10 files changed, 356 insertions, 121 deletions
diff --git a/server/controllers/activitypub/client.ts b/server/controllers/activitypub/client.ts
index 8e064fb5b..def320730 100644
--- a/server/controllers/activitypub/client.ts
+++ b/server/controllers/activitypub/client.ts
@@ -309,7 +309,7 @@ async function videoCommentsController (req: express.Request, res: express.Respo
  if (redirectIfNotOwned(video.url, res)) return
  const handler = async (start: number, count: number) => {
-    const result = await VideoCommentModel.listAndCountByVideoForAP(video, start, count)
+    const result = await VideoCommentModel.listAndCountByVideoForAP({ video, start, count })
    return {
      total: result.total,
diff --git a/server/controllers/api/config.ts b/server/controllers/api/config.ts
index f0fb43071..86434f382 100644
--- a/server/controllers/api/config.ts
+++ b/server/controllers/api/config.ts
@@ -193,6 +193,7 @@ function customConfig (): CustomConfig {
    signup: {
      enabled: CONFIG.SIGNUP.ENABLED,
      limit: CONFIG.SIGNUP.LIMIT,
+      requiresApproval: CONFIG.SIGNUP.REQUIRES_APPROVAL,
      requiresEmailVerification: CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION,
      minimumAge: CONFIG.SIGNUP.MINIMUM_AGE
    },
diff --git a/server/controllers/api/users/email-verification.ts b/server/controllers/api/users/email-verification.ts
new file mode 100644
index 000000000..230aaa9af
--- /dev/null
+++ b/server/controllers/api/users/email-verification.ts
@@ -0,0 +1,72 @@
+import express from 'express'
+import { HttpStatusCode } from '@shared/models'
+import { CONFIG } from '../../../initializers/config'
+import { sendVerifyRegistrationEmail, sendVerifyUserEmail } from '../../../lib/user'
+import { asyncMiddleware, buildRateLimiter } from '../../../middlewares'
+import {
+  registrationVerifyEmailValidator,
+  usersAskSendVerifyEmailValidator,
+  usersVerifyEmailValidator
+} from '../../../middlewares/validators'
+const askSendEmailLimiter = buildRateLimiter({
+  windowMs: CONFIG.RATES_LIMIT.ASK_SEND_EMAIL.WINDOW_MS,
+  max: CONFIG.RATES_LIMIT.ASK_SEND_EMAIL.MAX
+})
+const emailVerificationRouter = express.Router()
+emailVerificationRouter.post([ '/ask-send-verify-email', '/registrations/ask-send-verify-email' ],
+  askSendEmailLimiter,
+  asyncMiddleware(usersAskSendVerifyEmailValidator),
+  asyncMiddleware(reSendVerifyUserEmail)
+)
+emailVerificationRouter.post('/:id/verify-email',
+  asyncMiddleware(usersVerifyEmailValidator),
+  asyncMiddleware(verifyUserEmail)
+)
+emailVerificationRouter.post('/registrations/:registrationId/verify-email',
+  asyncMiddleware(registrationVerifyEmailValidator),
+  asyncMiddleware(verifyRegistrationEmail)
+)
+// ---------------------------------------------------------------------------
+export {
+  emailVerificationRouter
+}
+async function reSendVerifyUserEmail (req: express.Request, res: express.Response) {
+  const user = res.locals.user
+  const registration = res.locals.userRegistration
+  if (user) await sendVerifyUserEmail(user)
+  else if (registration) await sendVerifyRegistrationEmail(registration)
+  return res.status(HttpStatusCode.NO_CONTENT_204).end()
+}
+async function verifyUserEmail (req: express.Request, res: express.Response) {
+  const user = res.locals.user
+  user.emailVerified = true
+  if (req.body.isPendingEmail === true) {
+    user.email = user.pendingEmail
+    user.pendingEmail = null
+  }
+  await user.save()
+  return res.status(HttpStatusCode.NO_CONTENT_204).end()
+}
+async function verifyRegistrationEmail (req: express.Request, res: express.Response) {
+  const registration = res.locals.userRegistration
+  registration.emailVerified = true
