2 files changed, 58 insertions, 52 deletions

diff --git a/routers/api/packages/nuget/nuget.go b/routers/api/packages/nuget/nuget.go
index 0eb817c1a3..09156ece6b 100644
--- a/routers/api/packages/nuget/nuget.go
+++ b/routers/api/packages/nuget/nuget.go
@@ -395,49 +395,28 @@ func DownloadPackageFile(ctx *context.Context) {
 	packageVersion := ctx.Params("version")
 	filename := ctx.Params("filename")
 
-	if filename == fmt.Sprintf("%s.nuspec", packageName) {
-		pv, err := packages_model.GetVersionByNameAndVersion(ctx, ctx.Package.Owner.ID, packages_model.TypeNuGet, packageName, packageVersion)
-		if err != nil {
+	s, u, pf, err := packages_service.GetFileStreamByPackageNameAndVersion(
+		ctx,
+		&packages_service.PackageInfo{
+			Owner:       ctx.Package.Owner,
+			PackageType: packages_model.TypeNuGet,
+			Name:        packageName,
+			Version:     packageVersion,
+		},
+		&packages_service.PackageFileInfo{
+			Filename: filename,
+		},
+	)
+	if err != nil {
+		if err == packages_model.ErrPackageNotExist || err == packages_model.ErrPackageFileNotExist {
 			apiError(ctx, http.StatusNotFound, err)
 			return
 		}
-
-		pd, err := packages_model.GetPackageDescriptor(ctx, pv)
-		if err != nil {
-			apiError(ctx, http.StatusInternalServerError, err)
-			return
-		}
-		pkg := &nuget_module.Package{
-			ID:       pd.Package.Name,
-			Version:  packageVersion,
-			Metadata: pd.Metadata.(*nuget_module.Metadata),
-		}
-
-		xmlResponse(ctx, http.StatusOK, nuget_module.GenerateNuspec(pkg))
-	} else {
-		s, u, pf, err := packages_service.GetFileStreamByPackageNameAndVersion(
-			ctx,
-			&packages_service.PackageInfo{
-				Owner:       ctx.Package.Owner,
-				PackageType: packages_model.TypeNuGet,
-				Name:        packageName,
-				Version:     packageVersion,
-			},
-			&packages_service.PackageFileInfo{
-				Filename: filename,
-			},
-		)
-		if err != nil {
-			if err == packages_model.ErrPackageNotExist || err == packages_model.ErrPackageFileNotExist {
-				apiError(ctx, http.StatusNotFound, err)
-				return
-			}
-			apiError(ctx, http.StatusInternalServerError, err)
-			return
-		}
-
-		helper.ServePackageFile(ctx, s, u, pf)
+		apiError(ctx, http.StatusInternalServerError, err)
+		return
 	}
+
+	helper.ServePackageFile(ctx, s, u, pf)
 }
 
 // UploadPackage creates a new package with the metadata contained in the uploaded nupgk file
@@ -453,7 +432,7 @@ func UploadPackage(ctx *context.Context) {
 		return
 	}
 
-	_, _, err := packages_service.CreatePackageAndAddFile(
+	pv, _, err := packages_service.CreatePackageAndAddFile(
 		ctx,
 		&packages_service.PackageCreationInfo{
 			PackageInfo: packages_service.PackageInfo{
@@ -487,6 +466,33 @@ func UploadPackage(ctx *context.Context) {
 		return
 	}
 
+	nuspecBuf, err := packages_module.CreateHashedBufferFromReaderWithSize(np.NuspecContent, np.NuspecContent.Len())
+	if err != nil {
+		apiError(ctx, http.StatusInternalServerError, err)
+		return
+	}
+	defer nuspecBuf.Close()
+
+	_, err = packages_service.AddFileToPackageVersionInternal(
+		ctx,
+		pv,
+		&packages_service.PackageFileCreationInfo{
+			PackageFileInfo: packages_service.PackageFileInfo{
+				Filename: strings.ToLower(fmt.Sprintf("%s.nuspec", np.ID)),
+			},
+			Data: nuspecBuf,
+		},
+	)
+	if err != nil {
+		switch err {
+		case packages_service.ErrQuotaTotalCount, packages_service.ErrQuotaTypeSize, packages_service.ErrQuotaTotalSize:
+			apiError(ctx, http.StatusForbidden, err)
+		default:
+			apiError(ctx, http.StatusInternalServerError, err)
+		}
+		return
+	}
+
 	ctx.Status(http.StatusCreated)
 }
 
diff --git a/routers/web/repo/setting/webhook.go b/routers/web/repo/setting/webhook.go
index 4469eac9e8..eee493e2c2 100644
--- a/routers/web/repo/setting/webhook.go
+++ b/routers/web/repo/setting/webhook.go
@@ -148,7 +148,7 @@ func WebhookNew(ctx *context.Context) {
 }
 
