6 files changed, 53 insertions, 35 deletions
diff --git a/cmd/web.go b/cmd/web.go
index 289e07285f..b5690c87c1 100644
--- a/cmd/web.go
+++ b/cmd/web.go
@@ -64,7 +64,7 @@ func checkVersion() {
 
 	// Check dependency version.
 	macaronVer := git.MustParseVersion(strings.Join(strings.Split(macaron.Version(), ".")[:3], "."))
-	if macaronVer.LessThan(git.MustParseVersion("0.2.3")) {
+	if macaronVer.LessThan(git.MustParseVersion("0.4.0")) {
 		log.Fatal(4, "Package macaron version is too old, did you forget to update?(github.com/Unknwon/macaron)")
 	}
 	i18nVer := git.MustParseVersion(i18n.Version())
@@ -354,7 +354,6 @@ func runWeb(*cli.Context) {
 			m.Post("/labels/new", bindIgnErr(auth.CreateLabelForm{}), repo.NewLabel)
 			m.Post("/labels/edit", bindIgnErr(auth.CreateLabelForm{}), repo.UpdateLabel)
 			m.Post("/labels/delete", repo.DeleteLabel)
-			m.Get("/milestones", repo.Milestones)
 			m.Get("/milestones/new", repo.NewMilestone)
 			m.Post("/milestones/new", bindIgnErr(auth.CreateMilestoneForm{}), repo.NewMilestonePost)
 			m.Get("/milestones/:index/edit", repo.UpdateMilestone)
@@ -364,31 +363,28 @@ func runWeb(*cli.Context) {
 
 		m.Post("/comment/:action", repo.Comment)
 		m.Get("/releases/new", repo.NewRelease)
-		m.Get("/releases/edit/:tagname", repo.EditRelease)
-	}, reqSignIn, middleware.RepoAssignment(true))
-
-	m.Group("/:username/:reponame", func() {
 		m.Post("/releases/new", bindIgnErr(auth.NewReleaseForm{}), repo.NewReleasePost)
+		m.Get("/releases/edit/:tagname", repo.EditRelease)
 		m.Post("/releases/edit/:tagname", bindIgnErr(auth.EditReleaseForm{}), repo.EditReleasePost)
 	}, reqSignIn, middleware.RepoAssignment(true))
 
 	m.Group("/:username/:reponame", func() {
+		m.Get("/releases", repo.Releases)
 		m.Get("/issues", repo.Issues)
 		m.Get("/issues/:index", repo.ViewIssue)
+		m.Get("/issues/milestones", repo.Milestones)
 		m.Get("/pulls", repo.Pulls)
 		m.Get("/branches", repo.Branches)
 		m.Get("/archive/*", repo.Download)
 		m.Get("/issues2/", repo.Issues2)
-	}, ignSignIn, middleware.RepoAssignment(true))
 
-	m.Group("/:username/:reponame", func() {
 		m.Group("", func() {
 			m.Get("/src/*", repo.Home)
 			m.Get("/raw/*", repo.SingleDownload)
 			m.Get("/commits/*", repo.RefCommits)
 			m.Get("/commit/*", repo.Diff)
 		}, middleware.RepoRef())
-		m.Get("/releases", repo.Releases)
+
 		m.Get("/compare/:before([a-z0-9]+)...:after([a-z0-9]+)", repo.CompareDiff)
 	}, ignSignIn, middleware.RepoAssignment(true))
 
diff --git a/gogs.go b/gogs.go
index 70379d2f9e..a8e1ea1b63 100644
--- a/gogs.go
+++ b/gogs.go
@@ -17,7 +17,7 @@ import (
 	"github.com/gogits/gogs/modules/setting"
 )
 
-const APP_VER = "0.5.7.1106 Beta"
+const APP_VER = "0.5.7.1107 Beta"
 
 func init() {
 	runtime.GOMAXPROCS(runtime.NumCPU())
diff --git a/modules/base/tool.go b/modules/base/tool.go
index 5b56d1f6b7..4d3e1c7bfd 100644
--- a/modules/base/tool.go
+++ b/modules/base/tool.go
@@ -9,7 +9,9 @@ import (
 	"crypto/md5"
 	"crypto/rand"
 	"crypto/sha1"
+	"encoding/base64"
 	"encoding/hex"
+	"errors"
 	"fmt"
 	"hash"
 	"html/template"
@@ -31,6 +33,26 @@ func EncodeMd5(str string) string {
 	return hex.EncodeToString(m.Sum(nil))
 }
 
