranch(c *context.Context) {
 		c.Data["Users"] = users
 		c.Data["whitelist_users"] = protectBranch.WhitelistUserIDs
 
-		teams, err := c.Repo.Owner.TeamsHaveAccessToRepo(c.Repo.Repository.ID, models.ACCESS_MODE_WRITE)
+		teams, err := c.Repo.Owner.TeamsHaveAccessToRepo(c.Repo.Repository.ID, db.ACCESS_MODE_WRITE)
 		if err != nil {
 			c.Handle(500, "Repo.Owner.TeamsHaveAccessToRepo", err)
 			return
@@ -535,7 +535,7 @@ func SettingsProtectedBranchPost(c *context.Context, f form.ProtectBranch) {
 		return
 	}
 
-	protectBranch, err := models.GetProtectBranchOfRepoByName(c.Repo.Repository.ID, branch)
+	protectBranch, err := db.GetProtectBranchOfRepoByName(c.Repo.Repository.ID, branch)
 	if err != nil {
 		if !errors.IsErrBranchNotExist(err) {
 			c.Handle(500, "GetProtectBranchOfRepoByName", err)
@@ -543,7 +543,7 @@ func SettingsProtectedBranchPost(c *context.Context, f form.ProtectBranch) {
 		}
 
 		// No options found, create defaults.
-		protectBranch = &models.ProtectBranch{
+		protectBranch = &db.ProtectBranch{
 			RepoID: c.Repo.Repository.ID,
 			Name:   branch,
 		}
@@ -553,9 +553,9 @@ func SettingsProtectedBranchPost(c *context.Context, f form.ProtectBranch) {
 	protectBranch.RequirePullRequest = f.RequirePullRequest
 	protectBranch.EnableWhitelist = f.EnableWhitelist
 	if c.Repo.Owner.IsOrganization() {
-		err = models.UpdateOrgProtectBranch(c.Repo.Repository, protectBranch, f.WhitelistUsers, f.WhitelistTeams)
+		err = db.UpdateOrgProtectBranch(c.Repo.Repository, protectBranch, f.WhitelistUsers, f.WhitelistTeams)
 	} else {
-		err = models.UpdateProtectBranch(protectBranch)
+		err = db.UpdateProtectBranch(protectBranch)
 	}
 	if err != nil {
 		c.Handle(500, "UpdateOrgProtectBranch/UpdateProtectBranch", err)
@@ -622,7 +622,7 @@ func SettingsDeployKeys(c *context.Context) {
 	c.Data["Title"] = c.Tr("repo.settings.deploy_keys")
 	c.Data["PageIsSettingsKeys"] = true
 
-	keys, err := models.ListDeployKeys(c.Repo.Repository.ID)
+	keys, err := db.ListDeployKeys(c.Repo.Repository.ID)
 	if err != nil {
 		c.Handle(500, "ListDeployKeys", err)
 		return
@@ -636,7 +636,7 @@ func SettingsDeployKeysPost(c *context.Context, f form.AddSSHKey) {
 	c.Data["Title"] = c.Tr("repo.settings.deploy_keys")
 	c.Data["PageIsSettingsKeys"] = true
 
-	keys, err := models.ListDeployKeys(c.Repo.Repository.ID)
+	keys, err := db.ListDeployKeys(c.Repo.Repository.ID)
 	if err != nil {
 		c.Handle(500, "ListDeployKeys", err)
 		return
@@ -648,9 +648,9 @@ func SettingsDeployKeysPost(c *context.Context, f form.AddSSHKey) {
 		return
 	}
 
-	content, err := models.CheckPublicKeyString(f.Content)
+	content, err := db.CheckPublicKeyString(f.Content)
 	if err != nil {
-		if models.IsErrKeyUnableVerify(err) {
+		if db.IsErrKeyUnableVerify(err) {
 			c.Flash.Info(c.Tr("form.unable_verify_ssh_key"))
 		} else {
 			c.Data["HasError"] = true
@@ -661,14 +661,14 @@ func SettingsDeployKeysPost(c *context.Context, f form.AddSSHKey) {
 		}
 	}
 
-	key, err := models.AddDeployKey(c.Repo.Repository.ID, f.Title, content)
+	key, err := db.AddDeployKey(c.Repo.Repository.ID, f.Title, content)
 	if err != nil {
 		c.Data["HasError"] = true
 		switch {
-		case models.IsErrKeyAlreadyExist(err):
+		case db.IsErrKeyAlreadyExist(err):
 			c.Data["Err_Content"] = true
 			c.RenderWithErr(c.Tr("repo.settings.key_been_used"), SETTINGS_DEPLOY_KEYS, &f)
-		case models.IsErrKeyNameAlreadyUsed(err):
+		case db.IsErrKeyNameAlreadyUsed(err):
 			c.Data["Err_Title"] = true
 			c.RenderWithErr(c.Tr("repo.settings.key_name_used"), SETTINGS_DEPLOY_KEYS, &f)
 		default:
@@ -683,7 +683,7 @@ func SettingsDeployKeysPost(c *context.Context, f form.AddSSHKey) {
 }
 
 func DeleteDeployKey(c *context.Context) {
-	if err := models.DeleteDeployKey(c.User, c.QueryInt64("id")); err != nil {
+	if err := db.DeleteDeployKey(c.User, c.QueryInt64("id")); err != nil {
 		c.Flash.Error("DeleteDeployKey: " + err.Error())
 	} else {
 		c.Flash.Success(c.Tr("repo.settings.deploy_key_deletion_success"))
diff --git a/routes/repo/view.go b/internal/route/repo/view.go
index b6464e44..8b7defed 100644
--- a/routes/repo/view.go
+++ b/internal/route/repo/view.go
@@ -17,13 +17,13 @@ import (
 
 	"github.com/gogs/git-module"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/markup"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/pkg/template"
-	"gogs.io/gogs/pkg/template/highlight"
-	"gogs.io/gogs/pkg/tool"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/markup"
+	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/template"
+	"gogs.io/gogs/internal/template/highlight"
+	"gogs.io/gogs/internal/tool"
 )
 
 const (
@@ -114,7 +114,7 @@ func renderDirectory(c *context.Context, treeLink string) {
 		}
 	}
 	c.Data["LatestCommit"] = latestCommit
-	c.Data["LatestCommitUser"] = models.ValidateCommitWithEmail(latestCommit)
+	c.Data["LatestCommitUser"] = db.ValidateCommitWithEmail(latestCommit)
 
 	if c.Repo.CanEnableEditor() {
 		c.Data["CanAddFile"] = true
@@ -318,12 +318,12 @@ func Home(c *context.Context) {
 	c.HTML(200, HOME)
 }
 
-func RenderUserCards(c *context.Context, total int, getter func(page int) ([]*models.User, error), tpl string) {
+func RenderUserCards(c *context.Context, total int, getter func(page int) ([]*db.User, error), tpl string) {
 	page := c.QueryInt("page")
 	if page <= 0 {
 		page = 1
 	}
-	pager := paginater.New(total, models.ItemsPerPage, page, 5)
+	pager := paginater.New(total, db.ItemsPerPage, page, 5)
 	c.Data["Page"] = pager
 
 	items, err := getter(pager.Current())
diff --git a/routes/repo/webhook.go b/internal/route/repo/webhook.go
index d22140af..2d2ca55a 100644
--- a/routes/repo/webhook.go
+++ b/internal/route/repo/webhook.go
@@ -8,17 +8,17 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/unknwon/com"
 	"github.com/json-iterator/go"
+	"github.com/unknwon/com"
 
 	git "github.com/gogs/git-module"
 	api "github.com/gogs/go-gogs-client"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/form"
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/form"
+	"gogs.io/gogs/internal/setting"
 )
 
 const (
@@ -34,7 +34,7 @@ func Webhooks(c *context.Context) {
 	c.Data["Description"] = c.Tr("repo.settings.hooks_desc", "https://github.com/gogs/go-gogs-client/wiki/Repositories-Webhooks")
 	c.Data["Types"] = setting.Webhook.Types
 
-	ws, err := models.GetWebhooksByRepoID(c.Repo.Repository.ID)
+	ws, err := db.GetWebhooksByRepoID(c.Repo.Repository.ID)
 	if err != nil {
 		c.Handle(500, "GetWebhooksByRepoID", err)
 		return
@@ -87,7 +87,7 @@ func WebhooksNew(c *context.Context) {
 	c.Data["Title"] = c.Tr("repo.settings.add_webhook")
 	c.Data["PageIsSettingsHooks"] = true
 	c.Data["PageIsSettingsHooksNew"] = true
-	c.Data["Webhook"] = models.Webhook{HookEvent: &models.HookEvent{}}
+	c.Data["Webhook"] = db.Webhook{HookEvent: &db.HookEvent{}}
 
 	orCtx, err := getOrgRepoCtx(c)
 	if err != nil {
@@ -104,12 +104,12 @@ func WebhooksNew(c *context.Context) {
 	c.HTML(200, orCtx.NewTemplate)
 }
 
-func ParseHookEvent(f form.Webhook) *models.HookEvent {
-	return &models.HookEvent{
+func ParseHookEvent(f form.Webhook) *db.HookEvent {
+	return &db.HookEvent{
 		PushOnly:       f.PushOnly(),
 		SendEverything: f.SendEverything(),
 		ChooseEvents:   f.ChooseEvents(),
-		HookEvents: models.HookEvents{
+		HookEvents: db.HookEvents{
 			Create:       f.Create,
 			Delete:       f.Delete,
 			Fork:         f.Fork,
@@ -126,7 +126,7 @@ func WebHooksNewPost(c *context.Context, f form.NewWebhook) {
 	c.Data["Title"] = c.Tr("repo.settings.add_webhook")
 	c.Data["PageIsSettingsHooks"] = true
 	c.Data["PageIsSettingsHooksNew"] = true
-	c.Data["Webhook"] = models.Webhook{HookEvent: &models.HookEvent{}}
+	c.Data["Webhook"] = db.Webhook{HookEvent: &db.HookEvent{}}
 	c.Data["HookType"] = "gogs"
 
 	orCtx, err := getOrgRepoCtx(c)
@@ -141,25 +141,25 @@ func WebHooksNewPost(c *context.Context, f form.NewWebhook) {
 		return
 	}
 
