Feature/password protected videos (#5836)

* Add server endpoints

* Refactoring test suites

* Update server and add openapi documentation

* fix compliation and tests

* upload/import password protected video on client

* add server error code

* Add video password to update resolver

* add custom message when sharing pw protected video

* improve confirm component

* Add new alert in component

* Add ability to watch protected video on client

* Cannot have password protected replay privacy

* Add migration

* Add tests

* update after review

* Update check params tests

* Add live videos test

* Add more filter test

* Update static file privacy test

* Update object storage tests

* Add test on feeds

* Add missing word

* Fix tests

* Fix tests on live videos

* add embed support on password protected videos

* fix style

* Correcting data leaks

* Unable to add password protected privacy on replay

* Updated code based on review comments

* fix validator and command

* Updated code based on review comments

3 files changed, 154 insertions, 12 deletions

diff --git a/server/middlewares/validators/shared/index.ts b/server/middlewares/validators/shared/index.ts
index de98cd442..e5cff2dda 100644
--- a/server/middlewares/validators/shared/index.ts
+++ b/server/middlewares/validators/shared/index.ts
@@ -10,4 +10,5 @@ export * from './video-comments'
 export * from './video-imports'
 export * from './video-ownerships'
 export * from './video-playlists'
+export * from './video-passwords'
 export * from './videos'
diff --git a/server/middlewares/validators/shared/video-passwords.ts b/server/middlewares/validators/shared/video-passwords.ts
new file mode 100644
index 000000000..efcc95dc4
--- /dev/null
+++ b/server/middlewares/validators/shared/video-passwords.ts
@@ -0,0 +1,80 @@
+import express from 'express'
+import { HttpStatusCode, UserRight, VideoPrivacy } from '@shared/models'
+import { forceNumber } from '@shared/core-utils'
+import { VideoPasswordModel } from '@server/models/video/video-password'
+import { header } from 'express-validator'
+import { getVideoWithAttributes } from '@server/helpers/video'
+
+function isValidVideoPasswordHeader () {
+  return header('x-peertube-video-password')
+    .optional()
+    .isString()
+}
+
+function checkVideoIsPasswordProtected (res: express.Response) {
+  const video = getVideoWithAttributes(res)
+  if (video.privacy !== VideoPrivacy.PASSWORD_PROTECTED) {
+    res.fail({
+      status: HttpStatusCode.BAD_REQUEST_400,
+      message: 'Video is not password protected'
+    })
+    return false
+  }
+
+  return true
+}
+
+async function doesVideoPasswordExist (idArg: number | string, res: express.Response) {
+  const video = getVideoWithAttributes(res)
+  const id = forceNumber(idArg)
+  const videoPassword = await VideoPasswordModel.loadByIdAndVideo({ id, videoId: video.id })
+
+  if (!videoPassword) {
+    res.fail({
+      status: HttpStatusCode.NOT_FOUND_404,
+      message: 'Video password not found'
+    })
+    return false
+  }
+
+  res.locals.videoPassword = videoPassword
+
+  return true
+}
+
+async function isVideoPasswordDeletable (res: express.Response) {
+  const user = res.locals.oauth.token.User
+  const userAccount = user.Account
+  const video = res.locals.videoAll
+
+  // Check if the user who did the request is able to delete the video passwords
+  if (
+    user.hasRight(UserRight.UPDATE_ANY_VIDEO) === false && // Not a moderator
+    video.VideoChannel.accountId !== userAccount.id // Not the video owner
+  ) {
+    res.fail({
+      status: HttpStatusCode.FORBIDDEN_403,
+      message: 'Cannot remove passwords of another user\'s video'
+    })
+    return false
+  }
+
+  const passwordCount = await VideoPasswordModel.countByVideoId(video.id)
+
+  if (passwordCount <= 1) {
+    res.fail({
+      status: HttpStatusCode.BAD_REQUEST_400,
+      message: 'Cannot delete the last password of the protected video'
+    })
+    return false
+  }
+
+  return true
+}
+
+export {
+  isValidVideoPasswordHeader,
+  checkVideoIsPasswordProtected as isVideoPasswordProtected,
+  doesVideoPasswordExist,
+  isVideoPasswordDeletable
+}
diff --git a/server/middlewares/validators/shared/videos.ts b/server/middlewares/validators/shared/videos.ts
index 0033a32ff..9a7497007 100644
--- a/server/middlewares/validators/shared/videos.ts
+++ b/server/middlewares/validators/shared/videos.ts
@@ -20,6 +20,8 @@ import {
   MVideoWithRights
 } from '@server/types/models'
 import { HttpStatusCode, ServerErrorCode, UserRight, VideoPrivacy } from '@shared/models'
+import { VideoPasswordModel } from '@server/models/video/video-password'
+import { exists } from '@server/helpers/custom-validators/misc'
 
 async function doesVideoExist (id: number | string, res: Response, fetchType: VideoLoadType = 'all') {
   const userId = res.locals.oauth ? res.locals.oauth.token.User.id : undefined
@@ -111,8 +113,12 @@ async function checkCanSeeVideo (options: {
 }) {
   const { req, res, video, paramId } = options
 
