Feature/password protected videos (#5836)

* Add server endpoints

* Refactoring test suites

* Update server and add openapi documentation

* fix compliation and tests

* upload/import password protected video on client

* add server error code

* Add video password to update resolver

* add custom message when sharing pw protected video

* improve confirm component

* Add new alert in component

* Add ability to watch protected video on client

* Cannot have password protected replay privacy

* Add migration

* Add tests

* update after review

* Update check params tests

* Add live videos test

* Add more filter test

* Update static file privacy test

* Update object storage tests

* Add test on feeds

* Add missing word

* Fix tests

* Fix tests on live videos

* add embed support on password protected videos

* fix style

* Correcting data leaks

* Unable to add password protected privacy on replay

* Updated code based on review comments

* fix validator and command

* Updated code based on review comments

16 files changed, 334 insertions, 27 deletions

diff --git a/server/middlewares/auth.ts b/server/middlewares/auth.ts
index 0eefa2a8e..39a7b2998 100644
--- a/server/middlewares/auth.ts
+++ b/server/middlewares/auth.ts
@@ -5,6 +5,7 @@ import { RunnerModel } from '@server/models/runner/runner'
 import { HttpStatusCode } from '../../shared/models/http/http-error-codes'
 import { logger } from '../helpers/logger'
 import { handleOAuthAuthenticate } from '../lib/auth/oauth'
+import { ServerErrorCode } from '@shared/models'
 
 function authenticate (req: express.Request, res: express.Response, next: express.NextFunction) {
   handleOAuthAuthenticate(req, res)
@@ -48,15 +49,23 @@ function authenticateSocket (socket: Socket, next: (err?: any) => void) {
     .catch(err => logger.error('Cannot get access token.', { err }))
 }
 
-function authenticatePromise (req: express.Request, res: express.Response) {
+function authenticatePromise (options: {
+  req: express.Request
+  res: express.Response
+  errorMessage?: string
+  errorStatus?: HttpStatusCode
+  errorType?: ServerErrorCode
+}) {
+  const { req, res, errorMessage = 'Not authenticated', errorStatus = HttpStatusCode.UNAUTHORIZED_401, errorType } = options
   return new Promise<void>(resolve => {
     // Already authenticated? (or tried to)
     if (res.locals.oauth?.token.User) return resolve()
 
     if (res.locals.authenticated === false) {
       return res.fail({
-        status: HttpStatusCode.UNAUTHORIZED_401,
-        message: 'Not authenticated'
+        status: errorStatus,
+        type: errorType,
+        message: errorMessage
       })
     }
 