+  await registration.save()
+  return res.status(HttpStatusCode.NO_CONTENT_204).end()
+}
diff --git a/server/controllers/api/users/index.ts b/server/controllers/api/users/index.ts
index a8677a1d3..5a5a12e82 100644
--- a/server/controllers/api/users/index.ts
+++ b/server/controllers/api/users/index.ts
@@ -4,26 +4,21 @@ import { Hooks } from '@server/lib/plugins/hooks'
 import { OAuthTokenModel } from '@server/models/oauth/oauth-token'
 import { MUserAccountDefault } from '@server/types/models'
 import { pick } from '@shared/core-utils'
-import { HttpStatusCode, UserCreate, UserCreateResult, UserRegister, UserRight, UserUpdate } from '@shared/models'
+import { HttpStatusCode, UserCreate, UserCreateResult, UserRight, UserUpdate } from '@shared/models'
 import { auditLoggerFactory, getAuditIdFromRes, UserAuditView } from '../../../helpers/audit-logger'
 import { logger } from '../../../helpers/logger'
 import { generateRandomString, getFormattedObjects } from '../../../helpers/utils'
-import { CONFIG } from '../../../initializers/config'
 import { WEBSERVER } from '../../../initializers/constants'
 import { sequelizeTypescript } from '../../../initializers/database'
 import { Emailer } from '../../../lib/emailer'
-import { Notifier } from '../../../lib/notifier'
 import { Redis } from '../../../lib/redis'
-import { buildUser, createUserAccountAndChannelAndPlaylist, sendVerifyUserEmail } from '../../../lib/user'
+import { buildUser, createUserAccountAndChannelAndPlaylist } from '../../../lib/user'
 import {
  adminUsersSortValidator,
  asyncMiddleware,
  asyncRetryTransactionMiddleware,
  authenticate,
-  buildRateLimiter,
  ensureUserHasRight,
-  ensureUserRegistrationAllowed,
-  ensureUserRegistrationAllowedForIP,
  paginationValidator,
  setDefaultPagination,
  setDefaultSort,
@@ -31,19 +26,17 @@ import {
  usersAddValidator,
  usersGetValidator,
  usersListValidator,
-  usersRegisterValidator,
  usersRemoveValidator,
  usersUpdateValidator
 } from '../../../middlewares'
 import {
  ensureCanModerateUser,
  usersAskResetPasswordValidator,
-  usersAskSendVerifyEmailValidator,
  usersBlockingValidator,
-  usersResetPasswordValidator,
+  usersResetPasswordValidator
-  usersVerifyEmailValidator
 } from '../../../middlewares/validators'
 import { UserModel } from '../../../models/user/user'
+import { emailVerificationRouter } from './email-verification'
 import { meRouter } from './me'
 import { myAbusesRouter } from './my-abuses'
 import { myBlocklistRouter } from './my-blocklist'
@@ -51,22 +44,14 @@ import { myVideosHistoryRouter } from './my-history'
 import { myNotificationsRouter } from './my-notifications'
 import { mySubscriptionsRouter } from './my-subscriptions'
 import { myVideoPlaylistsRouter } from './my-video-playlists'
+import { registrationsRouter } from './registrations'
 import { twoFactorRouter } from './two-factor'
 const auditLogger = auditLoggerFactory('users')
-const signupRateLimiter = buildRateLimiter({
-  windowMs: CONFIG.RATES_LIMIT.SIGNUP.WINDOW_MS,
-  max: CONFIG.RATES_LIMIT.SIGNUP.MAX,
-  skipFailedRequests: true
-})
-const askSendEmailLimiter = buildRateLimiter({
-  windowMs: CONFIG.RATES_LIMIT.ASK_SEND_EMAIL.WINDOW_MS,
-  max: CONFIG.RATES_LIMIT.ASK_SEND_EMAIL.MAX
-})
 const usersRouter = express.Router()
+usersRouter.use('/', emailVerificationRouter)
+usersRouter.use('/', registrationsRouter)
 usersRouter.use('/', twoFactorRouter)
 usersRouter.use('/', tokensRouter)
 usersRouter.use('/', myNotificationsRouter)
@@ -122,14 +107,6 @@ usersRouter.post('/',
  asyncRetryTransactionMiddleware(createUser)
 )
-usersRouter.post('/register',
-  signupRateLimiter,