-	contentType := models.JSON
-	if models.HookContentType(f.ContentType) == models.FORM {
-		contentType = models.FORM
+	contentType := db.JSON
+	if db.HookContentType(f.ContentType) == db.FORM {
+		contentType = db.FORM
 	}
 
-	w := &models.Webhook{
+	w := &db.Webhook{
 		RepoID:       orCtx.RepoID,
 		URL:          f.PayloadURL,
 		ContentType:  contentType,
 		Secret:       f.Secret,
 		HookEvent:    ParseHookEvent(f.Webhook),
 		IsActive:     f.Active,
-		HookTaskType: models.GOGS,
+		HookTaskType: db.GOGS,
 		OrgID:        orCtx.OrgID,
 	}
 	if err := w.UpdateEvent(); err != nil {
 		c.Handle(500, "UpdateEvent", err)
 		return
-	} else if err := models.CreateWebhook(w); err != nil {
+	} else if err := db.CreateWebhook(w); err != nil {
 		c.Handle(500, "CreateWebhook", err)
 		return
 	}
@@ -172,7 +172,7 @@ func SlackHooksNewPost(c *context.Context, f form.NewSlackHook) {
 	c.Data["Title"] = c.Tr("repo.settings")
 	c.Data["PageIsSettingsHooks"] = true
 	c.Data["PageIsSettingsHooksNew"] = true
-	c.Data["Webhook"] = models.Webhook{HookEvent: &models.HookEvent{}}
+	c.Data["Webhook"] = db.Webhook{HookEvent: &db.HookEvent{}}
 
 	orCtx, err := getOrgRepoCtx(c)
 	if err != nil {
@@ -185,7 +185,7 @@ func SlackHooksNewPost(c *context.Context, f form.NewSlackHook) {
 		return
 	}
 
-	meta, err := jsoniter.Marshal(&models.SlackMeta{
+	meta, err := jsoniter.Marshal(&db.SlackMeta{
 		Channel:  f.Channel,
 		Username: f.Username,
 		IconURL:  f.IconURL,
@@ -196,20 +196,20 @@ func SlackHooksNewPost(c *context.Context, f form.NewSlackHook) {
 		return
 	}
 
-	w := &models.Webhook{
+	w := &db.Webhook{
 		RepoID:       orCtx.RepoID,
 		URL:          f.PayloadURL,
-		ContentType:  models.JSON,
+		ContentType:  db.JSON,
 		HookEvent:    ParseHookEvent(f.Webhook),
 		IsActive:     f.Active,
-		HookTaskType: models.SLACK,
+		HookTaskType: db.SLACK,
 		Meta:         string(meta),
 		OrgID:        orCtx.OrgID,
 	}
 	if err := w.UpdateEvent(); err != nil {
 		c.Handle(500, "UpdateEvent", err)
 		return
-	} else if err := models.CreateWebhook(w); err != nil {
+	} else if err := db.CreateWebhook(w); err != nil {
 		c.Handle(500, "CreateWebhook", err)
 		return
 	}
@@ -223,7 +223,7 @@ func DiscordHooksNewPost(c *context.Context, f form.NewDiscordHook) {
 	c.Data["Title"] = c.Tr("repo.settings")
 	c.Data["PageIsSettingsHooks"] = true
 	c.Data["PageIsSettingsHooksNew"] = true
-	c.Data["Webhook"] = models.Webhook{HookEvent: &models.HookEvent{}}
+	c.Data["Webhook"] = db.Webhook{HookEvent: &db.HookEvent{}}
 
 	orCtx, err := getOrgRepoCtx(c)
 	if err != nil {
@@ -236,7 +236,7 @@ func DiscordHooksNewPost(c *context.Context, f form.NewDiscordHook) {
 		return
 	}
 
-	meta, err := jsoniter.Marshal(&models.SlackMeta{
+	meta, err := jsoniter.Marshal(&db.SlackMeta{
 		Username: f.Username,
 		IconURL:  f.IconURL,
 		Color:    f.Color,
@@ -246,20 +246,20 @@ func DiscordHooksNewPost(c *context.Context, f form.NewDiscordHook) {
 		return
 	}
 
-	w := &models.Webhook{
+	w := &db.Webhook{
 		RepoID:       orCtx.RepoID,
 		URL:          f.PayloadURL,
-		ContentType:  models.JSON,
+		ContentType:  db.JSON,
 		HookEvent:    ParseHookEvent(f.Webhook),
 		IsActive:     f.Active,
-		HookTaskType: models.DISCORD,
+		HookTaskType: db.DISCORD,
 		Meta:         string(meta),
 		OrgID:        orCtx.OrgID,
 	}
 	if err := w.UpdateEvent(); err != nil {
 		c.Handle(500, "UpdateEvent", err)
 		return
-	} else if err := models.CreateWebhook(w); err != nil {
+	} else if err := db.CreateWebhook(w); err != nil {
 		c.Handle(500, "CreateWebhook", err)
 		return
 	}
@@ -272,7 +272,7 @@ func DingtalkHooksNewPost(c *context.Context, f form.NewDingtalkHook) {
 	c.Data["Title"] = c.Tr("repo.settings")
 	c.Data["PageIsSettingsHooks"] = true
 	c.Data["PageIsSettingsHooksNew"] = true
-	c.Data["Webhook"] = models.Webhook{HookEvent: &models.HookEvent{}}
+	c.Data["Webhook"] = db.Webhook{HookEvent: &db.HookEvent{}}
 
 	orCtx, err := getOrgRepoCtx(c)
 	if err != nil {
@@ -285,19 +285,19 @@ func DingtalkHooksNewPost(c *context.Context, f form.NewDingtalkHook) {
 		return
 	}
 
-	w := &models.Webhook{
+	w := &db.Webhook{
 		RepoID:       orCtx.RepoID,
 		URL:          f.PayloadURL,
-		ContentType:  models.JSON,
+		ContentType:  db.JSON,
 		HookEvent:    ParseHookEvent(f.Webhook),
 		IsActive:     f.Active,
-		HookTaskType: models.DINGTALK,
+		HookTaskType: db.DINGTALK,
 		OrgID:        orCtx.OrgID,
 	}
 	if err := w.UpdateEvent(); err != nil {
 		c.Handle(500, "UpdateEvent", err)
 		return
-	} else if err := models.CreateWebhook(w); err != nil {
+	} else if err := db.CreateWebhook(w); err != nil {
 		c.Handle(500, "CreateWebhook", err)
 		return
 	}
@@ -306,7 +306,7 @@ func DingtalkHooksNewPost(c *context.Context, f form.NewDingtalkHook) {
 	c.Redirect(orCtx.Link + "/settings/hooks")
 }
 
-func checkWebhook(c *context.Context) (*OrgRepoCtx, *models.Webhook) {
+func checkWebhook(c *context.Context) (*OrgRepoCtx, *db.Webhook) {
 	c.Data["RequireHighlightJS"] = true
 
 	orCtx, err := getOrgRepoCtx(c)
@@ -316,11 +316,11 @@ func checkWebhook(c *context.Context) (*OrgRepoCtx, *models.Webhook) {
 	}
 	c.Data["BaseLink"] = orCtx.Link
 
-	var w *models.Webhook
+	var w *db.Webhook
 	if orCtx.RepoID > 0 {
-		w, err = models.GetWebhookOfRepoByID(c.Repo.Repository.ID, c.ParamsInt64(":id"))
+		w, err = db.GetWebhookOfRepoByID(c.Repo.Repository.ID, c.ParamsInt64(":id"))
 	} else {
-		w, err = models.GetWebhookByOrgID(c.Org.Organization.ID, c.ParamsInt64(":id"))
+		w, err = db.GetWebhookByOrgID(c.Org.Organization.ID, c.ParamsInt64(":id"))
 	}
 	if err != nil {
 		c.NotFoundOrServerError("GetWebhookOfRepoByID/GetWebhookByOrgID", errors.IsWebhookNotExist, err)
@@ -328,13 +328,13 @@ func checkWebhook(c *context.Context) (*OrgRepoCtx, *models.Webhook) {
 	}
 
 	switch w.HookTaskType {
-	case models.SLACK:
+	case db.SLACK:
 		c.Data["SlackHook"] = w.GetSlackHook()
 		c.Data["HookType"] = "slack"
-	case models.DISCORD:
+	case db.DISCORD:
 		c.Data["SlackHook"] = w.GetSlackHook()
 		c.Data["HookType"] = "discord"
-	case models.DINGTALK:
+	case db.DINGTALK:
 		c.Data["HookType"] = "dingtalk"
 	default:
 		c.Data["HookType"] = "gogs"
@@ -377,9 +377,9 @@ func WebHooksEditPost(c *context.Context, f form.NewWebhook) {
 		return
 	}
 