diff --git a/server/middlewares/validators/shared/index.ts b/server/middlewares/validators/shared/index.ts
index de98cd442..e5cff2dda 100644
--- a/server/middlewares/validators/shared/index.ts
+++ b/server/middlewares/validators/shared/index.ts
@@ -10,4 +10,5 @@ export * from './video-comments'
 export * from './video-imports'
 export * from './video-ownerships'
 export * from './video-playlists'
+export * from './video-passwords'
 export * from './videos'
diff --git a/server/middlewares/validators/shared/video-passwords.ts b/server/middlewares/validators/shared/video-passwords.ts
new file mode 100644
index 000000000..efcc95dc4
--- /dev/null
+++ b/server/middlewares/validators/shared/video-passwords.ts
@@ -0,0 +1,80 @@
+import express from 'express'
+import { HttpStatusCode, UserRight, VideoPrivacy } from '@shared/models'
+import { forceNumber } from '@shared/core-utils'
+import { VideoPasswordModel } from '@server/models/video/video-password'
+import { header } from 'express-validator'
+import { getVideoWithAttributes } from '@server/helpers/video'
+
+function isValidVideoPasswordHeader () {
+  return header('x-peertube-video-password')
+    .optional()
+    .isString()
+}
+
+function checkVideoIsPasswordProtected (res: express.Response) {
+  const video = getVideoWithAttributes(res)
+  if (video.privacy !== VideoPrivacy.PASSWORD_PROTECTED) {
+    res.fail({
+      status: HttpStatusCode.BAD_REQUEST_400,
+      message: 'Video is not password protected'
+    })
+    return false
+  }
+
+  return true
+}
+
+async function doesVideoPasswordExist (idArg: number | string, res: express.Response) {
+  const video = getVideoWithAttributes(res)
+  const id = forceNumber(idArg)
+  const videoPassword = await VideoPasswordModel.loadByIdAndVideo({ id, videoId: video.id })
+
+  if (!videoPassword) {
+    res.fail({
+      status: HttpStatusCode.NOT_FOUND_404,
+      message: 'Video password not found'
+    })
+    return false
+  }
+
+  res.locals.videoPassword = videoPassword
+
+  return true
+}
+
+async function isVideoPasswordDeletable (res: express.Response) {
+  const user = res.locals.oauth.token.User
+  const userAccount = user.Account
+  const video = res.locals.videoAll
+
+  // Check if the user who did the request is able to delete the video passwords
+  if (
+    user.hasRight(UserRight.UPDATE_ANY_VIDEO) === false && // Not a moderator
+    video.VideoChannel.accountId !== userAccount.id // Not the video owner
+  ) {
+    res.fail({
+      status: HttpStatusCode.FORBIDDEN_403,
+      message: 'Cannot remove passwords of another user\'s video'
+    })
+    return false
+  }
+
+  const passwordCount = await VideoPasswordModel.countByVideoId(video.id)
+
+  if (passwordCount <= 1) {
+    res.fail({
+      status: HttpStatusCode.BAD_REQUEST_400,
+      message: 'Cannot delete the last password of the protected video'
+    })
+    return false
+  }
+
+  return true
+}
+
+export {
+  isValidVideoPasswordHeader,
+  checkVideoIsPasswordProtected as isVideoPasswordProtected,
+  doesVideoPasswordExist,
+  isVideoPasswordDeletable
+}
diff --git a/server/middlewares/validators/shared/videos.ts b/server/middlewares/validators/shared/videos.ts
index 0033a32ff..9a7497007 100644
--- a/server/middlewares/validators/shared/videos.ts
+++ b/server/middlewares/validators/shared/videos.ts
@@ -20,6 +20,8 @@ import {
   MVideoWithRights
 } from '@server/types/models'
 import { HttpStatusCode, ServerErrorCode, UserRight, VideoPrivacy } from '@shared/models'
+import { VideoPasswordModel } from '@server/models/video/video-password'
+import { exists } from '@server/helpers/custom-validators/misc'
 
 async function doesVideoExist (id: number | string, res: Response, fetchType: VideoLoadType = 'all') {
   const userId = res.locals.oauth ? res.locals.oauth.token.User.id : undefined
@@ -111,8 +113,12 @@ async function checkCanSeeVideo (options: {
 }) {
   const { req, res, video, paramId } = options
 
-  if (video.requiresAuth({ urlParamId: paramId, checkBlacklist: true })) {
-    return checkCanSeeAuthVideo(req, res, video)
+  if (video.requiresUserAuth({ urlParamId: paramId, checkBlacklist: true })) {
+    return checkCanSeeUserAuthVideo({ req, res, video })
+  }
+
+  if (video.privacy === VideoPrivacy.PASSWORD_PROTECTED) {
+    return checkCanSeePasswordProtectedVideo({ req, res, video })
   }
 
   if (video.privacy === VideoPrivacy.UNLISTED || video.privacy === VideoPrivacy.PUBLIC) {
@@ -122,7 +128,13 @@ async function checkCanSeeVideo (options: {
   throw new Error('Unknown video privacy when checking video right ' + video.url)
 }
 
-async function checkCanSeeAuthVideo (req: Request, res: Response, video: MVideoId | MVideoWithRights) {
+async function checkCanSeeUserAuthVideo (options: {
+  req: Request
+  res: Response
+  video: MVideoId | MVideoWithRights
+}) {
+  const { req, res, video } = options
+
   const fail = () => {
     res.fail({
       status: HttpStatusCode.FORBIDDEN_403,
@@ -132,14 +144,12 @@ async function checkCanSeeAuthVideo (req: Request, res: Response, video: MVideoI
     return false
   }
 
