31 files changed, 746 insertions, 424 deletions

diff --git a/server/lib/activitypub/actor.ts b/server/lib/activitypub/actor.ts
index a726f9e20..3c9a7ba02 100644
--- a/server/lib/activitypub/actor.ts
+++ b/server/lib/activitypub/actor.ts
@@ -1,26 +1,28 @@
 import * as Bluebird from 'bluebird'
+import { extname } from 'path'
 import { Op, Transaction } from 'sequelize'
 import { URL } from 'url'
 import { v4 as uuidv4 } from 'uuid'
+import { getServerActor } from '@server/models/application/application'
+import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes'
 import { ActivityPubActor, ActivityPubActorType, ActivityPubOrderedCollection } from '../../../shared/models/activitypub'
 import { ActivityPubAttributedTo } from '../../../shared/models/activitypub/objects'
 import { checkUrlsSameHost, getAPId } from '../../helpers/activitypub'
+import { ActorFetchByUrlType, fetchActorByUrl } from '../../helpers/actor'
 import { sanitizeAndCheckActorObject } from '../../helpers/custom-validators/activitypub/actor'
 import { isActivityPubUrlValid } from '../../helpers/custom-validators/activitypub/misc'
 import { retryTransactionWrapper, updateInstanceWithAnother } from '../../helpers/database-utils'
 import { logger } from '../../helpers/logger'
 import { createPrivateAndPublicKeys } from '../../helpers/peertube-crypto'
-import { doRequest } from '../../helpers/requests'
+import { doJSONRequest, PeerTubeRequestError } from '../../helpers/requests'
 import { getUrlFromWebfinger } from '../../helpers/webfinger'
 import { MIMETYPES, WEBSERVER } from '../../initializers/constants'
+import { sequelizeTypescript } from '../../initializers/database'
 import { AccountModel } from '../../models/account/account'
 import { ActorModel } from '../../models/activitypub/actor'
 import { AvatarModel } from '../../models/avatar/avatar'
 import { ServerModel } from '../../models/server/server'
 import { VideoChannelModel } from '../../models/video/video-channel'
-import { JobQueue } from '../job-queue'
-import { ActorFetchByUrlType, fetchActorByUrl } from '../../helpers/actor'
-import { sequelizeTypescript } from '../../initializers/database'
 import {
   MAccount,
   MAccountDefault,
@@ -34,9 +36,7 @@ import {
   MActorId,
   MChannel
 } from '../../types/models'
-import { extname } from 'path'
-import { getServerActor } from '@server/models/application/application'
-import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes'
+import { JobQueue } from '../job-queue'
 
 // Set account keys, this could be long so process after the account creation and do not block the client
 async function generateAndSaveActorKeys <T extends MActor> (actor: T) {
@@ -209,16 +209,10 @@ async function deleteActorAvatarInstance (actor: MActorDefault, t: Transaction)
 }
 
 async function fetchActorTotalItems (url: string) {
-  const options = {
-    uri: url,
-    method: 'GET',
-    json: true,
-    activityPub: true
-  }
-
   try {
-    const { body } = await doRequest<ActivityPubOrderedCollection<unknown>>(options)
-    return body.totalItems ? body.totalItems : 0
+    const { body } = await doJSONRequest<ActivityPubOrderedCollection<unknown>>(url, { activityPub: true })
+
+    return body.totalItems || 0
   } catch (err) {
     logger.warn('Cannot fetch remote actor count %s.', url, { err })
     return 0
@@ -285,16 +279,7 @@ async function refreshActorIfNeeded <T extends MActorFull | MActorAccountChannel
       actorUrl = actor.url
     }
 
-    const { result, statusCode } = await fetchRemoteActor(actorUrl)
-
-    if (statusCode === HttpStatusCode.NOT_FOUND_404) {
-      logger.info('Deleting actor %s because there is a 404 in refresh actor.', actor.url)
-      actor.Account
-        ? await actor.Account.destroy()
-        : await actor.VideoChannel.destroy()
-
-      return { actor: undefined, refreshed: false }
-    }
+    const { result } = await fetchRemoteActor(actorUrl)
 
     if (result === undefined) {
       logger.warn('Cannot fetch remote actor in refresh actor.')
@@ -334,6 +319,15 @@ async function refreshActorIfNeeded <T extends MActorFull | MActorAccountChannel
       return { refreshed: true, actor }
     })
   } catch (err) {
+    if ((err as PeerTubeRequestError).statusCode === HttpStatusCode.NOT_FOUND_404) {
+      logger.info('Deleting actor %s because there is a 404 in refresh actor.', actor.url)
+      actor.Account
+        ? await actor.Account.destroy()
+        : await actor.VideoChannel.destroy()
+
+      return { actor: undefined, refreshed: false }
+    }
+
     logger.warn('Cannot refresh actor %s.', actor.url, { err })
     return { actor, refreshed: false }
   }
@@ -449,26 +443,19 @@ type FetchRemoteActorResult = {
   attributedTo: ActivityPubAttributedTo[]
 }
 async function fetchRemoteActor (actorUrl: string): Promise<{ statusCode?: number, result: FetchRemoteActorResult }> {
-  const options = {
-    uri: actorUrl,
-    method: 'GET',
-    json: true,
-    activityPub: true
-  }
-
   logger.info('Fetching remote actor %s.', actorUrl)
 