-	contentType := models.JSON
-	if models.HookContentType(f.ContentType) == models.FORM {
-		contentType = models.FORM
+	contentType := db.JSON
+	if db.HookContentType(f.ContentType) == db.FORM {
+		contentType = db.FORM
 	}
 
 	w.URL = f.PayloadURL
@@ -390,7 +390,7 @@ func WebHooksEditPost(c *context.Context, f form.NewWebhook) {
 	if err := w.UpdateEvent(); err != nil {
 		c.Handle(500, "UpdateEvent", err)
 		return
-	} else if err := models.UpdateWebhook(w); err != nil {
+	} else if err := db.UpdateWebhook(w); err != nil {
 		c.Handle(500, "WebHooksEditPost", err)
 		return
 	}
@@ -415,7 +415,7 @@ func SlackHooksEditPost(c *context.Context, f form.NewSlackHook) {
 		return
 	}
 
-	meta, err := jsoniter.Marshal(&models.SlackMeta{
+	meta, err := jsoniter.Marshal(&db.SlackMeta{
 		Channel:  f.Channel,
 		Username: f.Username,
 		IconURL:  f.IconURL,
@@ -433,7 +433,7 @@ func SlackHooksEditPost(c *context.Context, f form.NewSlackHook) {
 	if err := w.UpdateEvent(); err != nil {
 		c.Handle(500, "UpdateEvent", err)
 		return
-	} else if err := models.UpdateWebhook(w); err != nil {
+	} else if err := db.UpdateWebhook(w); err != nil {
 		c.Handle(500, "UpdateWebhook", err)
 		return
 	}
@@ -459,7 +459,7 @@ func DiscordHooksEditPost(c *context.Context, f form.NewDiscordHook) {
 		return
 	}
 
-	meta, err := jsoniter.Marshal(&models.SlackMeta{
+	meta, err := jsoniter.Marshal(&db.SlackMeta{
 		Username: f.Username,
 		IconURL:  f.IconURL,
 		Color:    f.Color,
@@ -476,7 +476,7 @@ func DiscordHooksEditPost(c *context.Context, f form.NewDiscordHook) {
 	if err := w.UpdateEvent(); err != nil {
 		c.Handle(500, "UpdateEvent", err)
 		return
-	} else if err := models.UpdateWebhook(w); err != nil {
+	} else if err := db.UpdateWebhook(w); err != nil {
 		c.Handle(500, "UpdateWebhook", err)
 		return
 	}
@@ -507,7 +507,7 @@ func DingtalkHooksEditPost(c *context.Context, f form.NewDingtalkHook) {
 	if err := w.UpdateEvent(); err != nil {
 		c.Handle(500, "UpdateEvent", err)
 		return
-	} else if err := models.UpdateWebhook(w); err != nil {
+	} else if err := db.UpdateWebhook(w); err != nil {
 		c.Handle(500, "UpdateWebhook", err)
 		return
 	}
@@ -522,7 +522,7 @@ func TestWebhook(c *context.Context) {
 	// Grab latest commit or fake one if it's empty repository.
 	commit := c.Repo.Commit
 	if commit == nil {
-		ghost := models.NewGhostUser()
+		ghost := db.NewGhostUser()
 		commit = &git.Commit{
 			ID:            git.MustIDFromString(git.EMPTY_SHA),
 			Author:        ghost.NewGitSig(),
@@ -533,7 +533,7 @@ func TestWebhook(c *context.Context) {
 		committerUsername = ghost.Name
 	} else {
 		// Try to match email with a real user.
-		author, err := models.GetUserByEmail(commit.Author.Email)
+		author, err := db.GetUserByEmail(commit.Author.Email)
 		if err == nil {
 			authorUsername = author.Name
 		} else if !errors.IsUserNotExist(err) {
@@ -541,7 +541,7 @@ func TestWebhook(c *context.Context) {
 			return
 		}
 
-		committer, err := models.GetUserByEmail(commit.Committer.Email)
+		committer, err := db.GetUserByEmail(commit.Committer.Email)
 		if err == nil {
 			committerUsername = committer.Name
 		} else if !errors.IsUserNotExist(err) {
@@ -585,7 +585,7 @@ func TestWebhook(c *context.Context) {
 		Pusher: apiUser,
 		Sender: apiUser,
 	}
-	if err := models.TestWebhook(c.Repo.Repository, models.HOOK_EVENT_PUSH, p, c.ParamsInt64("id")); err != nil {
+	if err := db.TestWebhook(c.Repo.Repository, db.HOOK_EVENT_PUSH, p, c.ParamsInt64("id")); err != nil {
 		c.Handle(500, "TestWebhook", err)
 	} else {
 		c.Flash.Info(c.Tr("repo.settings.webhook.test_delivery_success"))
@@ -594,30 +594,30 @@ func TestWebhook(c *context.Context) {
 }
 
 func RedeliveryWebhook(c *context.Context) {
-	webhook, err := models.GetWebhookOfRepoByID(c.Repo.Repository.ID, c.ParamsInt64(":id"))
+	webhook, err := db.GetWebhookOfRepoByID(c.Repo.Repository.ID, c.ParamsInt64(":id"))
 	if err != nil {
 		c.NotFoundOrServerError("GetWebhookOfRepoByID/GetWebhookByOrgID", errors.IsWebhookNotExist, err)
 		return
 	}
 
-	hookTask, err := models.GetHookTaskOfWebhookByUUID(webhook.ID, c.Query("uuid"))
+	hookTask, err := db.GetHookTaskOfWebhookByUUID(webhook.ID, c.Query("uuid"))
 	if err != nil {
 		c.NotFoundOrServerError("GetHookTaskOfWebhookByUUID/GetWebhookByOrgID", errors.IsHookTaskNotExist, err)
 		return
 	}
 
 	hookTask.IsDelivered = false
-	if err = models.UpdateHookTask(hookTask); err != nil {
+	if err = db.UpdateHookTask(hookTask); err != nil {
 		c.Handle(500, "UpdateHookTask", err)
 	} else {
-		go models.HookQueue.Add(c.Repo.Repository.ID)
+		go db.HookQueue.Add(c.Repo.Repository.ID)
 		c.Flash.Info(c.Tr("repo.settings.webhook.redelivery_success", hookTask.UUID))
 		c.Status(200)
 	}
 }
 
 func DeleteWebhook(c *context.Context) {
-	if err := models.DeleteWebhookOfRepoByID(c.Repo.Repository.ID, c.QueryInt64("id")); err != nil {
+	if err := db.DeleteWebhookOfRepoByID(c.Repo.Repository.ID, c.QueryInt64("id")); err != nil {
 		c.Flash.Error("DeleteWebhookByRepoID: " + err.Error())
 	} else {
 		c.Flash.Success(c.Tr("repo.settings.webhook_deletion_success"))
diff --git a/routes/repo/wiki.go b/internal/route/repo/wiki.go
index 29979343..8a48c319 100644
--- a/routes/repo/wiki.go
+++ b/internal/route/repo/wiki.go
@@ -11,10 +11,10 @@ import (
 
 	"github.com/gogs/git-module"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/form"
-	"gogs.io/gogs/pkg/markup"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/form"
+	"gogs.io/gogs/internal/markup"
 )
 
 const (
@@ -67,7 +67,7 @@ func renderWikiPage(c *context.Context, isViewPage bool) (*git.Repository, strin
 				name := strings.TrimSuffix(entries[i].Name(), ".md")
 				pages = append(pages, PageMeta{
 					Name: name,
-					URL:  models.ToWikiPageURL(name),
+					URL:  db.ToWikiPageURL(name),
 				})
 			}
 		}
@@ -80,7 +80,7 @@ func renderWikiPage(c *context.Context, isViewPage bool) (*git.Repository, strin
 	}
 	c.Data["PageURL"] = pageURL
 
-	pageName := models.ToWikiPageName(pageURL)
+	pageName := db.ToWikiPageName(pageURL)
 	c.Data["old_title"] = pageName
 	c.Data["Title"] = pageName
 	c.Data["title"] = pageName
@@ -175,7 +175,7 @@ func WikiPages(c *context.Context) {
 			name := strings.TrimSuffix(entries[i].Name(), ".md")
 			pages = append(pages, PageMeta{
 				Name:    name,
-				URL:     models.ToWikiPageURL(name),
+				URL:     db.ToWikiPageURL(name),
 				Updated: commit.Author.When,
 			})
 		}
@@ -208,7 +208,7 @@ func NewWikiPost(c *context.Context, f form.NewWiki) {
 	}
 
 	if err := c.Repo.Repository.AddWikiPage(c.User, f.Title, f.Content, f.Message); err != nil {
-		if models.IsErrWikiAlreadyExist(err) {
+		if db.IsErrWikiAlreadyExist(err) {
 			c.Data["Err_Title"] = true
 			c.RenderWithErr(c.Tr("repo.wiki.page_already_exists"), WIKI_NEW, &f)
 		} else {
@@ -217,7 +217,7 @@ func NewWikiPost(c *context.Context, f form.NewWiki) {
 		return
 	}
 
-	c.Redirect(c.Repo.RepoLink + "/wiki/" + models.ToWikiPageURL(models.ToWikiPageName(f.Title)))
+	c.Redirect(c.Repo.RepoLink + "/wiki/" + db.ToWikiPageURL(db.ToWikiPageName(f.Title)))
 }
 
 func EditWiki(c *context.Context) {
@@ -253,7 +253,7 @@ func EditWikiPost(c *context.Context, f form.NewWiki) {
 		return
 	}
 
-	c.Redirect(c.Repo.RepoLink + "/wiki/" + models.ToWikiPageURL(models.ToWikiPageName(f.Title)))
+	c.Redirect(c.Repo.RepoLink + "/wiki/" + db.ToWikiPageURL(db.ToWikiPageName(f.Title)))
 }
 
 func DeleteWikiPagePost(c *context.Context) {
@@ -262,7 +262,7 @@ func DeleteWikiPagePost(c *context.Context) {
 		pageURL = "Home"
 	}
 