-  await authenticatePromise(req, res)
+  await authenticatePromise({ req, res })
 
   const user = res.locals.oauth?.token.User
   if (!user) return fail()
 
-  const videoWithRights = (video as MVideoWithRights).VideoChannel?.Account?.userId
-    ? video as MVideoWithRights
-    : await VideoModel.loadFull(video.id)
+  const videoWithRights = await getVideoWithRights(video as MVideoWithRights)
 
   const privacy = videoWithRights.privacy
 
@@ -148,16 +158,14 @@ async function checkCanSeeAuthVideo (req: Request, res: Response, video: MVideoI
     return true
   }
 
-  const isOwnedByUser = videoWithRights.VideoChannel.Account.userId === user.id
-
   if (videoWithRights.isBlacklisted()) {
-    if (isOwnedByUser || user.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST)) return true
+    if (canUserAccessVideo(user, videoWithRights, UserRight.MANAGE_VIDEO_BLACKLIST)) return true
 
     return fail()
   }
 
   if (privacy === VideoPrivacy.PRIVATE || privacy === VideoPrivacy.UNLISTED) {
-    if (isOwnedByUser || user.hasRight(UserRight.SEE_ALL_VIDEOS)) return true
+    if (canUserAccessVideo(user, videoWithRights, UserRight.SEE_ALL_VIDEOS)) return true
 
     return fail()
   }
@@ -166,6 +174,59 @@ async function checkCanSeeAuthVideo (req: Request, res: Response, video: MVideoI
   return fail()
 }
 
+async function checkCanSeePasswordProtectedVideo (options: {
+  req: Request
+  res: Response
+  video: MVideo
+}) {
+  const { req, res, video } = options
+
+  const videoWithRights = await getVideoWithRights(video as MVideoWithRights)
+
+  const videoPassword = req.header('x-peertube-video-password')
+
+  if (!exists(videoPassword)) {
+    const errorMessage = 'Please provide a password to access this password protected video'
+    const errorType = ServerErrorCode.VIDEO_REQUIRES_PASSWORD
+
+    if (req.header('authorization')) {
+      await authenticatePromise({ req, res, errorMessage, errorStatus: HttpStatusCode.FORBIDDEN_403, errorType })
+      const user = res.locals.oauth?.token.User
+
+      if (canUserAccessVideo(user, videoWithRights, UserRight.SEE_ALL_VIDEOS)) return true
+    }
+
+    res.fail({
+      status: HttpStatusCode.FORBIDDEN_403,
+      type: errorType,
+      message: errorMessage
+    })
+    return false
+  }
+
+  if (await VideoPasswordModel.isACorrectPassword({ videoId: video.id, password: videoPassword })) return true
+
+  res.fail({
+    status: HttpStatusCode.FORBIDDEN_403,
+    type: ServerErrorCode.INCORRECT_VIDEO_PASSWORD,
+    message: 'Incorrect video password. Access to the video is denied.'
+  })
+
+  return false
+}
+
+function canUserAccessVideo (user: MUser, video: MVideoWithRights | MVideoAccountLight, right: UserRight) {
+  const isOwnedByUser = video.VideoChannel.Account.userId === user.id
+
+  return isOwnedByUser || user.hasRight(right)
+}
+
+async function getVideoWithRights (video: MVideoWithRights): Promise<MVideoWithRights> {
+  return video.VideoChannel?.Account?.userId
+    ? video
+    : VideoModel.loadFull(video.id)
+}
+
 // ---------------------------------------------------------------------------
 
 async function checkCanAccessVideoStaticFiles (options: {
@@ -176,7 +237,7 @@ async function checkCanAccessVideoStaticFiles (options: {
 }) {
   const { video, req, res } = options
 