-  const requestResult = await doRequest<ActivityPubActor>(options)
+  const requestResult = await doJSONRequest<ActivityPubActor>(actorUrl, { activityPub: true })
   const actorJSON = requestResult.body
 
   if (sanitizeAndCheckActorObject(actorJSON) === false) {
     logger.debug('Remote actor JSON is not valid.', { actorJSON })
-    return { result: undefined, statusCode: requestResult.response.statusCode }
+    return { result: undefined, statusCode: requestResult.statusCode }
   }
 
   if (checkUrlsSameHost(actorJSON.id, actorUrl) !== true) {
     logger.warn('Actor url %s has not the same host than its AP id %s', actorUrl, actorJSON.id)
-    return { result: undefined, statusCode: requestResult.response.statusCode }
+    return { result: undefined, statusCode: requestResult.statusCode }
   }
 
   const followersCount = await fetchActorTotalItems(actorJSON.followers)
@@ -496,7 +483,7 @@ async function fetchRemoteActor (actorUrl: string): Promise<{ statusCode?: numbe
 
   const name = actorJSON.name || actorJSON.preferredUsername
   return {
-    statusCode: requestResult.response.statusCode,
+    statusCode: requestResult.statusCode,
     result: {
       actor,
       name,
diff --git a/server/lib/activitypub/crawl.ts b/server/lib/activitypub/crawl.ts
index 1ed105bbe..278abf7de 100644
--- a/server/lib/activitypub/crawl.ts
+++ b/server/lib/activitypub/crawl.ts
@@ -1,27 +1,26 @@
-import { ACTIVITY_PUB, REQUEST_TIMEOUT, WEBSERVER } from '../../initializers/constants'
-import { doRequest } from '../../helpers/requests'
-import { logger } from '../../helpers/logger'
 import * as Bluebird from 'bluebird'
-import { ActivityPubOrderedCollection } from '../../../shared/models/activitypub'
 import { URL } from 'url'
+import { ActivityPubOrderedCollection } from '../../../shared/models/activitypub'
+import { logger } from '../../helpers/logger'
+import { doJSONRequest } from '../../helpers/requests'
+import { ACTIVITY_PUB, REQUEST_TIMEOUT, WEBSERVER } from '../../initializers/constants'
 
 type HandlerFunction<T> = (items: T[]) => (Promise<any> | Bluebird<any>)
 type CleanerFunction = (startedDate: Date) => (Promise<any> | Bluebird<any>)
 
-async function crawlCollectionPage <T> (uri: string, handler: HandlerFunction<T>, cleaner?: CleanerFunction) {
-  logger.info('Crawling ActivityPub data on %s.', uri)
+async function crawlCollectionPage <T> (argUrl: string, handler: HandlerFunction<T>, cleaner?: CleanerFunction) {
+  let url = argUrl
+
+  logger.info('Crawling ActivityPub data on %s.', url)
 
   const options = {
-    method: 'GET',
-    uri,
-    json: true,
     activityPub: true,
     timeout: REQUEST_TIMEOUT
   }
 
   const startDate = new Date()
 
-  const response = await doRequest<ActivityPubOrderedCollection<T>>(options)
+  const response = await doJSONRequest<ActivityPubOrderedCollection<T>>(url, options)
   const firstBody = response.body
 
   const limit = ACTIVITY_PUB.FETCH_PAGE_LIMIT
@@ -35,9 +34,9 @@ async function crawlCollectionPage <T> (uri: string, handler: HandlerFunction<T>
       const remoteHost = new URL(nextLink).host
       if (remoteHost === WEBSERVER.HOST) continue
 
-      options.uri = nextLink
+      url = nextLink
 
-      const res = await doRequest<ActivityPubOrderedCollection<T>>(options)
+      const res = await doJSONRequest<ActivityPubOrderedCollection<T>>(url, options)
       body = res.body
     } else {
       // nextLink is already the object we want
@@ -49,7 +48,7 @@ async function crawlCollectionPage <T> (uri: string, handler: HandlerFunction<T>
 
     if (Array.isArray(body.orderedItems)) {
       const items = body.orderedItems
-      logger.info('Processing %i ActivityPub items for %s.', items.length, options.uri)
+      logger.info('Processing %i ActivityPub items for %s.', items.length, url)
 
       await handler(items)
     }
diff --git a/server/lib/activitypub/playlist.ts b/server/lib/activitypub/playlist.ts
index d5a3ef7c8..7166c68a6 100644
--- a/server/lib/activitypub/playlist.ts
+++ b/server/lib/activitypub/playlist.ts
@@ -1,24 +1,24 @@
+import * as Bluebird from 'bluebird'
+import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes'
+import { PlaylistElementObject } from '../../../shared/models/activitypub/objects/playlist-element-object'
 import { PlaylistObject } from '../../../shared/models/activitypub/objects/playlist-object'
-import { crawlCollectionPage } from './crawl'
-import { ACTIVITY_PUB, CRAWL_REQUEST_CONCURRENCY } from '../../initializers/constants'
+import { VideoPlaylistPrivacy } from '../../../shared/models/videos/playlist/video-playlist-privacy.model'
+import { checkUrlsSameHost } from '../../helpers/activitypub'
+import { isPlaylistElementObjectValid, isPlaylistObjectValid } from '../../helpers/custom-validators/activitypub/playlist'
 import { isArray } from '../../helpers/custom-validators/misc'
-import { getOrCreateActorAndServerAndModel } from './actor'
 import { logger } from '../../helpers/logger'
+import { doJSONRequest, PeerTubeRequestError } from '../../helpers/requests'
+import { ACTIVITY_PUB, CRAWL_REQUEST_CONCURRENCY } from '../../initializers/constants'
+import { sequelizeTypescript } from '../../initializers/database'
 import { VideoPlaylistModel } from '../../models/video/video-playlist'
-import { doRequest } from '../../helpers/requests'
-import { checkUrlsSameHost } from '../../helpers/activitypub'
-import * as Bluebird from 'bluebird'
-import { PlaylistElementObject } from '../../../shared/models/activitypub/objects/playlist-element-object'
-import { getOrCreateVideoAndAccountAndChannel } from './videos'
-import { isPlaylistElementObjectValid, isPlaylistObjectValid } from '../../helpers/custom-validators/activitypub/playlist'
 import { VideoPlaylistElementModel } from '../../models/video/video-playlist-element'
-import { VideoPlaylistPrivacy } from '../../../shared/models/videos/playlist/video-playlist-privacy.model'
-import { sequelizeTypescript } from '../../initializers/database'
-import { createPlaylistMiniatureFromUrl } from '../thumbnail'
-import { FilteredModelAttributes } from '../../types/sequelize'
 import { MAccountDefault, MAccountId, MVideoId } from '../../types/models'
 import { MVideoPlaylist, MVideoPlaylistId, MVideoPlaylistOwner } from '../../types/models/video/video-playlist'
-import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes'
+import { FilteredModelAttributes } from '../../types/sequelize'
+import { createPlaylistMiniatureFromUrl } from '../thumbnail'
+import { getOrCreateActorAndServerAndModel } from './actor'
+import { crawlCollectionPage } from './crawl'
+import { getOrCreateVideoAndAccountAndChannel } from './videos'
 
 function playlistObjectToDBAttributes (playlistObject: PlaylistObject, byAccount: MAccountId, to: string[]) {
   const privacy = to.includes(ACTIVITY_PUB.PUBLIC)
@@ -56,11 +56,7 @@ async function createAccountPlaylists (playlistUrls: string[], account: MAccount
       if (exists === true) return
 