-	pageName := models.ToWikiPageName(pageURL)
+	pageName := db.ToWikiPageName(pageURL)
 	if err := c.Repo.Repository.DeleteWikiPage(c.User, pageName); err != nil {
 		c.Handle(500, "DeleteWikiPage", err)
 		return
diff --git a/routes/user/auth.go b/internal/route/user/auth.go
index d90a078b..3613297b 100644
--- a/routes/user/auth.go
+++ b/internal/route/user/auth.go
@@ -11,13 +11,13 @@ import (
 	"github.com/go-macaron/captcha"
 	log "gopkg.in/clog.v1"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/form"
-	"gogs.io/gogs/pkg/mailer"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/pkg/tool"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/form"
+	"gogs.io/gogs/internal/mailer"
+	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/tool"
 )
 
 const (
@@ -32,7 +32,7 @@ const (
 
 // AutoLogin reads cookie and try to auto-login.
 func AutoLogin(c *context.Context) (bool, error) {
-	if !models.HasEngine {
+	if !db.HasEngine {
 		return false, nil
 	}
 
@@ -51,7 +51,7 @@ func AutoLogin(c *context.Context) (bool, error) {
 		}
 	}()
 
-	u, err := models.GetUserByName(uname)
+	u, err := db.GetUserByName(uname)
 	if err != nil {
 		if !errors.IsUserNotExist(err) {
 			return false, fmt.Errorf("GetUserByName: %v", err)
@@ -101,7 +101,7 @@ func Login(c *context.Context) {
 	}
 
 	// Display normal login page
-	loginSources, err := models.ActivatedLoginSources()
+	loginSources, err := db.ActivatedLoginSources()
 	if err != nil {
 		c.ServerError("ActivatedLoginSources", err)
 		return
@@ -117,7 +117,7 @@ func Login(c *context.Context) {
 	c.Success(LOGIN)
 }
 
-func afterLogin(c *context.Context, u *models.User, remember bool) {
+func afterLogin(c *context.Context, u *db.User, remember bool) {
 	if remember {
 		days := 86400 * setting.LoginRememberDays
 		c.SetCookie(setting.CookieUserName, u.Name, days, setting.AppSubURL, "", setting.CookieSecure, true)
@@ -148,7 +148,7 @@ func afterLogin(c *context.Context, u *models.User, remember bool) {
 func LoginPost(c *context.Context, f form.SignIn) {
 	c.Title("sign_in")
 
-	loginSources, err := models.ActivatedLoginSources()
+	loginSources, err := db.ActivatedLoginSources()
 	if err != nil {
 		c.ServerError("ActivatedLoginSources", err)
 		return
@@ -160,7 +160,7 @@ func LoginPost(c *context.Context, f form.SignIn) {
 		return
 	}
 
-	u, err := models.UserLogin(f.UserName, f.Password, f.LoginSource)
+	u, err := db.UserLogin(f.UserName, f.Password, f.LoginSource)
 	if err != nil {
 		switch err.(type) {
 		case errors.UserNotExist:
@@ -209,7 +209,7 @@ func LoginTwoFactorPost(c *context.Context) {
 		return
 	}
 
-	t, err := models.GetTwoFactorByUserID(userID)
+	t, err := db.GetTwoFactorByUserID(userID)
 	if err != nil {
 		c.ServerError("GetTwoFactorByUserID", err)
 		return
@@ -226,7 +226,7 @@ func LoginTwoFactorPost(c *context.Context) {
 		return
 	}
 
-	u, err := models.GetUserByID(userID)
+	u, err := db.GetUserByID(userID)
 	if err != nil {
 		c.ServerError("GetUserByID", err)
 		return
@@ -262,7 +262,7 @@ func LoginTwoFactorRecoveryCodePost(c *context.Context) {
 		return
 	}
 
-	if err := models.UseRecoveryCode(userID, c.Query("recovery_code")); err != nil {
+	if err := db.UseRecoveryCode(userID, c.Query("recovery_code")); err != nil {
 		if errors.IsTwoFactorRecoveryCodeNotFound(err) {
 			c.Flash.Error(c.Tr("auth.login_two_factor_invalid_recovery_code"))
 			c.SubURLRedirect("/user/login/two_factor_recovery_code")
@@ -272,7 +272,7 @@ func LoginTwoFactorRecoveryCodePost(c *context.Context) {
 		return
 	}
 
-	u, err := models.GetUserByID(userID)
+	u, err := db.GetUserByID(userID)
 	if err != nil {
 		c.ServerError("GetUserByID", err)
 		return
@@ -330,26 +330,26 @@ func SignUpPost(c *context.Context, cpt *captcha.Captcha, f form.Register) {
 		return
 	}
 
-	u := &models.User{
+	u := &db.User{
 		Name:     f.UserName,
 		Email:    f.Email,
 		Passwd:   f.Password,
 		IsActive: !setting.Service.RegisterEmailConfirm,
 	}
-	if err := models.CreateUser(u); err != nil {
+	if err := db.CreateUser(u); err != nil {
 		switch {
-		case models.IsErrUserAlreadyExist(err):
+		case db.IsErrUserAlreadyExist(err):
 			c.FormErr("UserName")
 			c.RenderWithErr(c.Tr("form.username_been_taken"), SIGNUP, &f)
-		case models.IsErrEmailAlreadyUsed(err):
+		case db.IsErrEmailAlreadyUsed(err):
 			c.FormErr("Email")
 			c.RenderWithErr(c.Tr("form.email_been_used"), SIGNUP, &f)
-		case models.IsErrNameReserved(err):
+		case db.IsErrNameReserved(err):
 			c.FormErr("UserName")
-			c.RenderWithErr(c.Tr("user.form.name_reserved", err.(models.ErrNameReserved).Name), SIGNUP, &f)
-		case models.IsErrNamePatternNotAllowed(err):
+			c.RenderWithErr(c.Tr("user.form.name_reserved", err.(db.ErrNameReserved).Name), SIGNUP, &f)
+		case db.IsErrNamePatternNotAllowed(err):
 			c.FormErr("UserName")
-			c.RenderWithErr(c.Tr("user.form.name_pattern_not_allowed", err.(models.ErrNamePatternNotAllowed).Pattern), SIGNUP, &f)
+			c.RenderWithErr(c.Tr("user.form.name_pattern_not_allowed", err.(db.ErrNamePatternNotAllowed).Pattern), SIGNUP, &f)
 		default:
 			c.ServerError("CreateUser", err)
 		}
@@ -358,10 +358,10 @@ func SignUpPost(c *context.Context, cpt *captcha.Captcha, f form.Register) {
 	log.Trace("Account created: %s", u.Name)
 
 	// Auto-set admin for the only user.
-	if models.CountUsers() == 1 {
+	if db.CountUsers() == 1 {
 		u.IsAdmin = true
 		u.IsActive = true
-		if err := models.UpdateUser(u); err != nil {
+		if err := db.UpdateUser(u); err != nil {
 			c.ServerError("UpdateUser", err)
 			return
 		}
@@ -369,7 +369,7 @@ func SignUpPost(c *context.Context, cpt *captcha.Captcha, f form.Register) {
 
 	// Send confirmation email, no need for social account.
 	if setting.Service.RegisterEmailConfirm && u.ID > 1 {
-		mailer.SendActivateAccountMail(c.Context, models.NewMailerUser(u))
+		mailer.SendActivateAccountMail(c.Context, db.NewMailerUser(u))
 		c.Data["IsSendRegisterMail"] = true
 		c.Data["Email"] = u.Email
 		c.Data["Hours"] = setting.Service.ActiveCodeLives / 60
@@ -398,7 +398,7 @@ func Activate(c *context.Context) {
 				c.Data["ResendLimited"] = true
 			} else {
 				c.Data["Hours"] = setting.Service.ActiveCodeLives / 60
-				mailer.SendActivateAccountMail(c.Context, models.NewMailerUser(c.User))
+				mailer.SendActivateAccountMail(c.Context, db.NewMailerUser(c.User))
 
 				if err := c.Cache.Put(c.User.MailResendCacheKey(), 1, 180); err != nil {
 					log.Error(2, "Failed to put cache key 'mail resend': %v", err)
@@ -412,14 +412,14 @@ func Activate(c *context.Context) {
 	}
 
 	// Verify code.
-	if user := models.VerifyUserActiveCode(code); user != nil {
+	if user := db.VerifyUserActiveCode(code); user != nil {
 		user.IsActive = true
 		var err error
-		if user.Rands, err = models.GetUserSalt(); err != nil {
+		if user.Rands, err = db.GetUserSalt(); err != nil {
 			c.ServerError("GetUserSalt", err)
 			return
 		}
-		if err := models.UpdateUser(user); err != nil {
+		if err := db.UpdateUser(user); err != nil {
 			c.ServerError("UpdateUser", err)
 			return
 		}
@@ -441,7 +441,7 @@ func ActivateEmail(c *context.Context) {
 	email_string := c.Query("email")
 
 	// Verify code.
-	if email := models.VerifyActiveEmailCode(code, email_string); email != nil {
+	if email := db.VerifyActiveEmailCode(code, email_string); email != nil {
 		if err := email.Activate(); err != nil {
 			c.ServerError("ActivateEmail", err)
 		}
@@ -479,7 +479,7 @@ func ForgotPasswdPost(c *context.Context) {
 	email := c.Query("email")
 	c.Data["Email"] = email
 
-	u, err := models.GetUserByEmail(email)
+	u, err := db.GetUserByEmail(email)
 	if err != nil {
 		if errors.IsUserNotExist(err) {
 			c.Data["Hours"] = setting.Service.ActiveCodeLives / 60
@@ -504,7 +504,7 @@ func ForgotPasswdPost(c *context.Context) {
 		return
 	}
 