-  if (res.locals.oauth?.token.User) {
+  if (res.locals.oauth?.token.User || exists(req.header('x-peertube-video-password'))) {
     return checkCanSeeVideo(options)
   }
 
diff --git a/server/middlewares/validators/sort.ts b/server/middlewares/validators/sort.ts
index 959f663ac..07d6cba82 100644
--- a/server/middlewares/validators/sort.ts
+++ b/server/middlewares/validators/sort.ts
@@ -28,6 +28,7 @@ export const pluginsSortValidator = checkSortFactory(SORTABLE_COLUMNS.PLUGINS)
 export const availablePluginsSortValidator = checkSortFactory(SORTABLE_COLUMNS.AVAILABLE_PLUGINS)
 export const videoRedundanciesSortValidator = checkSortFactory(SORTABLE_COLUMNS.VIDEO_REDUNDANCIES)
 export const videoChannelSyncsSortValidator = checkSortFactory(SORTABLE_COLUMNS.VIDEO_CHANNEL_SYNCS)
+export const videoPasswordsSortValidator = checkSortFactory(SORTABLE_COLUMNS.VIDEO_PASSWORDS)
 
 export const accountsFollowersSortValidator = checkSortFactory(SORTABLE_COLUMNS.ACCOUNT_FOLLOWERS)
 export const videoChannelsFollowersSortValidator = checkSortFactory(SORTABLE_COLUMNS.CHANNEL_FOLLOWERS)
diff --git a/server/middlewares/validators/static.ts b/server/middlewares/validators/static.ts
index 9c2d890ba..36a94080c 100644
--- a/server/middlewares/validators/static.ts
+++ b/server/middlewares/validators/static.ts
@@ -9,7 +9,7 @@ import { VideoModel } from '@server/models/video/video'
 import { VideoFileModel } from '@server/models/video/video-file'
 import { MStreamingPlaylist, MVideoFile, MVideoThumbnail } from '@server/types/models'
 import { HttpStatusCode } from '@shared/models'
-import { areValidationErrors, checkCanAccessVideoStaticFiles } from './shared'
+import { areValidationErrors, checkCanAccessVideoStaticFiles, isValidVideoPasswordHeader } from './shared'
 
 type LRUValue = {
   allowed: boolean
@@ -25,6 +25,8 @@ const staticFileTokenBypass = new LRUCache<string, LRUValue>({
 const ensureCanAccessVideoPrivateWebTorrentFiles = [
   query('videoFileToken').optional().custom(exists),
 
+  isValidVideoPasswordHeader(),
+
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
     if (areValidationErrors(req, res)) return
 
@@ -73,6 +75,8 @@ const ensureCanAccessPrivateVideoHLSFiles = [
     .optional()
     .customSanitizer(isSafePeerTubeFilenameWithoutExtension),
 
+  isValidVideoPasswordHeader(),
+
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
     if (areValidationErrors(req, res)) return
 
@@ -167,11 +171,11 @@ async function isHLSAllowed (req: express.Request, res: express.Response, videoU
 }
 
 function extractTokenOrDie (req: express.Request, res: express.Response) {
-  const token = res.locals.oauth?.token.accessToken || req.query.videoFileToken
+  const token = req.header('x-peertube-video-password') || req.query.videoFileToken || res.locals.oauth?.token.accessToken
 
   if (!token) {
     return res.fail({
-      message: 'Bearer token is missing in headers or video file token is missing in URL query parameters',
+      message: 'Video password header, video file token query parameter and bearer token are all missing', //
       status: HttpStatusCode.FORBIDDEN_403
     })
   }
diff --git a/server/middlewares/validators/videos/index.ts b/server/middlewares/validators/videos/index.ts
index d225dfe45..0c824c314 100644
--- a/server/middlewares/validators/videos/index.ts
+++ b/server/middlewares/validators/videos/index.ts
@@ -12,6 +12,8 @@ export * from './video-shares'
 export * from './video-source'
 export * from './video-stats'
 export * from './video-studio'
+export * from './video-token'
 export * from './video-transcoding'
 export * from './videos'
 export * from './video-channel-sync'
+export * from './video-passwords'
diff --git a/server/middlewares/validators/videos/video-captions.ts b/server/middlewares/validators/videos/video-captions.ts
index 72b2febc3..077a58d2e 100644
--- a/server/middlewares/validators/videos/video-captions.ts
+++ b/server/middlewares/validators/videos/video-captions.ts
@@ -10,7 +10,8 @@ import {
   checkUserCanManageVideo,
   doesVideoCaptionExist,
   doesVideoExist,
-  isValidVideoIdParam
+  isValidVideoIdParam,
+  isValidVideoPasswordHeader
 } from '../shared'
 
 const addVideoCaptionValidator = [
@@ -62,6 +63,8 @@ const deleteVideoCaptionValidator = [
 const listVideoCaptionsValidator = [
   isValidVideoIdParam('videoId'),
 