       // Fetch url
-      const { body } = await doRequest<PlaylistObject>({
-        uri: playlistUrl,
-        json: true,
-        activityPub: true
-      })
+      const { body } = await doJSONRequest<PlaylistObject>(playlistUrl, { activityPub: true })
 
       if (!isPlaylistObjectValid(body)) {
         throw new Error(`Invalid playlist object when fetch account playlists: ${JSON.stringify(body)}`)
@@ -120,13 +116,7 @@ async function refreshVideoPlaylistIfNeeded (videoPlaylist: MVideoPlaylistOwner)
   if (!videoPlaylist.isOutdated()) return videoPlaylist
 
   try {
-    const { statusCode, playlistObject } = await fetchRemoteVideoPlaylist(videoPlaylist.url)
-    if (statusCode === HttpStatusCode.NOT_FOUND_404) {
-      logger.info('Cannot refresh remote video playlist %s: it does not exist anymore. Deleting it.', videoPlaylist.url)
-
-      await videoPlaylist.destroy()
-      return undefined
-    }
+    const { playlistObject } = await fetchRemoteVideoPlaylist(videoPlaylist.url)
 
     if (playlistObject === undefined) {
       logger.warn('Cannot refresh remote playlist %s: invalid body.', videoPlaylist.url)
@@ -140,6 +130,13 @@ async function refreshVideoPlaylistIfNeeded (videoPlaylist: MVideoPlaylistOwner)
 
     return videoPlaylist
   } catch (err) {
+    if ((err as PeerTubeRequestError).statusCode === HttpStatusCode.NOT_FOUND_404) {
+      logger.info('Cannot refresh remote video playlist %s: it does not exist anymore. Deleting it.', videoPlaylist.url)
+
+      await videoPlaylist.destroy()
+      return undefined
+    }
+
     logger.warn('Cannot refresh video playlist %s.', videoPlaylist.url, { err })
 
     await videoPlaylist.setAsRefreshed()
@@ -164,12 +161,7 @@ async function resetVideoPlaylistElements (elementUrls: string[], playlist: MVid
 
   await Bluebird.map(elementUrls, async elementUrl => {
     try {
-      // Fetch url
-      const { body } = await doRequest<PlaylistElementObject>({
-        uri: elementUrl,
-        json: true,
-        activityPub: true
-      })
+      const { body } = await doJSONRequest<PlaylistElementObject>(elementUrl, { activityPub: true })
 
       if (!isPlaylistElementObjectValid(body)) throw new Error(`Invalid body in video get playlist element ${elementUrl}`)
 
@@ -199,21 +191,14 @@ async function resetVideoPlaylistElements (elementUrls: string[], playlist: MVid
 }
 
 async function fetchRemoteVideoPlaylist (playlistUrl: string): Promise<{ statusCode: number, playlistObject: PlaylistObject }> {
-  const options = {
-    uri: playlistUrl,
-    method: 'GET',
-    json: true,
-    activityPub: true
-  }
-
   logger.info('Fetching remote playlist %s.', playlistUrl)
 
-  const { response, body } = await doRequest<any>(options)
+  const { body, statusCode } = await doJSONRequest<any>(playlistUrl, { activityPub: true })
 
   if (isPlaylistObjectValid(body) === false || checkUrlsSameHost(body.id, playlistUrl) !== true) {
     logger.debug('Remote video playlist JSON is not valid.', { body })
-    return { statusCode: response.statusCode, playlistObject: undefined }
+    return { statusCode, playlistObject: undefined }
   }
 
-  return { statusCode: response.statusCode, playlistObject: body }
+  return { statusCode, playlistObject: body }
 }
diff --git a/server/lib/activitypub/send/send-create.ts b/server/lib/activitypub/send/send-create.ts
index 9fb218224..baded642a 100644
--- a/server/lib/activitypub/send/send-create.ts
+++ b/server/lib/activitypub/send/send-create.ts
@@ -4,7 +4,7 @@ import { VideoPrivacy } from '../../../../shared/models/videos'
 import { VideoCommentModel } from '../../../models/video/video-comment'
 import { broadcastToActors, broadcastToFollowers, sendVideoRelatedActivity, unicastTo } from './utils'
 import { audiencify, getActorsInvolvedInVideo, getAudience, getAudienceFromFollowersOf, getVideoCommentAudience } from '../audience'
-import { logger } from '../../../helpers/logger'
+import { logger, loggerTagsFactory } from '../../../helpers/logger'
 import { VideoPlaylistPrivacy } from '../../../../shared/models/videos/playlist/video-playlist-privacy.model'
 import {
   MActorLight,
@@ -18,10 +18,12 @@ import {
 import { getServerActor } from '@server/models/application/application'
 import { ContextType } from '@shared/models/activitypub/context'
 
+const lTags = loggerTagsFactory('ap', 'create')
+
 async function sendCreateVideo (video: MVideoAP, t: Transaction) {
   if (!video.hasPrivacyForFederation()) return undefined
 
-  logger.info('Creating job to send video creation of %s.', video.url)
+  logger.info('Creating job to send video creation of %s.', video.url, lTags(video.uuid))
 
   const byActor = video.VideoChannel.Account.Actor
   const videoObject = video.toActivityPubObject()
@@ -37,7 +39,7 @@ async function sendCreateCacheFile (
   video: MVideoAccountLight,
   fileRedundancy: MVideoRedundancyStreamingPlaylistVideo | MVideoRedundancyFileVideo
 ) {
-  logger.info('Creating job to send file cache of %s.', fileRedundancy.url)
+  logger.info('Creating job to send file cache of %s.', fileRedundancy.url, lTags(video.uuid))
 
   return sendVideoRelatedCreateActivity({
     byActor,
@@ -51,7 +53,7 @@ async function sendCreateCacheFile (
 async function sendCreateVideoPlaylist (playlist: MVideoPlaylistFull, t: Transaction) {
   if (playlist.privacy === VideoPlaylistPrivacy.PRIVATE) return undefined
 