-  asyncMiddleware(ensureUserRegistrationAllowed),
-  ensureUserRegistrationAllowedForIP,
-  asyncMiddleware(usersRegisterValidator),
-  asyncRetryTransactionMiddleware(registerUser)
-)
 usersRouter.put('/:id',
  authenticate,
  ensureUserHasRight(UserRight.MANAGE_USERS),
@@ -156,17 +133,6 @@ usersRouter.post('/:id/reset-password',
  asyncMiddleware(resetUserPassword)
 )
-usersRouter.post('/ask-send-verify-email',
-  askSendEmailLimiter,
-  asyncMiddleware(usersAskSendVerifyEmailValidator),
-  asyncMiddleware(reSendVerifyUserEmail)
-)
-usersRouter.post('/:id/verify-email',
-  asyncMiddleware(usersVerifyEmailValidator),
-  asyncMiddleware(verifyUserEmail)
-)
 // ---------------------------------------------------------------------------
 export {
@@ -218,35 +184,6 @@ async function createUser (req: express.Request, res: express.Response) {
  })
 }
-async function registerUser (req: express.Request, res: express.Response) {
-  const body: UserRegister = req.body
-  const userToCreate = buildUser({
-    ...pick(body, [ 'username', 'password', 'email' ]),
-    emailVerified: CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION ? false : null
-  })
-  const { user, account, videoChannel } = await createUserAccountAndChannelAndPlaylist({
-    userToCreate,
-    userDisplayName: body.displayName || undefined,
-    channelNames: body.channel
-  })
-  auditLogger.create(body.username, new UserAuditView(user.toFormattedJSON()))
-  logger.info('User %s with its channel and account registered.', body.username)
-  if (CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION) {
-    await sendVerifyUserEmail(user)
-  }
-  Notifier.Instance.notifyOnNewUserRegistration(user)
-  Hooks.runAction('action:api.user.registered', { body, user, account, videoChannel, req, res })
-  return res.type('json').status(HttpStatusCode.NO_CONTENT_204).end()
-}
 async function unblockUser (req: express.Request, res: express.Response) {
  const user = res.locals.user
@@ -360,28 +297,6 @@ async function resetUserPassword (req: express.Request, res: express.Response) {
  return res.status(HttpStatusCode.NO_CONTENT_204).end()
 }
-async function reSendVerifyUserEmail (req: express.Request, res: express.Response) {
-  const user = res.locals.user
-  await sendVerifyUserEmail(user)
-  return res.status(HttpStatusCode.NO_CONTENT_204).end()
-}
-async function verifyUserEmail (req: express.Request, res: express.Response) {
-  const user = res.locals.user
-  user.emailVerified = true
-  if (req.body.isPendingEmail === true) {
-    user.email = user.pendingEmail
-    user.pendingEmail = null
-  }
-  await user.save()
-  return res.status(HttpStatusCode.NO_CONTENT_204).end()
-}
 async function changeUserBlock (res: express.Response, user: MUserAccountDefault, block: boolean, reason?: string) {
  const oldUserAuditView = new UserAuditView(user.toFormattedJSON())
diff --git a/server/controllers/api/users/registrations.ts b/server/controllers/api/users/registrations.ts
new file mode 100644
index 000000000..5e213d6cc
--- /dev/null
+++ b/server/controllers/api/users/registrations.ts
@@ -0,0 +1,249 @@
+import express from 'express'
+import { Emailer } from '@server/lib/emailer'
+import { Hooks } from '@server/lib/plugins/hooks'
+import { UserRegistrationModel } from '@server/models/user/user-registration'
+import { pick } from '@shared/core-utils'
+import {
+  HttpStatusCode,
+  UserRegister,
+  UserRegistrationRequest,
+  UserRegistrationState,
+  UserRegistrationUpdateState,
+  UserRight
+} from '@shared/models'
+import { auditLoggerFactory, UserAuditView } from '../../../helpers/audit-logger'
+import { logger } from '../../../helpers/logger'