+  isValidVideoPasswordHeader(),
+
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
     if (areValidationErrors(req, res)) return
     if (!await doesVideoExist(req.params.videoId, res, 'only-video')) return
diff --git a/server/middlewares/validators/videos/video-comments.ts b/server/middlewares/validators/videos/video-comments.ts
index 133feb7bd..70689b02e 100644
--- a/server/middlewares/validators/videos/video-comments.ts
+++ b/server/middlewares/validators/videos/video-comments.ts
@@ -14,7 +14,8 @@ import {
   doesVideoCommentExist,
   doesVideoCommentThreadExist,
   doesVideoExist,
-  isValidVideoIdParam
+  isValidVideoIdParam,
+  isValidVideoPasswordHeader
 } from '../shared'
 
 const listVideoCommentsValidator = [
@@ -51,6 +52,7 @@ const listVideoCommentsValidator = [
 
 const listVideoCommentThreadsValidator = [
   isValidVideoIdParam('videoId'),
+  isValidVideoPasswordHeader(),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
     if (areValidationErrors(req, res)) return
@@ -67,6 +69,7 @@ const listVideoThreadCommentsValidator = [
 
   param('threadId')
     .custom(isIdValid),
+  isValidVideoPasswordHeader(),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
     if (areValidationErrors(req, res)) return
@@ -84,6 +87,7 @@ const addVideoCommentThreadValidator = [
 
   body('text')
     .custom(isValidVideoCommentText),
+  isValidVideoPasswordHeader(),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
     if (areValidationErrors(req, res)) return
@@ -102,6 +106,7 @@ const addVideoCommentReplyValidator = [
   isValidVideoIdParam('videoId'),
 
   param('commentId').custom(isIdValid),
+  isValidVideoPasswordHeader(),
 
   body('text').custom(isValidVideoCommentText),
 
diff --git a/server/middlewares/validators/videos/video-imports.ts b/server/middlewares/validators/videos/video-imports.ts
index 72442aeb6..a1cb65b70 100644
--- a/server/middlewares/validators/videos/video-imports.ts
+++ b/server/middlewares/validators/videos/video-imports.ts
@@ -9,7 +9,11 @@ import { HttpStatusCode, UserRight, VideoImportState } from '@shared/models'
 import { VideoImportCreate } from '@shared/models/videos/import/video-import-create.model'
 import { isIdValid, toIntOrNull } from '../../../helpers/custom-validators/misc'
 import { isVideoImportTargetUrlValid, isVideoImportTorrentFile } from '../../../helpers/custom-validators/video-imports'
-import { isVideoMagnetUriValid, isVideoNameValid } from '../../../helpers/custom-validators/videos'
+import {
+  isValidPasswordProtectedPrivacy,
+  isVideoMagnetUriValid,
+  isVideoNameValid
+} from '../../../helpers/custom-validators/videos'
 import { cleanUpReqFiles } from '../../../helpers/express-utils'
 import { logger } from '../../../helpers/logger'
 import { CONFIG } from '../../../initializers/config'
@@ -38,6 +42,10 @@ const videoImportAddValidator = getCommonVideoEditAttributes().concat([
     .custom(isVideoNameValid).withMessage(
       `Should have a video name between ${CONSTRAINTS_FIELDS.VIDEOS.NAME.min} and ${CONSTRAINTS_FIELDS.VIDEOS.NAME.max} characters long`
     ),
+  body('videoPasswords')
+    .optional()
+    .isArray()
+    .withMessage('Video passwords should be an array.'),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
     const user = res.locals.oauth.token.User
@@ -45,6 +53,8 @@ const videoImportAddValidator = getCommonVideoEditAttributes().concat([
 