-  logger.info('Creating job to send create video playlist of %s.', playlist.url)
+  logger.info('Creating job to send create video playlist of %s.', playlist.url, lTags(playlist.uuid))
 
   const byActor = playlist.OwnerAccount.Actor
   const audience = getAudience(byActor, playlist.privacy === VideoPlaylistPrivacy.PUBLIC)
diff --git a/server/lib/activitypub/share.ts b/server/lib/activitypub/share.ts
index 1f8a8f3c4..c22fa0893 100644
--- a/server/lib/activitypub/share.ts
+++ b/server/lib/activitypub/share.ts
@@ -1,15 +1,17 @@
+import * as Bluebird from 'bluebird'
 import { Transaction } from 'sequelize'
+import { getServerActor } from '@server/models/application/application'
+import { checkUrlsSameHost, getAPId } from '../../helpers/activitypub'
+import { logger, loggerTagsFactory } from '../../helpers/logger'
+import { doJSONRequest } from '../../helpers/requests'
+import { CRAWL_REQUEST_CONCURRENCY } from '../../initializers/constants'
 import { VideoShareModel } from '../../models/video/video-share'
+import { MChannelActorLight, MVideo, MVideoAccountLight, MVideoId } from '../../types/models/video'
+import { getOrCreateActorAndServerAndModel } from './actor'
 import { sendUndoAnnounce, sendVideoAnnounce } from './send'
 import { getLocalVideoAnnounceActivityPubUrl } from './url'
-import * as Bluebird from 'bluebird'
-import { doRequest } from '../../helpers/requests'
-import { getOrCreateActorAndServerAndModel } from './actor'
-import { logger } from '../../helpers/logger'
-import { CRAWL_REQUEST_CONCURRENCY } from '../../initializers/constants'
-import { checkUrlsSameHost, getAPId } from '../../helpers/activitypub'
-import { MChannelActorLight, MVideo, MVideoAccountLight, MVideoId } from '../../types/models/video'
-import { getServerActor } from '@server/models/application/application'
+
+const lTags = loggerTagsFactory('share')
 
 async function shareVideoByServerAndChannel (video: MVideoAccountLight, t: Transaction) {
   if (!video.hasPrivacyForFederation()) return undefined
@@ -25,7 +27,10 @@ async function changeVideoChannelShare (
   oldVideoChannel: MChannelActorLight,
   t: Transaction
 ) {
-  logger.info('Updating video channel of video %s: %s -> %s.', video.uuid, oldVideoChannel.name, video.VideoChannel.name)
+  logger.info(
+    'Updating video channel of video %s: %s -> %s.', video.uuid, oldVideoChannel.name, video.VideoChannel.name,
+    lTags(video.uuid)
+  )
 
   await undoShareByVideoChannel(video, oldVideoChannel, t)
 
@@ -35,12 +40,7 @@ async function changeVideoChannelShare (
 async function addVideoShares (shareUrls: string[], video: MVideoId) {
   await Bluebird.map(shareUrls, async shareUrl => {
     try {
-      // Fetch url
-      const { body } = await doRequest<any>({
-        uri: shareUrl,
-        json: true,
-        activityPub: true
-      })
+      const { body } = await doJSONRequest<any>(shareUrl, { activityPub: true })
       if (!body || !body.actor) throw new Error('Body or body actor is invalid')
 
       const actorUrl = getAPId(body.actor)
diff --git a/server/lib/activitypub/video-comments.ts b/server/lib/activitypub/video-comments.ts
index d025ed7f1..e23e0c0e7 100644
--- a/server/lib/activitypub/video-comments.ts
+++ b/server/lib/activitypub/video-comments.ts
@@ -1,13 +1,13 @@
+import * as Bluebird from 'bluebird'
+import { checkUrlsSameHost } from '../../helpers/activitypub'
 import { sanitizeAndCheckVideoCommentObject } from '../../helpers/custom-validators/activitypub/video-comments'
 import { logger } from '../../helpers/logger'
-import { doRequest } from '../../helpers/requests'
+import { doJSONRequest } from '../../helpers/requests'
 import { ACTIVITY_PUB, CRAWL_REQUEST_CONCURRENCY } from '../../initializers/constants'
 import { VideoCommentModel } from '../../models/video/video-comment'
+import { MCommentOwner, MCommentOwnerVideo, MVideoAccountLightBlacklistAllFiles } from '../../types/models/video'
 import { getOrCreateActorAndServerAndModel } from './actor'
 import { getOrCreateVideoAndAccountAndChannel } from './videos'
-import * as Bluebird from 'bluebird'
-import { checkUrlsSameHost } from '../../helpers/activitypub'
-import { MCommentOwner, MCommentOwnerVideo, MVideoAccountLightBlacklistAllFiles } from '../../types/models/video'
 
 type ResolveThreadParams = {
   url: string
@@ -18,8 +18,12 @@ type ResolveThreadParams = {
 type ResolveThreadResult = Promise<{ video: MVideoAccountLightBlacklistAllFiles, comment: MCommentOwnerVideo, commentCreated: boolean }>
 
 async function addVideoComments (commentUrls: string[]) {
-  return Bluebird.map(commentUrls, commentUrl => {
-    return resolveThread({ url: commentUrl, isVideo: false })
+  return Bluebird.map(commentUrls, async commentUrl => {
+    try {
+      await resolveThread({ url: commentUrl, isVideo: false })
+    } catch (err) {
+      logger.warn('Cannot resolve thread %s.', commentUrl, { err })
+    }
   }, { concurrency: CRAWL_REQUEST_CONCURRENCY })
 }
 