-	mailer.SendResetPasswordMail(c.Context, models.NewMailerUser(u))
+	mailer.SendResetPasswordMail(c.Context, db.NewMailerUser(u))
 	if err = c.Cache.Put(u.MailResendCacheKey(), 1, 180); err != nil {
 		log.Error(2, "Failed to put cache key 'mail resend': %v", err)
 	}
@@ -537,7 +537,7 @@ func ResetPasswdPost(c *context.Context) {
 	}
 	c.Data["Code"] = code
 
-	if u := models.VerifyUserActiveCode(code); u != nil {
+	if u := db.VerifyUserActiveCode(code); u != nil {
 		// Validate password length.
 		passwd := c.Query("password")
 		if len(passwd) < 6 {
@@ -549,16 +549,16 @@ func ResetPasswdPost(c *context.Context) {
 
 		u.Passwd = passwd
 		var err error
-		if u.Rands, err = models.GetUserSalt(); err != nil {
+		if u.Rands, err = db.GetUserSalt(); err != nil {
 			c.ServerError("GetUserSalt", err)
 			return
 		}
-		if u.Salt, err = models.GetUserSalt(); err != nil {
+		if u.Salt, err = db.GetUserSalt(); err != nil {
 			c.ServerError("GetUserSalt", err)
 			return
 		}
 		u.EncodePasswd()
-		if err := models.UpdateUser(u); err != nil {
+		if err := db.UpdateUser(u); err != nil {
 			c.ServerError("UpdateUser", err)
 			return
 		}
diff --git a/routes/user/home.go b/internal/route/user/home.go
index 87026f7d..c411fae0 100644
--- a/routes/user/home.go
+++ b/internal/route/user/home.go
@@ -11,10 +11,10 @@ import (
 	"github.com/unknwon/com"
 	"github.com/unknwon/paginater"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/setting"
 )
 
 const (
@@ -26,12 +26,12 @@ const (
 )
 
 // getDashboardContextUser finds out dashboard is viewing as which context user.
-func getDashboardContextUser(c *context.Context) *models.User {
+func getDashboardContextUser(c *context.Context) *db.User {
 	ctxUser := c.User
 	orgName := c.Params(":org")
 	if len(orgName) > 0 {
 		// Organization.
-		org, err := models.GetUserByName(orgName)
+		org, err := db.GetUserByName(orgName)
 		if err != nil {
 			c.NotFoundOrServerError("GetUserByName", errors.IsUserNotExist, err)
 			return nil
@@ -52,21 +52,21 @@ func getDashboardContextUser(c *context.Context) *models.User {
 // retrieveFeeds loads feeds from database by given context user.
 // The user could be organization so it is not always the logged in user,
 // which is why we have to explicitly pass the context user ID.
-func retrieveFeeds(c *context.Context, ctxUser *models.User, userID int64, isProfile bool) {
-	actions, err := models.GetFeeds(ctxUser, userID, c.QueryInt64("after_id"), isProfile)
+func retrieveFeeds(c *context.Context, ctxUser *db.User, userID int64, isProfile bool) {
+	actions, err := db.GetFeeds(ctxUser, userID, c.QueryInt64("after_id"), isProfile)
 	if err != nil {
 		c.Handle(500, "GetFeeds", err)
 		return
 	}
 
 	// Check access of private repositories.
-	feeds := make([]*models.Action, 0, len(actions))
+	feeds := make([]*db.Action, 0, len(actions))
 	unameAvatars := make(map[string]string)
 	for _, act := range actions {
 		// Cache results to reduce queries.
 		_, ok := unameAvatars[act.ActUserName]
 		if !ok {
-			u, err := models.GetUserByName(act.ActUserName)
+			u, err := db.GetUserByName(act.ActUserName)
 			if err != nil {
 				if errors.IsUserNotExist(err) {
 					continue
@@ -114,7 +114,7 @@ func Dashboard(c *context.Context) {
 		if err != nil {
 			c.Handle(500, "GetAccessibleRepositories", err)
 			return
-		} else if err = models.RepositoryList(collaborateRepos).LoadAttributes(); err != nil {
+		} else if err = db.RepositoryList(collaborateRepos).LoadAttributes(); err != nil {
 			c.Handle(500, "RepositoryList.LoadAttributes", err)
 			return
 		}
@@ -122,7 +122,7 @@ func Dashboard(c *context.Context) {
 	}
 
 	var err error
-	var repos, mirrors []*models.Repository
+	var repos, mirrors []*db.Repository
 	var repoCount int64
 	if ctxUser.IsOrganization() {
 		repos, repoCount, err = ctxUser.GetUserRepositories(c.User.ID, 1, setting.UI.User.RepoPagingNum)
@@ -154,7 +154,7 @@ func Dashboard(c *context.Context) {
 	c.Data["RepoCount"] = repoCount
 	c.Data["MaxShowRepoNum"] = setting.UI.User.RepoPagingNum
 
-	if err := models.MirrorRepositoryList(mirrors).LoadAttributes(); err != nil {
+	if err := db.MirrorRepositoryList(mirrors).LoadAttributes(); err != nil {
 		c.Handle(500, "MirrorRepositoryList.LoadAttributes", err)
 		return
 	}
@@ -181,21 +181,21 @@ func Issues(c *context.Context) {
 
 	var (
 		sortType   = c.Query("sort")
-		filterMode = models.FILTER_MODE_YOUR_REPOS
+		filterMode = db.FILTER_MODE_YOUR_REPOS
 	)
 
 	// Note: Organization does not have view type and filter mode.
 	if !ctxUser.IsOrganization() {
 		viewType := c.Query("type")
 		types := []string{
-			string(models.FILTER_MODE_YOUR_REPOS),
-			string(models.FILTER_MODE_ASSIGN),
-			string(models.FILTER_MODE_CREATE),
+			string(db.FILTER_MODE_YOUR_REPOS),
+			string(db.FILTER_MODE_ASSIGN),
+			string(db.FILTER_MODE_CREATE),
 		}
 		if !com.IsSliceContainsStr(types, viewType) {
-			viewType = string(models.FILTER_MODE_YOUR_REPOS)
+			viewType = string(db.FILTER_MODE_YOUR_REPOS)
 		}
-		filterMode = models.FilterMode(viewType)
+		filterMode = db.FilterMode(viewType)
 	}
 
 	page := c.QueryInt("page")
@@ -209,9 +209,9 @@ func Issues(c *context.Context) {
 	// Get repositories.
 	var (
 		err         error
-		repos       []*models.Repository
+		repos       []*db.Repository
 		userRepoIDs []int64
-		showRepos   = make([]*models.Repository, 0, 10)
+		showRepos   = make([]*db.Repository, 0, 10)
 	)
 	if ctxUser.IsOrganization() {
 		repos, _, err = ctxUser.GetUserRepositories(c.User.ID, 1, ctxUser.NumRepos)
@@ -231,7 +231,7 @@ func Issues(c *context.Context) {
 	for _, repo := range repos {
 		userRepoIDs = append(userRepoIDs, repo.ID)
 
-		if filterMode != models.FILTER_MODE_YOUR_REPOS {
+		if filterMode != db.FILTER_MODE_YOUR_REPOS {
 			continue
 		}
 
@@ -253,14 +253,14 @@ func Issues(c *context.Context) {
 
 	// Filter repositories if the page shows issues.
 	if !isPullList {
-		userRepoIDs, err = models.FilterRepositoryWithIssues(userRepoIDs)
+		userRepoIDs, err = db.FilterRepositoryWithIssues(userRepoIDs)
 		if err != nil {
 			c.Handle(500, "FilterRepositoryWithIssues", err)
 			return
 		}
 	}
 
-	issueOptions := &models.IssuesOptions{
+	issueOptions := &db.IssuesOptions{
 		RepoID:   repoID,
 		Page:     page,
 		IsClosed: isShowClosed,
@@ -268,7 +268,7 @@ func Issues(c *context.Context) {
 		SortType: sortType,
 	}
 	switch filterMode {
-	case models.FILTER_MODE_YOUR_REPOS:
+	case db.FILTER_MODE_YOUR_REPOS:
 		// Get all issues from repositories from this user.
 		if userRepoIDs == nil {
 			issueOptions.RepoIDs = []int64{-1}
@@ -276,23 +276,23 @@ func Issues(c *context.Context) {
 			issueOptions.RepoIDs = userRepoIDs
 		}
 
-	case models.FILTER_MODE_ASSIGN:
+	case db.FILTER_MODE_ASSIGN:
 		// Get all issues assigned to this user.
 		issueOptions.AssigneeID = ctxUser.ID
 
-	case models.FILTER_MODE_CREATE:
+	case db.FILTER_MODE_CREATE:
 		// Get all issues created by this user.
 		issueOptions.PosterID = ctxUser.ID
 	}
 
-	issues, err := models.Issues(issueOptions)
+	issues, err := db.Issues(issueOptions)
 	if err != nil {
 		c.Handle(500, "Issues", err)
 		return
 	}
 
 	if repoID > 0 {
-		repo, err := models.GetRepositoryByID(repoID)
+		repo, err := db.GetRepositoryByID(repoID)
 		if err != nil {
 			c.Handle(500, "GetRepositoryByID", fmt.Errorf("[#%d] %v", repoID, err))
 			return
@@ -317,7 +317,7 @@ func Issues(c *context.Context) {
 		}
 	}
 