     if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
 
+    if (!isValidPasswordProtectedPrivacy(req, res)) return cleanUpReqFiles(req)
+
     if (CONFIG.IMPORT.VIDEOS.HTTP.ENABLED !== true && req.body.targetUrl) {
       cleanUpReqFiles(req)
 
diff --git a/server/middlewares/validators/videos/video-live.ts b/server/middlewares/validators/videos/video-live.ts
index 2aff831a8..ec69a3011 100644
--- a/server/middlewares/validators/videos/video-live.ts
+++ b/server/middlewares/validators/videos/video-live.ts
@@ -17,7 +17,7 @@ import {
   VideoState
 } from '@shared/models'
 import { exists, isBooleanValid, isIdValid, toBooleanOrNull, toIntOrNull } from '../../../helpers/custom-validators/misc'
-import { isVideoNameValid, isVideoPrivacyValid } from '../../../helpers/custom-validators/videos'
+import { isValidPasswordProtectedPrivacy, isVideoNameValid, isVideoReplayPrivacyValid } from '../../../helpers/custom-validators/videos'
 import { cleanUpReqFiles } from '../../../helpers/express-utils'
 import { logger } from '../../../helpers/logger'
 import { CONFIG } from '../../../initializers/config'
@@ -69,7 +69,7 @@ const videoLiveAddValidator = getCommonVideoEditAttributes().concat([
   body('replaySettings.privacy')
     .optional()
     .customSanitizer(toIntOrNull)
-    .custom(isVideoPrivacyValid),
+    .custom(isVideoReplayPrivacyValid),
 
   body('permanentLive')
     .optional()
@@ -81,9 +81,16 @@ const videoLiveAddValidator = getCommonVideoEditAttributes().concat([
     .customSanitizer(toIntOrNull)
     .custom(isLiveLatencyModeValid),
 
+  body('videoPasswords')
+    .optional()
+    .isArray()
+    .withMessage('Video passwords should be an array.'),
+
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
     if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
 
+    if (!isValidPasswordProtectedPrivacy(req, res)) return cleanUpReqFiles(req)
+
     if (CONFIG.LIVE.ENABLED !== true) {
       cleanUpReqFiles(req)
 
@@ -170,7 +177,7 @@ const videoLiveUpdateValidator = [
   body('replaySettings.privacy')
     .optional()
     .customSanitizer(toIntOrNull)
-    .custom(isVideoPrivacyValid),
+    .custom(isVideoReplayPrivacyValid),
 