+import { CONFIG } from '../../../initializers/config'
+import { Notifier } from '../../../lib/notifier'
+import { buildUser, createUserAccountAndChannelAndPlaylist, sendVerifyRegistrationEmail, sendVerifyUserEmail } from '../../../lib/user'
+import {
+  acceptOrRejectRegistrationValidator,
+  asyncMiddleware,
+  asyncRetryTransactionMiddleware,
+  authenticate,
+  buildRateLimiter,
+  ensureUserHasRight,
+  ensureUserRegistrationAllowedFactory,
+  ensureUserRegistrationAllowedForIP,
+  getRegistrationValidator,
+  listRegistrationsValidator,
+  paginationValidator,
+  setDefaultPagination,
+  setDefaultSort,
+  userRegistrationsSortValidator,
+  usersDirectRegistrationValidator,
+  usersRequestRegistrationValidator
+} from '../../../middlewares'
+const auditLogger = auditLoggerFactory('users')
+const registrationRateLimiter = buildRateLimiter({
+  windowMs: CONFIG.RATES_LIMIT.SIGNUP.WINDOW_MS,
+  max: CONFIG.RATES_LIMIT.SIGNUP.MAX,
+  skipFailedRequests: true
+})
+const registrationsRouter = express.Router()
+registrationsRouter.post('/registrations/request',
+  registrationRateLimiter,
+  asyncMiddleware(ensureUserRegistrationAllowedFactory('request-registration')),
+  ensureUserRegistrationAllowedForIP,
+  asyncMiddleware(usersRequestRegistrationValidator),
+  asyncRetryTransactionMiddleware(requestRegistration)
+)
+registrationsRouter.post('/registrations/:registrationId/accept',
+  authenticate,
+  ensureUserHasRight(UserRight.MANAGE_REGISTRATIONS),
+  asyncMiddleware(acceptOrRejectRegistrationValidator),
+  asyncRetryTransactionMiddleware(acceptRegistration)
+)
+registrationsRouter.post('/registrations/:registrationId/reject',
+  authenticate,
+  ensureUserHasRight(UserRight.MANAGE_REGISTRATIONS),
+  asyncMiddleware(acceptOrRejectRegistrationValidator),
+  asyncRetryTransactionMiddleware(rejectRegistration)
+)
+registrationsRouter.delete('/registrations/:registrationId',
+  authenticate,
+  ensureUserHasRight(UserRight.MANAGE_REGISTRATIONS),
+  asyncMiddleware(getRegistrationValidator),
+  asyncRetryTransactionMiddleware(deleteRegistration)
+)
+registrationsRouter.get('/registrations',
+  authenticate,
+  ensureUserHasRight(UserRight.MANAGE_REGISTRATIONS),
+  paginationValidator,
+  userRegistrationsSortValidator,
+  setDefaultSort,
+  setDefaultPagination,
+  listRegistrationsValidator,
+  asyncMiddleware(listRegistrations)
+)
+registrationsRouter.post('/register',
+  registrationRateLimiter,
+  asyncMiddleware(ensureUserRegistrationAllowedFactory('direct-registration')),
+  ensureUserRegistrationAllowedForIP,
+  asyncMiddleware(usersDirectRegistrationValidator),
+  asyncRetryTransactionMiddleware(registerUser)
+)
+// ---------------------------------------------------------------------------
+export {
+  registrationsRouter
+}
+// ---------------------------------------------------------------------------
+async function requestRegistration (req: express.Request, res: express.Response) {
+  const body: UserRegistrationRequest = req.body
+  const registration = new UserRegistrationModel({
+    ...pick(body, [ 'username', 'password', 'email', 'registrationReason' ]),
+    accountDisplayName: body.displayName,
+    channelDisplayName: body.channel?.displayName,
+    channelHandle: body.channel?.name,
+    state: UserRegistrationState.PENDING,
+    emailVerified: CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION ? false : null
+  })
+  await registration.save()
+  if (CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION) {
+    await sendVerifyRegistrationEmail(registration)
+  }
+  Notifier.Instance.notifyOnNewRegistrationRequest(registration)