-	issueStats := models.GetUserIssueStats(repoID, ctxUser.ID, userRepoIDs, filterMode, isPullList)
+	issueStats := db.GetUserIssueStats(repoID, ctxUser.ID, userRepoIDs, filterMode, isPullList)
 
 	var total int
 	if !isShowClosed {
@@ -345,7 +345,7 @@ func Issues(c *context.Context) {
 }
 
 func ShowSSHKeys(c *context.Context, uid int64) {
-	keys, err := models.ListPublicKeys(uid)
+	keys, err := db.ListPublicKeys(uid)
 	if err != nil {
 		c.Handle(500, "ListPublicKeys", err)
 		return
@@ -375,7 +375,7 @@ func showOrgProfile(c *context.Context) {
 	}
 
 	var (
-		repos []*models.Repository
+		repos []*db.Repository
 		count int64
 		err   error
 	)
@@ -388,7 +388,7 @@ func showOrgProfile(c *context.Context) {
 		c.Data["Repos"] = repos
 	} else {
 		showPrivate := c.IsLogged && c.User.IsAdmin
-		repos, err = models.GetUserRepositories(&models.UserRepoOptions{
+		repos, err = db.GetUserRepositories(&db.UserRepoOptions{
 			UserID:   org.ID,
 			Private:  showPrivate,
 			Page:     page,
@@ -399,7 +399,7 @@ func showOrgProfile(c *context.Context) {
 			return
 		}
 		c.Data["Repos"] = repos
-		count = models.CountUserRepositories(org.ID, showPrivate)
+		count = db.CountUserRepositories(org.ID, showPrivate)
 	}
 	c.Data["Page"] = paginater.New(int(count), setting.UI.User.RepoPagingNum, page, 5)
 
@@ -415,7 +415,7 @@ func showOrgProfile(c *context.Context) {
 }
 
 func Email2User(c *context.Context) {
-	u, err := models.GetUserByEmail(c.Query("email"))
+	u, err := db.GetUserByEmail(c.Query("email"))
 	if err != nil {
 		c.NotFoundOrServerError("GetUserByEmail", errors.IsUserNotExist, err)
 		return
diff --git a/routes/user/profile.go b/internal/route/user/profile.go
index c9491927..39d36ad0 100644
--- a/routes/user/profile.go
+++ b/internal/route/user/profile.go
@@ -6,15 +6,15 @@ package user
 
 import (
 	"fmt"
+	repo2 "gogs.io/gogs/internal/route/repo"
 	"strings"
 
 	"github.com/unknwon/paginater"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/pkg/tool"
-	"gogs.io/gogs/routes/repo"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/tool"
 )
 
 const (
@@ -43,7 +43,7 @@ func Profile(c *context.Context, puser *context.ParamsUser) {
 	c.PageIs("UserProfile")
 	c.Data["Owner"] = puser
 
-	orgs, err := models.GetOrgsByUserID(puser.ID, c.IsLogged && (c.User.IsAdmin || c.User.ID == puser.ID))
+	orgs, err := db.GetOrgsByUserID(puser.ID, c.IsLogged && (c.User.IsAdmin || c.User.ID == puser.ID))
 	if err != nil {
 		c.ServerError("GetOrgsByUserIDDesc", err)
 		return
@@ -66,7 +66,7 @@ func Profile(c *context.Context, puser *context.ParamsUser) {
 		}
 
 		showPrivate := c.IsLogged && (puser.ID == c.User.ID || c.User.IsAdmin)
-		c.Data["Repos"], err = models.GetUserRepositories(&models.UserRepoOptions{
+		c.Data["Repos"], err = db.GetUserRepositories(&db.UserRepoOptions{
 			UserID:   puser.ID,
 			Private:  showPrivate,
 			Page:     page,
@@ -77,7 +77,7 @@ func Profile(c *context.Context, puser *context.ParamsUser) {
 			return
 		}
 
-		count := models.CountUserRepositories(puser.ID, showPrivate)
+		count := db.CountUserRepositories(puser.ID, showPrivate)
 		c.Data["Page"] = paginater.New(int(count), setting.UI.User.RepoPagingNum, page, 5)
 	}
 
@@ -89,7 +89,7 @@ func Followers(c *context.Context, puser *context.ParamsUser) {
 	c.PageIs("Followers")
 	c.Data["CardsTitle"] = c.Tr("user.followers")
 	c.Data["Owner"] = puser
-	repo.RenderUserCards(c, puser.NumFollowers, puser.GetFollowers, FOLLOWERS)
+	repo2.RenderUserCards(c, puser.NumFollowers, puser.GetFollowers, FOLLOWERS)
 }
 
 func Following(c *context.Context, puser *context.ParamsUser) {
@@ -97,7 +97,7 @@ func Following(c *context.Context, puser *context.ParamsUser) {
 	c.PageIs("Following")
 	c.Data["CardsTitle"] = c.Tr("user.following")
 	c.Data["Owner"] = puser
-	repo.RenderUserCards(c, puser.NumFollowing, puser.GetFollowing, FOLLOWERS)
+	repo2.RenderUserCards(c, puser.NumFollowing, puser.GetFollowing, FOLLOWERS)
 }
 
 func Stars(c *context.Context) {
@@ -108,9 +108,9 @@ func Action(c *context.Context, puser *context.ParamsUser) {
 	var err error
 	switch c.Params(":action") {
 	case "follow":
-		err = models.FollowUser(c.UserID(), puser.ID)
+		err = db.FollowUser(c.UserID(), puser.ID)
 	case "unfollow":
-		err = models.UnfollowUser(c.UserID(), puser.ID)
+		err = db.UnfollowUser(c.UserID(), puser.ID)
 	}
 
 	if err != nil {
diff --git a/routes/user/setting.go b/internal/route/user/setting.go
index ab947913..6b55966f 100644
--- a/routes/user/setting.go
+++ b/internal/route/user/setting.go
@@ -13,18 +13,18 @@ import (
 	"io/ioutil"
 	"strings"
 
-	"github.com/unknwon/com"
 	"github.com/pquerna/otp"
 	"github.com/pquerna/otp/totp"
+	"github.com/unknwon/com"
 	log "gopkg.in/clog.v1"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/models/errors"
-	"gogs.io/gogs/pkg/context"
-	"gogs.io/gogs/pkg/form"
-	"gogs.io/gogs/pkg/mailer"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/pkg/tool"
+	"gogs.io/gogs/internal/context"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/db/errors"
+	"gogs.io/gogs/internal/form"
+	"gogs.io/gogs/internal/mailer"
+	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/tool"
 )
 
 const (
@@ -69,17 +69,17 @@ func SettingsPost(c *context.Context, f form.UpdateProfile) {
 	if c.User.IsLocal() {
 		// Check if username characters have been changed
 		if c.User.LowerName != strings.ToLower(f.Name) {
-			if err := models.ChangeUserName(c.User, f.Name); err != nil {
+			if err := db.ChangeUserName(c.User, f.Name); err != nil {
 				c.FormErr("Name")
 				var msg string
 				switch {
-				case models.IsErrUserAlreadyExist(err):
+				case db.IsErrUserAlreadyExist(err):
 					msg = c.Tr("form.username_been_taken")
-				case models.IsErrEmailAlreadyUsed(err):
+				case db.IsErrEmailAlreadyUsed(err):
 					msg = c.Tr("form.email_been_used")
-				case models.IsErrNameReserved(err):
+				case db.IsErrNameReserved(err):
 					msg = c.Tr("form.name_reserved")
-				case models.IsErrNamePatternNotAllowed(err):
+				case db.IsErrNamePatternNotAllowed(err):
 					msg = c.Tr("form.name_pattern_not_allowed")
 				default:
 					c.ServerError("ChangeUserName", err)
@@ -102,7 +102,7 @@ func SettingsPost(c *context.Context, f form.UpdateProfile) {
 	c.User.Email = f.Email
 	c.User.Website = f.Website
 	c.User.Location = f.Location
-	if err := models.UpdateUser(c.User); err != nil {
+	if err := db.UpdateUser(c.User); err != nil {
 		c.ServerError("UpdateUser", err)
 		return
 	}
@@ -112,7 +112,7 @@ func SettingsPost(c *context.Context, f form.UpdateProfile) {
 }
 
 // FIXME: limit upload size
-func UpdateAvatarSetting(c *context.Context, f form.Avatar, ctxUser *models.User) error {
+func UpdateAvatarSetting(c *context.Context, f form.Avatar, ctxUser *db.User) error {
 	ctxUser.UseCustomAvatar = f.Source == form.AVATAR_LOCAL
 	if len(f.Gravatar) > 0 {
 		ctxUser.Avatar = tool.MD5(f.Gravatar)
@@ -146,7 +146,7 @@ func UpdateAvatarSetting(c *context.Context, f form.Avatar, ctxUser *models.User
 		}
 	}
 
-	if err := models.UpdateUser(ctxUser); err != nil {
+	if err := db.UpdateUser(ctxUser); err != nil {
 		return fmt.Errorf("update user: %v", err)
 	}
 
@@ -199,12 +199,12 @@ func SettingsPasswordPost(c *context.Context, f form.ChangePassword) {
 	} else {
 		c.User.Passwd = f.Password
 		var err error
-		if c.User.Salt, err = models.GetUserSalt(); err != nil {
+		if c.User.Salt, err = db.GetUserSalt(); err != nil {
 			c.ServerError("GetUserSalt", err)
 			return
 		}
 		c.User.EncodePasswd()
-		if err := models.UpdateUser(c.User); err != nil {
+		if err := db.UpdateUser(c.User); err != nil {
 			c.ServerError("UpdateUser", err)
 			return
 		}
@@ -218,7 +218,7 @@ func SettingsEmails(c *context.Context) {
 	c.Title("settings.emails")
 	c.PageIs("SettingsEmails")
 