@@ -126,11 +130,7 @@ async function resolveRemoteParentComment (params: ResolveThreadParams) {
     throw new Error('Recursion limit reached when resolving a thread')
   }
 
-  const { body } = await doRequest<any>({
-    uri: url,
-    json: true,
-    activityPub: true
-  })
+  const { body } = await doJSONRequest<any>(url, { activityPub: true })
 
   if (sanitizeAndCheckVideoCommentObject(body) === false) {
     throw new Error(`Remote video comment JSON ${url} is not valid:` + JSON.stringify(body))
diff --git a/server/lib/activitypub/video-rates.ts b/server/lib/activitypub/video-rates.ts
index e246b1313..f40c07fea 100644
--- a/server/lib/activitypub/video-rates.ts
+++ b/server/lib/activitypub/video-rates.ts
@@ -1,26 +1,22 @@
+import * as Bluebird from 'bluebird'
 import { Transaction } from 'sequelize'
-import { sendLike, sendUndoDislike, sendUndoLike } from './send'
+import { doJSONRequest } from '@server/helpers/requests'
 import { VideoRateType } from '../../../shared/models/videos'
-import * as Bluebird from 'bluebird'
-import { getOrCreateActorAndServerAndModel } from './actor'
-import { AccountVideoRateModel } from '../../models/account/account-video-rate'
+import { checkUrlsSameHost, getAPId } from '../../helpers/activitypub'
 import { logger } from '../../helpers/logger'
 import { CRAWL_REQUEST_CONCURRENCY } from '../../initializers/constants'
-import { doRequest } from '../../helpers/requests'
-import { checkUrlsSameHost, getAPId } from '../../helpers/activitypub'
-import { getVideoDislikeActivityPubUrlByLocalActor, getVideoLikeActivityPubUrlByLocalActor } from './url'
-import { sendDislike } from './send/send-dislike'
+import { AccountVideoRateModel } from '../../models/account/account-video-rate'
 import { MAccountActor, MActorUrl, MVideo, MVideoAccountLight, MVideoId } from '../../types/models'
+import { getOrCreateActorAndServerAndModel } from './actor'
+import { sendLike, sendUndoDislike, sendUndoLike } from './send'
+import { sendDislike } from './send/send-dislike'
+import { getVideoDislikeActivityPubUrlByLocalActor, getVideoLikeActivityPubUrlByLocalActor } from './url'
 
 async function createRates (ratesUrl: string[], video: MVideo, rate: VideoRateType) {
   await Bluebird.map(ratesUrl, async rateUrl => {
     try {
       // Fetch url
-      const { body } = await doRequest<any>({
-        uri: rateUrl,
-        json: true,
-        activityPub: true
-      })
+      const { body } = await doJSONRequest<any>(rateUrl, { activityPub: true })
       if (!body || !body.actor) throw new Error('Body or body actor is invalid')
 
       const actorUrl = getAPId(body.actor)
diff --git a/server/lib/activitypub/videos.ts b/server/lib/activitypub/videos.ts
index c02578aad..d484edd36 100644
--- a/server/lib/activitypub/videos.ts
+++ b/server/lib/activitypub/videos.ts
@@ -2,7 +2,6 @@ import * as Bluebird from 'bluebird'
 import { maxBy, minBy } from 'lodash'
 import * as magnetUtil from 'magnet-uri'
 import { basename, join } from 'path'
-import * as request from 'request'
 import { Transaction } from 'sequelize/types'
 import { TrackerModel } from '@server/models/server/tracker'
 import { VideoLiveModel } from '@server/models/video/video-live'
@@ -31,7 +30,7 @@ import { isArray } from '../../helpers/custom-validators/misc'
 import { isVideoFileInfoHashValid } from '../../helpers/custom-validators/videos'
 import { deleteNonExistingModels, resetSequelizeInstance, retryTransactionWrapper } from '../../helpers/database-utils'
 import { logger } from '../../helpers/logger'
-import { doRequest } from '../../helpers/requests'
+import { doJSONRequest, PeerTubeRequestError } from '../../helpers/requests'
 import { fetchVideoByUrl, getExtFromMimetype, VideoFetchByUrlType } from '../../helpers/video'
 import {
   ACTIVITY_PUB,
@@ -115,36 +114,26 @@ async function federateVideoIfNeeded (videoArg: MVideoAPWithoutCaption, isNewVid
   }
 }
 
-async function fetchRemoteVideo (videoUrl: string): Promise<{ response: request.RequestResponse, videoObject: VideoObject }> {
-  const options = {
-    uri: videoUrl,
-    method: 'GET',
-    json: true,
-    activityPub: true
-  }
-
+async function fetchRemoteVideo (videoUrl: string): Promise<{ statusCode: number, videoObject: VideoObject }> {
   logger.info('Fetching remote video %s.', videoUrl)
 
-  const { response, body } = await doRequest<any>(options)
+  const { statusCode, body } = await doJSONRequest<any>(videoUrl, { activityPub: true })
 
   if (sanitizeAndCheckVideoTorrentObject(body) === false || checkUrlsSameHost(body.id, videoUrl) !== true) {
     logger.debug('Remote video JSON is not valid.', { body })
-    return { response, videoObject: undefined }
+    return { statusCode, videoObject: undefined }
   }
 
-  return { response, videoObject: body }
+  return { statusCode, videoObject: body }
 }
 
 async function fetchRemoteVideoDescription (video: MVideoAccountLight) {
   const host = video.VideoChannel.Account.Actor.Server.host
   const path = video.getDescriptionAPIPath()
-  const options = {
-    uri: REMOTE_SCHEME.HTTP + '://' + host + path,
-    json: true
-  }
+  const url = REMOTE_SCHEME.HTTP + '://' + host + path
 