   body('latencyMode')
     .optional()
diff --git a/server/middlewares/validators/videos/video-passwords.ts b/server/middlewares/validators/videos/video-passwords.ts
new file mode 100644
index 000000000..200e496f6
--- /dev/null
+++ b/server/middlewares/validators/videos/video-passwords.ts
@@ -0,0 +1,77 @@
+import express from 'express'
+import {
+  areValidationErrors,
+  doesVideoExist,
+  isVideoPasswordProtected,
+  isValidVideoIdParam,
+  doesVideoPasswordExist,
+  isVideoPasswordDeletable,
+  checkUserCanManageVideo
+} from '../shared'
+import { body, param } from 'express-validator'
+import { isIdValid } from '@server/helpers/custom-validators/misc'
+import { isValidPasswordProtectedPrivacy } from '@server/helpers/custom-validators/videos'
+import { UserRight } from '@shared/models'
+
+const listVideoPasswordValidator = [
+  isValidVideoIdParam('videoId'),
+
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    if (areValidationErrors(req, res)) return
+
+    if (!await doesVideoExist(req.params.videoId, res)) return
+    if (!isVideoPasswordProtected(res)) return
+
+    // Check if the user who did the request is able to access video password list
+    const user = res.locals.oauth.token.User
+    if (!checkUserCanManageVideo(user, res.locals.videoAll, UserRight.SEE_ALL_VIDEOS, res)) return
+
+    return next()
+  }
+]
+
+const updateVideoPasswordListValidator = [
+  body('passwords')
+    .optional()
+    .isArray()
+    .withMessage('Video passwords should be an array.'),
+
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    if (areValidationErrors(req, res)) return
+
+    if (!await doesVideoExist(req.params.videoId, res)) return
+    if (!isValidPasswordProtectedPrivacy(req, res)) return
+
+    // Check if the user who did the request is able to update video passwords
+    const user = res.locals.oauth.token.User
+    if (!checkUserCanManageVideo(user, res.locals.videoAll, UserRight.UPDATE_ANY_VIDEO, res)) return
+
+    return next()
+  }
+]
+
+const removeVideoPasswordValidator = [
+  isValidVideoIdParam('videoId'),
+
+  param('passwordId')
+    .custom(isIdValid),
+
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    if (areValidationErrors(req, res)) return
+
+    if (!await doesVideoExist(req.params.videoId, res)) return
+    if (!isVideoPasswordProtected(res)) return
+    if (!await doesVideoPasswordExist(req.params.passwordId, res)) return
+    if (!await isVideoPasswordDeletable(res)) return
+
+    return next()
+  }
+]
+
+// ---------------------------------------------------------------------------
+
+export {
+  listVideoPasswordValidator,
+  updateVideoPasswordListValidator,
+  removeVideoPasswordValidator
+}
diff --git a/server/middlewares/validators/videos/video-playlists.ts b/server/middlewares/validators/videos/video-playlists.ts
index c631a16f8..95a5ba63a 100644
--- a/server/middlewares/validators/videos/video-playlists.ts
+++ b/server/middlewares/validators/videos/video-playlists.ts
@@ -153,7 +153,7 @@ const videoPlaylistsGetValidator = (fetchType: VideoPlaylistFetchType) => {
       }
 
       if (videoPlaylist.privacy === VideoPlaylistPrivacy.PRIVATE) {
-        await authenticatePromise(req, res)
+        await authenticatePromise({ req, res })
 
         const user = res.locals.oauth ? res.locals.oauth.token.User : null
 
diff --git a/server/middlewares/validators/videos/video-rates.ts b/server/middlewares/validators/videos/video-rates.ts
index 275634d5b..c837b047b 100644
--- a/server/middlewares/validators/videos/video-rates.ts
+++ b/server/middlewares/validators/videos/video-rates.ts
@@ -7,13 +7,14 @@ import { isIdValid } from '../../../helpers/custom-validators/misc'
 import { isRatingValid } from '../../../helpers/custom-validators/video-rates'
 import { isVideoRatingTypeValid } from '../../../helpers/custom-validators/videos'
 import { AccountVideoRateModel } from '../../../models/account/account-video-rate'
-import { areValidationErrors, checkCanSeeVideo, doesVideoExist, isValidVideoIdParam } from '../shared'
+import { areValidationErrors, checkCanSeeVideo, doesVideoExist, isValidVideoIdParam, isValidVideoPasswordHeader } from '../shared'
 
 const videoUpdateRateValidator = [
   isValidVideoIdParam('id'),
 
   body('rating')
     .custom(isVideoRatingTypeValid),
+  isValidVideoPasswordHeader(),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
     if (areValidationErrors(req, res)) return
diff --git a/server/middlewares/validators/videos/video-token.ts b/server/middlewares/validators/videos/video-token.ts
new file mode 100644
index 000000000..d4253e21d
--- /dev/null
+++ b/server/middlewares/validators/videos/video-token.ts
@@ -0,0 +1,24 @@
+import express from 'express'
+import { VideoPrivacy } from '../../../../shared/models/videos'
+import { HttpStatusCode } from '@shared/models'
+import { exists } from '@server/helpers/custom-validators/misc'
+
+const videoFileTokenValidator = [
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    const video = res.locals.onlyVideo
+    if (video.privacy !== VideoPrivacy.PASSWORD_PROTECTED && !exists(res.locals.oauth.token.User)) {
+      return res.fail({
+        status: HttpStatusCode.UNAUTHORIZED_401,
+        message: 'Not authenticated'
+      })
+    }
+
+    return next()
+  }
+]
+
+// ---------------------------------------------------------------------------
+
+export {
+  videoFileTokenValidator
+}
diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts
index 794e1d4f1..7f1f39b11 100644
--- a/server/middlewares/validators/videos/videos.ts
+++ b/server/middlewares/validators/videos/videos.ts
@@ -23,6 +23,7 @@ import { isBooleanBothQueryValid, isNumberArray, isStringArray } from '../../../
 import {
   areVideoTagsValid,
   isScheduleVideoUpdatePrivacyValid,
+  isValidPasswordProtectedPrivacy,
   isVideoCategoryValid,
   isVideoDescriptionValid,
   isVideoFileMimeTypeValid,
@@ -55,7 +56,8 @@ import {
   doesVideoChannelOfAccountExist,
   doesVideoExist,
   doesVideoFileOfVideoExist,
-  isValidVideoIdParam
+  isValidVideoIdParam,
+  isValidVideoPasswordHeader
 } from '../shared'
 