-	emails, err := models.GetEmailAddresses(c.User.ID)
+	emails, err := db.GetEmailAddresses(c.User.ID)
 	if err != nil {
 		c.ServerError("GetEmailAddresses", err)
 		return
@@ -234,7 +234,7 @@ func SettingsEmailPost(c *context.Context, f form.AddEmail) {
 
 	// Make emailaddress primary.
 	if c.Query("_method") == "PRIMARY" {
-		if err := models.MakeEmailPrimary(&models.EmailAddress{ID: c.QueryInt64("id")}); err != nil {
+		if err := db.MakeEmailPrimary(&db.EmailAddress{ID: c.QueryInt64("id")}); err != nil {
 			c.ServerError("MakeEmailPrimary", err)
 			return
 		}
@@ -244,7 +244,7 @@ func SettingsEmailPost(c *context.Context, f form.AddEmail) {
 	}
 
 	// Add Email address.
-	emails, err := models.GetEmailAddresses(c.User.ID)
+	emails, err := db.GetEmailAddresses(c.User.ID)
 	if err != nil {
 		c.ServerError("GetEmailAddresses", err)
 		return
@@ -256,13 +256,13 @@ func SettingsEmailPost(c *context.Context, f form.AddEmail) {
 		return
 	}
 
-	email := &models.EmailAddress{
+	email := &db.EmailAddress{
 		UID:         c.User.ID,
 		Email:       f.Email,
 		IsActivated: !setting.Service.RegisterEmailConfirm,
 	}
-	if err := models.AddEmailAddress(email); err != nil {
-		if models.IsErrEmailAlreadyUsed(err) {
+	if err := db.AddEmailAddress(email); err != nil {
+		if db.IsErrEmailAlreadyUsed(err) {
 			c.RenderWithErr(c.Tr("form.email_been_used"), SETTINGS_EMAILS, &f)
 		} else {
 			c.ServerError("AddEmailAddress", err)
@@ -272,7 +272,7 @@ func SettingsEmailPost(c *context.Context, f form.AddEmail) {
 
 	// Send confirmation email
 	if setting.Service.RegisterEmailConfirm {
-		mailer.SendActivateEmailMail(c.Context, models.NewMailerUser(c.User), email.Email)
+		mailer.SendActivateEmailMail(c.Context, db.NewMailerUser(c.User), email.Email)
 
 		if err := c.Cache.Put("MailResendLimit_"+c.User.LowerName, c.User.LowerName, 180); err != nil {
 			log.Error(2, "Set cache 'MailResendLimit' failed: %v", err)
@@ -286,7 +286,7 @@ func SettingsEmailPost(c *context.Context, f form.AddEmail) {
 }
 
 func DeleteEmail(c *context.Context) {
-	if err := models.DeleteEmailAddress(&models.EmailAddress{
+	if err := db.DeleteEmailAddress(&db.EmailAddress{
 		ID:  c.QueryInt64("id"),
 		UID: c.User.ID,
 	}); err != nil {
@@ -304,7 +304,7 @@ func SettingsSSHKeys(c *context.Context) {
 	c.Title("settings.ssh_keys")
 	c.PageIs("SettingsSSHKeys")
 
-	keys, err := models.ListPublicKeys(c.User.ID)
+	keys, err := db.ListPublicKeys(c.User.ID)
 	if err != nil {
 		c.ServerError("ListPublicKeys", err)
 		return
@@ -318,7 +318,7 @@ func SettingsSSHKeysPost(c *context.Context, f form.AddSSHKey) {
 	c.Title("settings.ssh_keys")
 	c.PageIs("SettingsSSHKeys")
 
-	keys, err := models.ListPublicKeys(c.User.ID)
+	keys, err := db.ListPublicKeys(c.User.ID)
 	if err != nil {
 		c.ServerError("ListPublicKeys", err)
 		return
@@ -330,9 +330,9 @@ func SettingsSSHKeysPost(c *context.Context, f form.AddSSHKey) {
 		return
 	}
 
-	content, err := models.CheckPublicKeyString(f.Content)
+	content, err := db.CheckPublicKeyString(f.Content)
 	if err != nil {
-		if models.IsErrKeyUnableVerify(err) {
+		if db.IsErrKeyUnableVerify(err) {
 			c.Flash.Info(c.Tr("form.unable_verify_ssh_key"))
 		} else {
 			c.Flash.Error(c.Tr("form.invalid_ssh_key", err.Error()))
@@ -341,13 +341,13 @@ func SettingsSSHKeysPost(c *context.Context, f form.AddSSHKey) {
 		}
 	}
 
-	if _, err = models.AddPublicKey(c.User.ID, f.Title, content); err != nil {
+	if _, err = db.AddPublicKey(c.User.ID, f.Title, content); err != nil {
 		c.Data["HasError"] = true
 		switch {
-		case models.IsErrKeyAlreadyExist(err):
+		case db.IsErrKeyAlreadyExist(err):
 			c.FormErr("Content")
 			c.RenderWithErr(c.Tr("settings.ssh_key_been_used"), SETTINGS_SSH_KEYS, &f)
-		case models.IsErrKeyNameAlreadyUsed(err):
+		case db.IsErrKeyNameAlreadyUsed(err):
 			c.FormErr("Title")
 			c.RenderWithErr(c.Tr("settings.ssh_key_name_used"), SETTINGS_SSH_KEYS, &f)
 		default:
@@ -361,7 +361,7 @@ func SettingsSSHKeysPost(c *context.Context, f form.AddSSHKey) {
 }
 
 func DeleteSSHKey(c *context.Context) {
-	if err := models.DeletePublicKey(c.User, c.QueryInt64("id")); err != nil {
+	if err := db.DeletePublicKey(c.User, c.QueryInt64("id")); err != nil {
 		c.Flash.Error("DeletePublicKey: " + err.Error())
 	} else {
 		c.Flash.Success(c.Tr("settings.ssh_key_deletion_success"))
@@ -376,7 +376,7 @@ func SettingsSecurity(c *context.Context) {
 	c.Title("settings.security")
 	c.PageIs("SettingsSecurity")
 
-	t, err := models.GetTwoFactorByUserID(c.UserID())
+	t, err := db.GetTwoFactorByUserID(c.UserID())
 	if err != nil && !errors.IsTwoFactorNotFound(err) {
 		c.ServerError("GetTwoFactorByUserID", err)
 		return
@@ -444,7 +444,7 @@ func SettingsTwoFactorEnablePost(c *context.Context) {
 		return
 	}
 
-	if err := models.NewTwoFactor(c.UserID(), secret); err != nil {
+	if err := db.NewTwoFactor(c.UserID(), secret); err != nil {
 		c.Flash.Error(c.Tr("settings.two_factor_enable_error", err))
 		c.SubURLRedirect("/user/settings/security/two_factor_enable")
 		return
@@ -465,7 +465,7 @@ func SettingsTwoFactorRecoveryCodes(c *context.Context) {
 	c.Title("settings.two_factor_recovery_codes_title")
 	c.PageIs("SettingsSecurity")
 
-	recoveryCodes, err := models.GetRecoveryCodesByUserID(c.UserID())
+	recoveryCodes, err := db.GetRecoveryCodesByUserID(c.UserID())
 	if err != nil {
 		c.ServerError("GetRecoveryCodesByUserID", err)
 		return
@@ -481,7 +481,7 @@ func SettingsTwoFactorRecoveryCodesPost(c *context.Context) {
 		return
 	}
 
-	if err := models.RegenerateRecoveryCodes(c.UserID()); err != nil {
+	if err := db.RegenerateRecoveryCodes(c.UserID()); err != nil {
 		c.Flash.Error(c.Tr("settings.two_factor_regenerate_recovery_codes_error", err))
 	} else {
 		c.Flash.Success(c.Tr("settings.two_factor_regenerate_recovery_codes_success"))
@@ -496,7 +496,7 @@ func SettingsTwoFactorDisable(c *context.Context) {
 		return
 	}
 
-	if err := models.DeleteTwoFactor(c.UserID()); err != nil {
+	if err := db.DeleteTwoFactor(c.UserID()); err != nil {
 		c.ServerError("DeleteTwoFactor", err)
 		return
 	}
@@ -511,12 +511,12 @@ func SettingsRepos(c *context.Context) {
 	c.Title("settings.repos")
 	c.PageIs("SettingsRepositories")
 
-	repos, err := models.GetUserAndCollaborativeRepositories(c.User.ID)
+	repos, err := db.GetUserAndCollaborativeRepositories(c.User.ID)
 	if err != nil {
 		c.ServerError("GetUserAndCollaborativeRepositories", err)
 		return
 	}
-	if err = models.RepositoryList(repos).LoadAttributes(); err != nil {
+	if err = db.RepositoryList(repos).LoadAttributes(); err != nil {
 		c.ServerError("LoadAttributes", err)
 		return
 	}
@@ -526,7 +526,7 @@ func SettingsRepos(c *context.Context) {
 }
 
 func SettingsLeaveRepo(c *context.Context) {
-	repo, err := models.GetRepositoryByID(c.QueryInt64("id"))
+	repo, err := db.GetRepositoryByID(c.QueryInt64("id"))
 	if err != nil {
 		c.NotFoundOrServerError("GetRepositoryByID", errors.IsRepoNotExist, err)
 		return
@@ -547,7 +547,7 @@ func SettingsOrganizations(c *context.Context) {
 	c.Title("settings.orgs")
 	c.PageIs("SettingsOrganizations")
 