-  const { body } = await doRequest<any>(options)
-  return body.description ? body.description : ''
+  const { body } = await doJSONRequest<any>(url)
+  return body.description || ''
 }
 
 function getOrCreateVideoChannelFromVideoObject (videoObject: VideoObject) {
@@ -534,14 +523,7 @@ async function refreshVideoIfNeeded (options: {
     : await VideoModel.loadByUrlAndPopulateAccount(options.video.url)
 
   try {
-    const { response, videoObject } = await fetchRemoteVideo(video.url)
-    if (response.statusCode === HttpStatusCode.NOT_FOUND_404) {
-      logger.info('Cannot refresh remote video %s: video does not exist anymore. Deleting it.', video.url)
-
-      // Video does not exist anymore
-      await video.destroy()
-      return undefined
-    }
+    const { videoObject } = await fetchRemoteVideo(video.url)
 
     if (videoObject === undefined) {
       logger.warn('Cannot refresh remote video %s: invalid body.', video.url)
@@ -565,6 +547,14 @@ async function refreshVideoIfNeeded (options: {
 
     return video
   } catch (err) {
+    if ((err as PeerTubeRequestError).statusCode === HttpStatusCode.NOT_FOUND_404) {
+      logger.info('Cannot refresh remote video %s: video does not exist anymore. Deleting it.', video.url)
+
+      // Video does not exist anymore
+      await video.destroy()
+      return undefined
+    }
+
     logger.warn('Cannot refresh video %s.', options.video.url, { err })
 
     ActorFollowScoreCache.Instance.addBadServerId(video.VideoChannel.Actor.serverId)
diff --git a/server/lib/auth.ts b/server/lib/auth/external-auth.ts
index dbd421a7b..80f5064b6 100644
--- a/server/lib/auth.ts
+++ b/server/lib/auth/external-auth.ts
@@ -1,28 +1,16 @@
+
 import { isUserDisplayNameValid, isUserRoleValid, isUserUsernameValid } from '@server/helpers/custom-validators/users'
 import { logger } from '@server/helpers/logger'
 import { generateRandomString } from '@server/helpers/utils'
-import { OAUTH_LIFETIME, PLUGIN_EXTERNAL_AUTH_TOKEN_LIFETIME } from '@server/initializers/constants'
-import { revokeToken } from '@server/lib/oauth-model'
+import { PLUGIN_EXTERNAL_AUTH_TOKEN_LIFETIME } from '@server/initializers/constants'
 import { PluginManager } from '@server/lib/plugins/plugin-manager'
 import { OAuthTokenModel } from '@server/models/oauth/oauth-token'
-import { UserRole } from '@shared/models'
 import {
   RegisterServerAuthenticatedResult,
   RegisterServerAuthPassOptions,
   RegisterServerExternalAuthenticatedResult
 } from '@server/types/plugins/register-server-auth.model'
-import * as express from 'express'
-import * as OAuthServer from 'express-oauth-server'
-import { HttpStatusCode } from '@shared/core-utils/miscs/http-error-codes'
-
-const oAuthServer = new OAuthServer({
-  useErrorHandler: true,
-  accessTokenLifetime: OAUTH_LIFETIME.ACCESS_TOKEN,
-  refreshTokenLifetime: OAUTH_LIFETIME.REFRESH_TOKEN,
-  allowExtendedTokenAttributes: true,
-  continueMiddleware: true,
-  model: require('./oauth-model')
-})
+import { UserRole } from '@shared/models'
 
 // Token is the key, expiration date is the value
 const authBypassTokens = new Map<string, {
@@ -37,42 +25,6 @@ const authBypassTokens = new Map<string, {
   npmName: string
 }>()
 
-async function handleLogin (req: express.Request, res: express.Response, next: express.NextFunction) {
-  const grantType = req.body.grant_type
-
-  if (grantType === 'password') {
-    if (req.body.externalAuthToken) proxifyExternalAuthBypass(req, res)
-    else await proxifyPasswordGrant(req, res)
-  } else if (grantType === 'refresh_token') {
-    await proxifyRefreshGrant(req, res)
-  }
-
-  return forwardTokenReq(req, res, next)
-}
-
-async function handleTokenRevocation (req: express.Request, res: express.Response) {
-  const token = res.locals.oauth.token
-
-  res.locals.explicitLogout = true
-  const result = await revokeToken(token)
-
-  // FIXME: uncomment when https://github.com/oauthjs/node-oauth2-server/pull/289 is released
-  // oAuthServer.revoke(req, res, err => {
-  //   if (err) {
-  //     logger.warn('Error in revoke token handler.', { err })
-  //
-  //     return res.status(err.status)
-  //               .json({
-  //                 error: err.message,
-  //                 code: err.name
-  //               })
-  //               .end()
-  //   }
-  // })
-
-  return res.json(result)
-}
-
 async function onExternalUserAuthenticated (options: {
   npmName: string
   authName: string
@@ -107,7 +59,7 @@ async function onExternalUserAuthenticated (options: {
     authName
   })
 
-  // Cleanup
+  // Cleanup expired tokens
   const now = new Date()
   for (const [ key, value ] of authBypassTokens) {
     if (value.expires.getTime() < now.getTime()) {
@@ -118,37 +70,15 @@ async function onExternalUserAuthenticated (options: {
   res.redirect(`/login?externalAuthToken=${bypassToken}&username=${user.username}`)
 }
 
-// ---------------------------------------------------------------------------
-
-export { oAuthServer, handleLogin, onExternalUserAuthenticated, handleTokenRevocation }
-
-// ---------------------------------------------------------------------------
-
-function forwardTokenReq (req: express.Request, res: express.Response, next?: express.NextFunction) {
-  return oAuthServer.token()(req, res, err => {
-    if (err) {
-      logger.warn('Login error.', { err })
-
-      return res.status(err.status)
-        .json({
-          error: err.message,
-          code: err.name
-        })
-    }
-
-    if (next) return next()
-  })
-}
-
-async function proxifyRefreshGrant (req: express.Request, res: express.Response) {
-  const refreshToken = req.body.refresh_token
-  if (!refreshToken) return
+async function getAuthNameFromRefreshGrant (refreshToken?: string) {
+  if (!refreshToken) return undefined
 
   const tokenModel = await OAuthTokenModel.loadByRefreshToken(refreshToken)
-  if (tokenModel?.authName) res.locals.refreshTokenAuthName = tokenModel.authName
+
+  return tokenModel?.authName
 }
 