 // ParseHookEvent convert web form content to webhook.HookEvent
-func ParseHookEvent(form forms.WebhookForm) *webhook_module.HookEvent {
+func ParseHookEvent(form forms.WebhookCoreForm) *webhook_module.HookEvent {
 	return &webhook_module.HookEvent{
 		PushOnly:       form.PushOnly(),
 		SendEverything: form.SendEverything(),
@@ -188,7 +188,7 @@ func WebhookCreate(ctx *context.Context) {
 		return
 	}
 
-	fields := handler.FormFields(func(form any) {
+	fields := handler.UnmarshalForm(func(form any) {
 		errs := binding.Bind(ctx.Req, form)
 		middleware.Validate(errs, ctx.Data, form, ctx.Locale) // error checked below in ctx.HasError
 	})
@@ -215,10 +215,10 @@ func WebhookCreate(ctx *context.Context) {
 		w.URL = fields.URL
 		w.ContentType = fields.ContentType
 		w.Secret = fields.Secret
-		w.HookEvent = ParseHookEvent(fields.WebhookForm)
-		w.IsActive = fields.WebhookForm.Active
+		w.HookEvent = ParseHookEvent(fields.WebhookCoreForm)
+		w.IsActive = fields.Active
 		w.HTTPMethod = fields.HTTPMethod
-		err := w.SetHeaderAuthorization(fields.WebhookForm.AuthorizationHeader)
+		err := w.SetHeaderAuthorization(fields.AuthorizationHeader)
 		if err != nil {
 			ctx.ServerError("SetHeaderAuthorization", err)
 			return
@@ -245,14 +245,14 @@ func WebhookCreate(ctx *context.Context) {
 		HTTPMethod:      fields.HTTPMethod,
 		ContentType:     fields.ContentType,
 		Secret:          fields.Secret,
-		HookEvent:       ParseHookEvent(fields.WebhookForm),
-		IsActive:        fields.WebhookForm.Active,
+		HookEvent:       ParseHookEvent(fields.WebhookCoreForm),
+		IsActive:        fields.Active,
 		Type:            hookType,
 		Meta:            string(meta),
 		OwnerID:         orCtx.OwnerID,
 		IsSystemWebhook: orCtx.IsSystemWebhook,
 	}
-	err = w.SetHeaderAuthorization(fields.WebhookForm.AuthorizationHeader)
+	err = w.SetHeaderAuthorization(fields.AuthorizationHeader)
 	if err != nil {
 		ctx.ServerError("SetHeaderAuthorization", err)
 		return
@@ -286,7 +286,7 @@ func WebhookUpdate(ctx *context.Context) {
 		return
 	}
 
-	fields := handler.FormFields(func(form any) {
+	fields := handler.UnmarshalForm(func(form any) {
 		errs := binding.Bind(ctx.Req, form)
 		middleware.Validate(errs, ctx.Data, form, ctx.Locale) // error checked below in ctx.HasError
 	})
@@ -295,11 +295,11 @@ func WebhookUpdate(ctx *context.Context) {
 	w.URL = fields.URL
 	w.ContentType = fields.ContentType
 	w.Secret = fields.Secret
-	w.HookEvent = ParseHookEvent(fields.WebhookForm)
-	w.IsActive = fields.WebhookForm.Active
+	w.HookEvent = ParseHookEvent(fields.WebhookCoreForm)
+	w.IsActive = fields.Active
 	w.HTTPMethod = fields.HTTPMethod
 
-	err := w.SetHeaderAuthorization(fields.WebhookForm.AuthorizationHeader)
+	err := w.SetHeaderAuthorization(fields.AuthorizationHeader)
 	if err != nil {
 		ctx.ServerError("SetHeaderAuthorization", err)
 		return