-	orgs, err := models.GetOrgsByUserID(c.User.ID, true)
+	orgs, err := db.GetOrgsByUserID(c.User.ID, true)
 	if err != nil {
 		c.ServerError("GetOrgsByUserID", err)
 		return
@@ -558,8 +558,8 @@ func SettingsOrganizations(c *context.Context) {
 }
 
 func SettingsLeaveOrganization(c *context.Context) {
-	if err := models.RemoveOrgUser(c.QueryInt64("id"), c.User.ID); err != nil {
-		if models.IsErrLastOrgOwner(err) {
+	if err := db.RemoveOrgUser(c.QueryInt64("id"), c.User.ID); err != nil {
+		if db.IsErrLastOrgOwner(err) {
 			c.Flash.Error(c.Tr("form.last_org_owner"))
 		} else {
 			c.ServerError("RemoveOrgUser", err)
@@ -576,7 +576,7 @@ func SettingsApplications(c *context.Context) {
 	c.Title("settings.applications")
 	c.PageIs("SettingsApplications")
 
-	tokens, err := models.ListAccessTokens(c.User.ID)
+	tokens, err := db.ListAccessTokens(c.User.ID)
 	if err != nil {
 		c.ServerError("ListAccessTokens", err)
 		return
@@ -591,7 +591,7 @@ func SettingsApplicationsPost(c *context.Context, f form.NewAccessToken) {
 	c.PageIs("SettingsApplications")
 
 	if c.HasError() {
-		tokens, err := models.ListAccessTokens(c.User.ID)
+		tokens, err := db.ListAccessTokens(c.User.ID)
 		if err != nil {
 			c.ServerError("ListAccessTokens", err)
 			return
@@ -602,11 +602,11 @@ func SettingsApplicationsPost(c *context.Context, f form.NewAccessToken) {
 		return
 	}
 
-	t := &models.AccessToken{
+	t := &db.AccessToken{
 		UID:  c.User.ID,
 		Name: f.Name,
 	}
-	if err := models.NewAccessToken(t); err != nil {
+	if err := db.NewAccessToken(t); err != nil {
 		if errors.IsAccessTokenNameAlreadyExist(err) {
 			c.Flash.Error(c.Tr("settings.token_name_exists"))
 			c.SubURLRedirect("/user/settings/applications")
@@ -622,7 +622,7 @@ func SettingsApplicationsPost(c *context.Context, f form.NewAccessToken) {
 }
 
 func SettingsDeleteApplication(c *context.Context) {
-	if err := models.DeleteAccessTokenOfUserByID(c.User.ID, c.QueryInt64("id")); err != nil {
+	if err := db.DeleteAccessTokenOfUserByID(c.User.ID, c.QueryInt64("id")); err != nil {
 		c.Flash.Error("DeleteAccessTokenByID: " + err.Error())
 	} else {
 		c.Flash.Success(c.Tr("settings.delete_token_success"))
@@ -638,7 +638,7 @@ func SettingsDelete(c *context.Context) {
 	c.PageIs("SettingsDelete")
 
 	if c.Req.Method == "POST" {
-		if _, err := models.UserLogin(c.User.Name, c.Query("password"), c.User.LoginSource); err != nil {
+		if _, err := db.UserLogin(c.User.Name, c.Query("password"), c.User.LoginSource); err != nil {
 			if errors.IsUserNotExist(err) {
 				c.RenderWithErr(c.Tr("form.enterred_invalid_password"), SETTINGS_DELETE, nil)
 			} else {
@@ -647,12 +647,12 @@ func SettingsDelete(c *context.Context) {
 			return
 		}
 
-		if err := models.DeleteUser(c.User); err != nil {
+		if err := db.DeleteUser(c.User); err != nil {
 			switch {
-			case models.IsErrUserOwnRepos(err):
+			case db.IsErrUserOwnRepos(err):
 				c.Flash.Error(c.Tr("form.still_own_repo"))
 				c.Redirect(setting.AppSubURL + "/user/settings/delete")
-			case models.IsErrUserHasOrgs(err):
+			case db.IsErrUserHasOrgs(err):
 				c.Flash.Error(c.Tr("form.still_has_org"))
 				c.Redirect(setting.AppSubURL + "/user/settings/delete")
 			default:
diff --git a/pkg/setting/miniwinsvc.go b/internal/setting/miniwinsvc.go
index a7c6890d..a7c6890d 100644
--- a/pkg/setting/miniwinsvc.go
+++ b/internal/setting/miniwinsvc.go
diff --git a/pkg/setting/setting.go b/internal/setting/setting.go
index cd0b29c9..7166f885 100644
--- a/pkg/setting/setting.go
+++ b/internal/setting/setting.go
@@ -27,9 +27,9 @@ import (
 
 	"github.com/gogs/go-libravatar"
 
-	"gogs.io/gogs/pkg/bindata"
-	"gogs.io/gogs/pkg/process"
-	"gogs.io/gogs/pkg/user"
+	"gogs.io/gogs/internal/bindata"
+	"gogs.io/gogs/internal/process"
+	"gogs.io/gogs/internal/user"
 )
 
 type Scheme string
diff --git a/pkg/ssh/ssh.go b/internal/ssh/ssh.go
index 25a519ca..c7368383 100644
--- a/pkg/ssh/ssh.go
+++ b/internal/ssh/ssh.go
@@ -18,8 +18,8 @@ import (
 	"golang.org/x/crypto/ssh"
 	log "gopkg.in/clog.v1"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/setting"
 )
 
 func cleanCommand(cmd string) string {
@@ -154,7 +154,7 @@ func Listen(host string, port int, ciphers []string) {
 			Ciphers: ciphers,
 		},
 		PublicKeyCallback: func(conn ssh.ConnMetadata, key ssh.PublicKey) (*ssh.Permissions, error) {
-			pkey, err := models.SearchPublicKeyByContent(strings.TrimSpace(string(ssh.MarshalAuthorizedKey(key))))
+			pkey, err := db.SearchPublicKeyByContent(strings.TrimSpace(string(ssh.MarshalAuthorizedKey(key))))
 			if err != nil {
 				log.Error(3, "SearchPublicKeyByContent: %v", err)
 				return nil, err
diff --git a/pkg/sync/exclusive_pool.go b/internal/sync/exclusive_pool.go
index 744cc7c9..744cc7c9 100644
--- a/pkg/sync/exclusive_pool.go
+++ b/internal/sync/exclusive_pool.go
diff --git a/pkg/sync/status_pool.go b/internal/sync/status_pool.go
index 2d729715..2d729715 100644
--- a/pkg/sync/status_pool.go
+++ b/internal/sync/status_pool.go
diff --git a/pkg/sync/unique_queue.go b/internal/sync/unique_queue.go
index 48355019..48355019 100644
--- a/pkg/sync/unique_queue.go
+++ b/internal/sync/unique_queue.go
diff --git a/pkg/template/highlight/highlight.go b/internal/template/highlight/highlight.go
index 0a943f9b..38a7df55 100644
--- a/pkg/template/highlight/highlight.go
+++ b/internal/template/highlight/highlight.go
@@ -8,7 +8,7 @@ import (
 	"path"
 	"strings"
 
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/setting"
 )
 
 var (
diff --git a/pkg/template/template.go b/internal/template/template.go
index 97bd7a18..36fb2612 100644
--- a/pkg/template/template.go
+++ b/internal/template/template.go
@@ -21,10 +21,10 @@ import (
 	log "gopkg.in/clog.v1"
 	"gopkg.in/editorconfig/editorconfig-core-go.v1"
 
-	"gogs.io/gogs/models"
-	"gogs.io/gogs/pkg/markup"
-	"gogs.io/gogs/pkg/setting"
-	"gogs.io/gogs/pkg/tool"
+	"gogs.io/gogs/internal/db"
+	"gogs.io/gogs/internal/markup"
+	"gogs.io/gogs/internal/setting"
+	"gogs.io/gogs/internal/tool"
 )
 
 // TODO: only initialize map once and save to a local variable to reduce copies.
@@ -284,8 +284,8 @@ func ActionIcon(opType int) string {
 	}
 }
 
-func ActionContent2Commits(act Actioner) *models.PushCommits {
-	push := models.NewPushCommits()
+func ActionContent2Commits(act Actioner) *db.PushCommits {
+	push := db.NewPushCommits()
 	if err := jsoniter.Unmarshal([]byte(act.GetContent()), push); err != nil {
 		log.Error(4, "Unmarshal:\n%s\nERROR: %v", act.GetContent(), err)
 	}
diff --git a/pkg/tool/file.go b/internal/tool/file.go
index 6ca4136a..6ca4136a 100644
--- a/pkg/tool/file.go
+++ b/internal/tool/file.go
diff --git a/pkg/tool/path.go b/internal/tool/path.go
index e95bba8b..e95bba8b 100644
--- a/pkg/tool/path.go
+++ b/internal/tool/path.go
diff --git a/pkg/tool/path_test.go b/internal/tool/path_test.go
index 44ee975f..44ee975f 100644
--- a/pkg/tool/path_test.go
+++ b/internal/tool/path_test.go
diff --git a/pkg/tool/tool.go b/internal/tool/tool.go
index 13d06f6b..d177af0b 100644
--- a/pkg/tool/tool.go
+++ b/internal/tool/tool.go
@@ -24,7 +24,7 @@ import (
 
 	"github.com/gogs/chardet"
 
-	"gogs.io/gogs/pkg/setting"
+	"gogs.io/gogs/internal/setting"
 )
 
 // MD5Bytes encodes string to MD5 bytes.
diff --git a/pkg/user/user.go b/internal/user/user.go
index 4415632e..4415632e 100644
--- a/pkg/user/user.go
+++ b/internal/user/user.go
diff --git a/templates/.VERSION b/templates/.VERSION
index 968daad3..8d399722 100644
--- a/templates/.VERSION
+++ b/templates/.VERSION
@@ -1 +1 @@
-0.11.95.1023
+0.11.95.1024