+  Hooks.runAction('action:api.user.requested-registration', { body, registration, req, res })
+  return res.json(registration.toFormattedJSON())
+}
+// ---------------------------------------------------------------------------
+async function acceptRegistration (req: express.Request, res: express.Response) {
+  const registration = res.locals.userRegistration
+  const body: UserRegistrationUpdateState = req.body
+  const userToCreate = buildUser({
+    username: registration.username,
+    password: registration.password,
+    email: registration.email,
+    emailVerified: registration.emailVerified
+  })
+  // We already encrypted password in registration model
+  userToCreate.skipPasswordEncryption = true
+  // TODO: handle conflicts if someone else created a channel handle/user handle/user email between registration and approval
+  const { user } = await createUserAccountAndChannelAndPlaylist({
+    userToCreate,
+    userDisplayName: registration.accountDisplayName,
+    channelNames: registration.channelHandle && registration.channelDisplayName
+      ? {
+        name: registration.channelHandle,
+        displayName: registration.channelDisplayName
+      }
+      : undefined
+  })
+  registration.userId = user.id
+  registration.state = UserRegistrationState.ACCEPTED
+  registration.moderationResponse = body.moderationResponse
+  await registration.save()
+  logger.info('Registration of %s accepted', registration.username)
+  if (body.preventEmailDelivery !== true) {
+    Emailer.Instance.addUserRegistrationRequestProcessedJob(registration)
+  }
+  return res.sendStatus(HttpStatusCode.NO_CONTENT_204)
+}
+async function rejectRegistration (req: express.Request, res: express.Response) {
+  const registration = res.locals.userRegistration
+  const body: UserRegistrationUpdateState = req.body
+  registration.state = UserRegistrationState.REJECTED
+  registration.moderationResponse = body.moderationResponse
+  await registration.save()
+  if (body.preventEmailDelivery !== true) {
+    Emailer.Instance.addUserRegistrationRequestProcessedJob(registration)
+  }
+  logger.info('Registration of %s rejected', registration.username)
+  return res.sendStatus(HttpStatusCode.NO_CONTENT_204)
+}
+// ---------------------------------------------------------------------------
+async function deleteRegistration (req: express.Request, res: express.Response) {
+  const registration = res.locals.userRegistration
+  await registration.destroy()
+  logger.info('Registration of %s deleted', registration.username)
+  return res.sendStatus(HttpStatusCode.NO_CONTENT_204)
+}
+// ---------------------------------------------------------------------------
+async function listRegistrations (req: express.Request, res: express.Response) {
+  const resultList = await UserRegistrationModel.listForApi({
+    start: req.query.start,
+    count: req.query.count,
+    sort: req.query.sort,
+    search: req.query.search
+  })
+  return res.json({
+    total: resultList.total,
+    data: resultList.data.map(d => d.toFormattedJSON())
+  })
+}
+// ---------------------------------------------------------------------------
+async function registerUser (req: express.Request, res: express.Response) {
+  const body: UserRegister = req.body
+  const userToCreate = buildUser({
+    ...pick(body, [ 'username', 'password', 'email' ]),
+    emailVerified: CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION ? false : null
+  })
+  const { user, account, videoChannel } = await createUserAccountAndChannelAndPlaylist({
+    userToCreate,
+    userDisplayName: body.displayName || undefined,
+    channelNames: body.channel
+  })
+  auditLogger.create(body.username, new UserAuditView(user.toFormattedJSON()))