-  if (video.requiresAuth({ urlParamId: paramId, checkBlacklist: true })) {
-    return checkCanSeeAuthVideo(req, res, video)
+  if (video.requiresUserAuth({ urlParamId: paramId, checkBlacklist: true })) {
+    return checkCanSeeUserAuthVideo({ req, res, video })
+  }
+
+  if (video.privacy === VideoPrivacy.PASSWORD_PROTECTED) {
+    return checkCanSeePasswordProtectedVideo({ req, res, video })
   }
 
   if (video.privacy === VideoPrivacy.UNLISTED || video.privacy === VideoPrivacy.PUBLIC) {
@@ -122,7 +128,13 @@ async function checkCanSeeVideo (options: {
   throw new Error('Unknown video privacy when checking video right ' + video.url)
 }
 
-async function checkCanSeeAuthVideo (req: Request, res: Response, video: MVideoId | MVideoWithRights) {
+async function checkCanSeeUserAuthVideo (options: {
+  req: Request
+  res: Response
+  video: MVideoId | MVideoWithRights
+}) {
+  const { req, res, video } = options
+
   const fail = () => {
     res.fail({
       status: HttpStatusCode.FORBIDDEN_403,
@@ -132,14 +144,12 @@ async function checkCanSeeAuthVideo (req: Request, res: Response, video: MVideoI
     return false
   }
 
-  await authenticatePromise(req, res)
+  await authenticatePromise({ req, res })
 
   const user = res.locals.oauth?.token.User
   if (!user) return fail()
 
-  const videoWithRights = (video as MVideoWithRights).VideoChannel?.Account?.userId
-    ? video as MVideoWithRights
-    : await VideoModel.loadFull(video.id)
+  const videoWithRights = await getVideoWithRights(video as MVideoWithRights)
 
   const privacy = videoWithRights.privacy
 
@@ -148,16 +158,14 @@ async function checkCanSeeAuthVideo (req: Request, res: Response, video: MVideoI
     return true
   }
 
-  const isOwnedByUser = videoWithRights.VideoChannel.Account.userId === user.id
-
   if (videoWithRights.isBlacklisted()) {
-    if (isOwnedByUser || user.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST)) return true
+    if (canUserAccessVideo(user, videoWithRights, UserRight.MANAGE_VIDEO_BLACKLIST)) return true
 
     return fail()
   }
 
   if (privacy === VideoPrivacy.PRIVATE || privacy === VideoPrivacy.UNLISTED) {
-    if (isOwnedByUser || user.hasRight(UserRight.SEE_ALL_VIDEOS)) return true
+    if (canUserAccessVideo(user, videoWithRights, UserRight.SEE_ALL_VIDEOS)) return true
 
     return fail()
   }
@@ -166,6 +174,59 @@ async function checkCanSeeAuthVideo (req: Request, res: Response, video: MVideoI
   return fail()
 }
 
+async function checkCanSeePasswordProtectedVideo (options: {
+  req: Request
+  res: Response
+  video: MVideo
+}) {
+  const { req, res, video } = options
+
+  const videoWithRights = await getVideoWithRights(video as MVideoWithRights)
+
+  const videoPassword = req.header('x-peertube-video-password')
+
+  if (!exists(videoPassword)) {
+    const errorMessage = 'Please provide a password to access this password protected video'
+    const errorType = ServerErrorCode.VIDEO_REQUIRES_PASSWORD
+
+    if (req.header('authorization')) {
+      await authenticatePromise({ req, res, errorMessage, errorStatus: HttpStatusCode.FORBIDDEN_403, errorType })
+      const user = res.locals.oauth?.token.User
+
+      if (canUserAccessVideo(user, videoWithRights, UserRight.SEE_ALL_VIDEOS)) return true
+    }
+
+    res.fail({
+      status: HttpStatusCode.FORBIDDEN_403,
+      type: errorType,
+      message: errorMessage
+    })
+    return false
+  }
+
+  if (await VideoPasswordModel.isACorrectPassword({ videoId: video.id, password: videoPassword })) return true
+
+  res.fail({
+    status: HttpStatusCode.FORBIDDEN_403,
+    type: ServerErrorCode.INCORRECT_VIDEO_PASSWORD,
+    message: 'Incorrect video password. Access to the video is denied.'
+  })
+
+  return false
+}
+
+function canUserAccessVideo (user: MUser, video: MVideoWithRights | MVideoAccountLight, right: UserRight) {
+  const isOwnedByUser = video.VideoChannel.Account.userId === user.id
+
+  return isOwnedByUser || user.hasRight(right)
+}
+
+async function getVideoWithRights (video: MVideoWithRights): Promise<MVideoWithRights> {
+  return video.VideoChannel?.Account?.userId
+    ? video
+    : VideoModel.loadFull(video.id)
+}
+
 // ---------------------------------------------------------------------------
 
 async function checkCanAccessVideoStaticFiles (options: {
@@ -176,7 +237,7 @@ async function checkCanAccessVideoStaticFiles (options: {
 }) {
   const { video, req, res } = options
 
-  if (res.locals.oauth?.token.User) {
+  if (res.locals.oauth?.token.User || exists(req.header('x-peertube-video-password'))) {
     return checkCanSeeVideo(options)
   }