-async function proxifyPasswordGrant (req: express.Request, res: express.Response) {
+async function getBypassFromPasswordGrant (username: string, password: string) {
   const plugins = PluginManager.Instance.getIdAndPassAuths()
   const pluginAuths: { npmName?: string, registerAuthOptions: RegisterServerAuthPassOptions }[] = []
 
@@ -174,8 +104,8 @@ async function proxifyPasswordGrant (req: express.Request, res: express.Response
   })
 
   const loginOptions = {
-    id: req.body.username,
-    password: req.body.password
+    id: username,
+    password
   }
 
   for (const pluginAuth of pluginAuths) {
@@ -199,49 +129,41 @@ async function proxifyPasswordGrant (req: express.Request, res: express.Response
         authName, npmName, loginOptions.id
       )
 
-      res.locals.bypassLogin = {
+      return {
         bypass: true,
         pluginName: pluginAuth.npmName,
         authName: authOptions.authName,
         user: buildUserResult(loginResult)
       }
-
-      return
     } catch (err) {
       logger.error('Error in auth method %s of plugin %s', authOptions.authName, pluginAuth.npmName, { err })
     }
   }
+
+  return undefined
 }
 
-function proxifyExternalAuthBypass (req: express.Request, res: express.Response) {
-  const obj = authBypassTokens.get(req.body.externalAuthToken)
-  if (!obj) {
-    logger.error('Cannot authenticate user with unknown bypass token')
-    return res.sendStatus(HttpStatusCode.BAD_REQUEST_400)
-  }
+function getBypassFromExternalAuth (username: string, externalAuthToken: string) {
+  const obj = authBypassTokens.get(externalAuthToken)
+  if (!obj) throw new Error('Cannot authenticate user with unknown bypass token')
 
   const { expires, user, authName, npmName } = obj
 
   const now = new Date()
   if (now.getTime() > expires.getTime()) {
-    logger.error('Cannot authenticate user with an expired external auth token')
-    return res.sendStatus(HttpStatusCode.BAD_REQUEST_400)
+    throw new Error('Cannot authenticate user with an expired external auth token')
   }
 
-  if (user.username !== req.body.username) {
-    logger.error('Cannot authenticate user %s with invalid username %s.', req.body.username)
-    return res.sendStatus(HttpStatusCode.BAD_REQUEST_400)
+  if (user.username !== username) {
+    throw new Error(`Cannot authenticate user ${user.username} with invalid username ${username}`)
   }
 
-  // Bypass oauth library validation
-  req.body.password = 'fake'
-
   logger.info(
     'Auth success with external auth method %s of plugin %s for %s.',
     authName, npmName, user.email
   )
 
-  res.locals.bypassLogin = {
+  return {
     bypass: true,
     pluginName: npmName,
     authName: authName,
@@ -286,3 +208,12 @@ function buildUserResult (pluginResult: RegisterServerAuthenticatedResult) {
     displayName: pluginResult.displayName || pluginResult.username
   }
 }
+
+// ---------------------------------------------------------------------------
+
+export {
+  onExternalUserAuthenticated,
+  getBypassFromExternalAuth,
+  getAuthNameFromRefreshGrant,
+  getBypassFromPasswordGrant
+}
diff --git a/server/lib/oauth-model.ts b/server/lib/auth/oauth-model.ts
index a2c53a2c9..b9c69eb2d 100644
--- a/server/lib/oauth-model.ts
+++ b/server/lib/auth/oauth-model.ts
@@ -1,49 +1,36 @@
 import * as express from 'express'
-import * as LRUCache from 'lru-cache'
 import { AccessDeniedError } from 'oauth2-server'
-import { Transaction } from 'sequelize'
 import { PluginManager } from '@server/lib/plugins/plugin-manager'
 import { ActorModel } from '@server/models/activitypub/actor'
+import { MOAuthClient } from '@server/types/models'
 import { MOAuthTokenUser } from '@server/types/models/oauth/oauth-token'
 import { MUser } from '@server/types/models/user/user'
 import { UserAdminFlag } from '@shared/models/users/user-flag.model'
 import { UserRole } from '@shared/models/users/user-role'
-import { logger } from '../helpers/logger'
-import { CONFIG } from '../initializers/config'
-import { LRU_CACHE } from '../initializers/constants'
-import { UserModel } from '../models/account/user'
-import { OAuthClientModel } from '../models/oauth/oauth-client'
-import { OAuthTokenModel } from '../models/oauth/oauth-token'
-import { createUserAccountAndChannelAndPlaylist } from './user'
-
-type TokenInfo = { accessToken: string, refreshToken: string, accessTokenExpiresAt: Date, refreshTokenExpiresAt: Date }
-
-const accessTokenCache = new LRUCache<string, MOAuthTokenUser>({ max: LRU_CACHE.USER_TOKENS.MAX_SIZE })
-const userHavingToken = new LRUCache<number, string>({ max: LRU_CACHE.USER_TOKENS.MAX_SIZE })
-
-// ---------------------------------------------------------------------------
-
-function deleteUserToken (userId: number, t?: Transaction) {
-  clearCacheByUserId(userId)
-
-  return OAuthTokenModel.deleteUserToken(userId, t)
+import { logger } from '../../helpers/logger'
+import { CONFIG } from '../../initializers/config'
+import { UserModel } from '../../models/account/user'
+import { OAuthClientModel } from '../../models/oauth/oauth-client'
+import { OAuthTokenModel } from '../../models/oauth/oauth-token'
+import { createUserAccountAndChannelAndPlaylist } from '../user'
+import { TokensCache } from './tokens-cache'
+
+type TokenInfo = {
+  accessToken: string
+  refreshToken: string
+  accessTokenExpiresAt: Date
+  refreshTokenExpiresAt: Date
 }
 
-function clearCacheByUserId (userId: number) {
-  const token = userHavingToken.get(userId)
-
-  if (token !== undefined) {
-    accessTokenCache.del(token)
-    userHavingToken.del(userId)
-  }
-}
-
-function clearCacheByToken (token: string) {
-  const tokenModel = accessTokenCache.get(token)
-
-  if (tokenModel !== undefined) {
-    userHavingToken.del(tokenModel.userId)
-    accessTokenCache.del(token)
+export type BypassLogin = {
+  bypass: boolean
+  pluginName: string
+  authName?: string
+  user: {
+    username: string
+    email: string
+    displayName: string
+    role: UserRole
   }
 }
 