+  logger.info('User %s with its channel and account registered.', body.username)
+  if (CONFIG.SIGNUP.REQUIRES_EMAIL_VERIFICATION) {
+    await sendVerifyUserEmail(user)
+  }
+  Notifier.Instance.notifyOnNewDirectRegistration(user)
+  Hooks.runAction('action:api.user.registered', { body, user, account, videoChannel, req, res })
+  return res.sendStatus(HttpStatusCode.NO_CONTENT_204)
+}
diff --git a/server/controllers/api/video-playlist.ts b/server/controllers/api/video-playlist.ts
index f8a607170..947f7ca77 100644
--- a/server/controllers/api/video-playlist.ts
+++ b/server/controllers/api/video-playlist.ts
@@ -15,7 +15,7 @@ import { VideoPlaylistPrivacy } from '../../../shared/models/videos/playlist/vid
 import { VideoPlaylistReorder } from '../../../shared/models/videos/playlist/video-playlist-reorder.model'
 import { VideoPlaylistUpdate } from '../../../shared/models/videos/playlist/video-playlist-update.model'
 import { resetSequelizeInstance } from '../../helpers/database-utils'
-import { buildNSFWFilter, createReqFiles } from '../../helpers/express-utils'
+import { createReqFiles } from '../../helpers/express-utils'
 import { logger } from '../../helpers/logger'
 import { getFormattedObjects } from '../../helpers/utils'
 import { CONFIG } from '../../initializers/config'
@@ -474,10 +474,7 @@ async function getVideoPlaylistVideos (req: express.Request, res: express.Respon
    'filter:api.video-playlist.videos.list.result'
  )
-  const options = {
+  const options = { accountId: user?.Account?.id }
-    displayNSFW: buildNSFWFilter(res, req.query.nsfw),
-    accountId: user ? user.Account.id : undefined
-  }
  return res.json(getFormattedObjects(resultList.data, resultList.total, options))
 }
diff --git a/server/controllers/api/videos/comment.ts b/server/controllers/api/videos/comment.ts
index 44d64776c..70ca21500 100644
--- a/server/controllers/api/videos/comment.ts
+++ b/server/controllers/api/videos/comment.ts
@@ -1,4 +1,6 @@
+import { MCommentFormattable } from '@server/types/models'
 import express from 'express'
 import { ResultList, ThreadsResultList, UserRight, VideoCommentCreate } from '../../../../shared/models'
 import { HttpStatusCode } from '../../../../shared/models/http/http-error-codes'
 import { VideoCommentThreads } from '../../../../shared/models/videos/comment/video-comment.model'
@@ -109,7 +111,7 @@ async function listVideoThreads (req: express.Request, res: express.Response) {
  const video = res.locals.onlyVideo
  const user = res.locals.oauth ? res.locals.oauth.token.User : undefined
-  let resultList: ThreadsResultList<VideoCommentModel>
+  let resultList: ThreadsResultList<MCommentFormattable>
  if (video.commentsEnabled === true) {
    const apiOptions = await Hooks.wrapObject({
@@ -144,12 +146,11 @@ async function listVideoThreadComments (req: express.Request, res: express.Respo
  const video = res.locals.onlyVideo
  const user = res.locals.oauth ? res.locals.oauth.token.User : undefined
-  let resultList: ResultList<VideoCommentModel>
+  let resultList: ResultList<MCommentFormattable>
  if (video.commentsEnabled === true) {
    const apiOptions = await Hooks.wrapObject({
      videoId: video.id,
-      isVideoOwned: video.isOwned(),
      threadId: res.locals.videoCommentThread.id,
      user
    }, 'filter:api.video-thread-comments.list.params')
diff --git a/server/controllers/api/videos/token.ts b/server/controllers/api/videos/token.ts
index 009b6dfb6..22387c3e8 100644
--- a/server/controllers/api/videos/token.ts
+++ b/server/controllers/api/videos/token.ts
@@ -22,7 +22,7 @@ export {
 function generateToken (req: express.Request, res: express.Response) {