 const videosAddLegacyValidator = getCommonVideoEditAttributes().concat([
@@ -70,6 +72,10 @@ const videosAddLegacyValidator = getCommonVideoEditAttributes().concat([
   body('channelId')
     .customSanitizer(toIntOrNull)
     .custom(isIdValid),
+  body('videoPasswords')
+    .optional()
+    .isArray()
+    .withMessage('Video passwords should be an array.'),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
     if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
@@ -81,6 +87,8 @@ const videosAddLegacyValidator = getCommonVideoEditAttributes().concat([
       return cleanUpReqFiles(req)
     }
 
+    if (!isValidPasswordProtectedPrivacy(req, res)) return cleanUpReqFiles(req)
+
     try {
       if (!videoFile.duration) await addDurationToVideo(videoFile)
     } catch (err) {
@@ -174,6 +182,10 @@ const videosAddResumableInitValidator = getCommonVideoEditAttributes().concat([
   body('channelId')
     .customSanitizer(toIntOrNull)
     .custom(isIdValid),
+  body('videoPasswords')
+    .optional()
+    .isArray()
+    .withMessage('Video passwords should be an array.'),
 
   header('x-upload-content-length')
     .isNumeric()
@@ -205,6 +217,8 @@ const videosAddResumableInitValidator = getCommonVideoEditAttributes().concat([
     const files = { videofile: [ videoFileMetadata ] }
     if (!await commonVideoChecksPass({ req, res, user, videoFileSize: videoFileMetadata.size, files })) return cleanup()
 
+    if (!isValidPasswordProtectedPrivacy(req, res)) return cleanup()
+
     // multer required unsetting the Content-Type, now we can set it for node-uploadx
     req.headers['content-type'] = 'application/json; charset=utf-8'
     // place previewfile in metadata so that uploadx saves it in .META
@@ -227,12 +241,18 @@ const videosUpdateValidator = getCommonVideoEditAttributes().concat([
     .optional()
     .customSanitizer(toIntOrNull)
     .custom(isIdValid),
+  body('videoPasswords')
+    .optional()
+    .isArray()
+    .withMessage('Video passwords should be an array.'),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
     if (areValidationErrors(req, res)) return cleanUpReqFiles(req)
     if (areErrorsInScheduleUpdate(req, res)) return cleanUpReqFiles(req)
     if (!await doesVideoExist(req.params.id, res)) return cleanUpReqFiles(req)
 
+    if (!isValidPasswordProtectedPrivacy(req, res)) return cleanUpReqFiles(req)
+
     const video = getVideoWithAttributes(res)
     if (video.isLive && video.privacy !== req.body.privacy && video.state !== VideoState.WAITING_FOR_LIVE) {
       return res.fail({ message: 'Cannot update privacy of a live that has already started' })
@@ -281,6 +301,8 @@ const videosCustomGetValidator = (fetchType: 'for-api' | 'all' | 'only-video' |
   return [
     isValidVideoIdParam('id'),
 
+    isValidVideoPasswordHeader(),
+
     async (req: express.Request, res: express.Response, next: express.NextFunction) => {
       if (areValidationErrors(req, res)) return
       if (!await doesVideoExist(req.params.id, res, fetchType)) return