+func BasicAuthDecode(encoded string) (user string, name string, err error) {
+	var s []byte
+	s, err = base64.StdEncoding.DecodeString(encoded)
+	if err != nil {
+		return user, name, err
+	}
+
+	a := strings.Split(string(s), ":")
+	if len(a) == 2 {
+		user, name = a[0], a[1]
+	} else {
+		err = errors.New("decode failed")
+	}
+	return user, name, err
+}
+
+func BasicAuthEncode(username, password string) string {
+	return base64.StdEncoding.EncodeToString([]byte(username + ":" + password))
+}
+
 // GetRandomString generate random string by specify chars.
 func GetRandomString(n int, alphabets ...byte) string {
 	const alphanum = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
diff --git a/modules/middleware/context.go b/modules/middleware/context.go
index d2620fed12..7d767b9e76 100644
--- a/modules/middleware/context.go
+++ b/modules/middleware/context.go
@@ -173,6 +173,27 @@ func Contexter() macaron.Handler {
 
 		// Get user from session if logined.
 		ctx.User = auth.SignedInUser(ctx.Req.Header, ctx.Session)
+
+		// Check with basic auth again.
+		if ctx.User == nil {
+			baHead := ctx.Req.Header.Get("Authorization")
+			auths := strings.Fields(baHead)
+			if len(auths) == 2 && auths[0] == "Basic" {
+				uname, passwd, _ := base.BasicAuthDecode(auths[1])
+				u, err := models.GetUserByName(uname)
+				if err != nil {
+					if err != models.ErrUserNotExist {
+						ctx.Handle(500, "GetUserByName", err)
+						return
+					}
+				} else {
+					if u.ValidtePassword(passwd) {
+						ctx.User = u
+					}
+				}
+			}
+		}
+
 		if ctx.User != nil {
 			ctx.IsSigned = true
 			ctx.Data["IsSigned"] = ctx.IsSigned
diff --git a/routers/repo/http.go b/routers/repo/http.go
index 3641f4dae6..0ce83cef4d 100644
--- a/routers/repo/http.go
+++ b/routers/repo/http.go
@@ -7,8 +7,6 @@ package repo
 import (
 	"bytes"
 	"compress/gzip"
-	"encoding/base64"
-	"errors"
 	"fmt"
 	"io"
 	"io/ioutil"
@@ -16,6 +14,7 @@ import (
 	"os"
 	"os/exec"
 	"path"
+
 	"path/filepath"
 	"regexp"
 	"strconv"
@@ -29,27 +28,6 @@ import (
 	"github.com/gogits/gogs/modules/setting"
 )
 
-func basicEncode(username, password string) string {
-	auth := username + ":" + password
-	return base64.StdEncoding.EncodeToString([]byte(auth))
-}
-
-func basicDecode(encoded string) (user string, name string, err error) {
-	var s []byte
-	s, err = base64.StdEncoding.DecodeString(encoded)
-	if err != nil {
-		return user, name, err
-	}
-
-	a := strings.Split(string(s), ":")
-	if len(a) == 2 {
-		user, name = a[0], a[1]
-	} else {
-		err = errors.New("decode failed")
-	}
-	return user, name, err
-}
-
 func authRequired(ctx *middleware.Context) {
 	ctx.Resp.Header().Set("WWW-Authenticate", "Basic realm=\".\"")
 	ctx.Data["ErrorMsg"] = "no basic auth and digit auth"
@@ -112,11 +90,12 @@ func Http(ctx *middleware.Context) {
 		auths := strings.Fields(baHead)
 		// currently check basic auth
 		// TODO: support digit auth
+		// FIXME: middlewares/context.go did basic auth check already
 		if len(auths) != 2 || auths[0] != "Basic" {
 			ctx.Handle(401, "no basic auth and digit auth", nil)
 			return
 		}
-		authUsername, passwd, err = basicDecode(auths[1])
+		authUsername, passwd, err = base.BasicAuthDecode(auths[1])
 		if err != nil {
 			ctx.Handle(401, "no basic auth and digit auth", nil)
 			return
diff --git a/templates/.VERSION b/templates/.VERSION
index 7c013be746..172a31fa28 100644
--- a/templates/.VERSION
+++ b/templates/.VERSION
@@ -1 +1 @@
-0.5.7.1106 Beta
-\ No newline at end of file
+0.5.7.1107 Beta
+\ No newline at end of file