  const video = res.locals.onlyVideo
-  const { token, expires } = VideoTokensManager.Instance.create(video.uuid)
+  const { token, expires } = VideoTokensManager.Instance.create({ videoUUID: video.uuid, user: res.locals.oauth.token.User })
  return res.json({
    files: {
diff --git a/server/controllers/feeds.ts b/server/controllers/feeds.ts
index 772fe734d..ef810a842 100644
--- a/server/controllers/feeds.ts
+++ b/server/controllers/feeds.ts
@@ -285,8 +285,8 @@ function addVideosToFeed (feed: Feed, videos: VideoModel[]) {
      content: toSafeHtml(video.description),
      author: [
        {
-          name: video.VideoChannel.Account.getDisplayName(),
+          name: video.VideoChannel.getDisplayName(),
-          link: video.VideoChannel.Account.Actor.url
+          link: video.VideoChannel.Actor.url
        }
      ],
      date: video.publishedAt,
diff --git a/server/controllers/tracker.ts b/server/controllers/tracker.ts
index 19a8b2bc9..c4f3a8889 100644
--- a/server/controllers/tracker.ts
+++ b/server/controllers/tracker.ts
@@ -1,17 +1,22 @@
 import { Server as TrackerServer } from 'bittorrent-tracker'
 import express from 'express'
 import { createServer } from 'http'
+import LRUCache from 'lru-cache'
 import proxyAddr from 'proxy-addr'
 import { WebSocketServer } from 'ws'
-import { Redis } from '@server/lib/redis'
 import { logger } from '../helpers/logger'
 import { CONFIG } from '../initializers/config'
-import { TRACKER_RATE_LIMITS } from '../initializers/constants'
+import { LRU_CACHE, TRACKER_RATE_LIMITS } from '../initializers/constants'
 import { VideoFileModel } from '../models/video/video-file'
 import { VideoStreamingPlaylistModel } from '../models/video/video-streaming-playlist'
 const trackerRouter = express.Router()
+const blockedIPs = new LRUCache<string, boolean>({
+  max: LRU_CACHE.TRACKER_IPS.MAX_SIZE,
+  ttl: TRACKER_RATE_LIMITS.BLOCK_IP_LIFETIME
+})
 let peersIps = {}
 let peersIpInfoHash = {}
 runPeersChecker()
@@ -55,8 +60,7 @@ const trackerServer = new TrackerServer({
      // Close socket connection and block IP for a few time
      if (params.type === 'ws') {
-        Redis.Instance.setTrackerBlockIP(ip)
+        blockedIPs.set(ip, true)
-          .catch(err => logger.error('Cannot set tracker block ip.', { err }))
        // setTimeout to wait filter response
        setTimeout(() => params.socket.close(), 0)
@@ -102,26 +106,22 @@ function createWebsocketTrackerServer (app: express.Application) {
    if (request.url === '/tracker/socket') {
      const ip = proxyAddr(request, CONFIG.TRUST_PROXY)
-      Redis.Instance.doesTrackerBlockIPExist(ip)
+      if (blockedIPs.has(ip)) {
-        .then(result => {
+        logger.debug('Blocking IP %s from tracker.', ip)
-          if (result === true) {
-            logger.debug('Blocking IP %s from tracker.', ip)
-            socket.write('HTTP/1.1 403 Forbidden\r\n\r\n')
+        socket.write('HTTP/1.1 403 Forbidden\r\n\r\n')
-            socket.destroy()
+        socket.destroy()
-            return
+        return
-          }
+      }
-          // FIXME: typings
+      // FIXME: typings
-          return wss.handleUpgrade(request, socket as any, head, ws => wss.emit('connection', ws, request))
+      return wss.handleUpgrade(request, socket as any, head, ws => wss.emit('connection', ws, request))
-        })
-        .catch(err => logger.error('Cannot check if tracker block ip exists.', { err }))
    }
    // Don't destroy socket, we have Socket.IO too
  })
-  return server
+  return { server, trackerServer }
 }
 // ---------------------------------------------------------------------------