@@ -54,15 +41,12 @@ async function getAccessToken (bearerToken: string) {
 
   let tokenModel: MOAuthTokenUser
 
-  if (accessTokenCache.has(bearerToken)) {
-    tokenModel = accessTokenCache.get(bearerToken)
+  if (TokensCache.Instance.hasToken(bearerToken)) {
+    tokenModel = TokensCache.Instance.getByToken(bearerToken)
   } else {
     tokenModel = await OAuthTokenModel.getByTokenAndPopulateUser(bearerToken)
 
-    if (tokenModel) {
-      accessTokenCache.set(bearerToken, tokenModel)
-      userHavingToken.set(tokenModel.userId, tokenModel.accessToken)
-    }
+    if (tokenModel) TokensCache.Instance.setToken(tokenModel)
   }
 
   if (!tokenModel) return undefined
@@ -99,16 +83,13 @@ async function getRefreshToken (refreshToken: string) {
   return tokenInfo
 }
 
-async function getUser (usernameOrEmail?: string, password?: string) {
-  const res: express.Response = this.request.res
-
+async function getUser (usernameOrEmail?: string, password?: string, bypassLogin?: BypassLogin) {
   // Special treatment coming from a plugin
-  if (res.locals.bypassLogin && res.locals.bypassLogin.bypass === true) {
-    const obj = res.locals.bypassLogin
-    logger.info('Bypassing oauth login by plugin %s.', obj.pluginName)
+  if (bypassLogin && bypassLogin.bypass === true) {
+    logger.info('Bypassing oauth login by plugin %s.', bypassLogin.pluginName)
 
-    let user = await UserModel.loadByEmail(obj.user.email)
-    if (!user) user = await createUserFromExternal(obj.pluginName, obj.user)
+    let user = await UserModel.loadByEmail(bypassLogin.user.email)
+    if (!user) user = await createUserFromExternal(bypassLogin.pluginName, bypassLogin.user)
 
     // Cannot create a user
     if (!user) throw new AccessDeniedError('Cannot create such user: an actor with that name already exists.')
@@ -117,7 +98,7 @@ async function getUser (usernameOrEmail?: string, password?: string) {
     // Then we just go through a regular login process
     if (user.pluginAuth !== null) {
       // This user does not belong to this plugin, skip it
-      if (user.pluginAuth !== obj.pluginName) return null
+      if (user.pluginAuth !== bypassLogin.pluginName) return null
 
       checkUserValidityOrThrow(user)
 
@@ -143,18 +124,25 @@ async function getUser (usernameOrEmail?: string, password?: string) {
   return user
 }
 
-async function revokeToken (tokenInfo: { refreshToken: string }): Promise<{ success: boolean, redirectUrl?: string }> {
-  const res: express.Response = this.request.res
+async function revokeToken (
+  tokenInfo: { refreshToken: string },
+  options: {
+    req?: express.Request
+    explicitLogout?: boolean
+  } = {}
+): Promise<{ success: boolean, redirectUrl?: string }> {
+  const { req, explicitLogout } = options
+
   const token = await OAuthTokenModel.getByRefreshTokenAndPopulateUser(tokenInfo.refreshToken)
 
   if (token) {
     let redirectUrl: string
 
-    if (res.locals.explicitLogout === true && token.User.pluginAuth && token.authName) {
-      redirectUrl = await PluginManager.Instance.onLogout(token.User.pluginAuth, token.authName, token.User, this.request)
+    if (explicitLogout === true && token.User.pluginAuth && token.authName) {
+      redirectUrl = await PluginManager.Instance.onLogout(token.User.pluginAuth, token.authName, token.User, req)
     }
 
-    clearCacheByToken(token.accessToken)
+    TokensCache.Instance.clearCacheByToken(token.accessToken)
 
     token.destroy()
          .catch(err => logger.error('Cannot destroy token when revoking token.', { err }))
@@ -165,14 +153,22 @@ async function revokeToken (tokenInfo: { refreshToken: string }): Promise<{ succ
   return { success: false }
 }
 
-async function saveToken (token: TokenInfo, client: OAuthClientModel, user: UserModel) {
-  const res: express.Response = this.request.res
-
+async function saveToken (
+  token: TokenInfo,
+  client: MOAuthClient,
+  user: MUser,
+  options: {
+    refreshTokenAuthName?: string
+    bypassLogin?: BypassLogin
+  } = {}
+) {
+  const { refreshTokenAuthName, bypassLogin } = options
   let authName: string = null
-  if (res.locals.bypassLogin?.bypass === true) {
-    authName = res.locals.bypassLogin.authName
-  } else if (res.locals.refreshTokenAuthName) {
-    authName = res.locals.refreshTokenAuthName
+
+  if (bypassLogin?.bypass === true) {
+    authName = bypassLogin.authName
+  } else if (refreshTokenAuthName) {
+    authName = refreshTokenAuthName
   }
 
   logger.debug('Saving token ' + token.accessToken + ' for client ' + client.id + ' and user ' + user.id + '.')
@@ -199,17 +195,12 @@ async function saveToken (token: TokenInfo, client: OAuthClientModel, user: User
     refreshTokenExpiresAt: tokenCreated.refreshTokenExpiresAt,
     client,
     user,
-    refresh_token_expires_in: Math.floor((tokenCreated.refreshTokenExpiresAt.getTime() - new Date().getTime()) / 1000)
+    accessTokenExpiresIn: buildExpiresIn(tokenCreated.accessTokenExpiresAt),
+    refreshTokenExpiresIn: buildExpiresIn(tokenCreated.refreshTokenExpiresAt)
   }
 }
 
-// ---------------------------------------------------------------------------
-
-// See https://github.com/oauthjs/node-oauth2-server/wiki/Model-specification for the model specifications
 export {
-  deleteUserToken,
-  clearCacheByUserId,
-  clearCacheByToken,
   getAccessToken,
   getClient,
   getRefreshToken,
@@ -218,6 +209,8 @@ export {
   saveToken
 }
 
+// ---------------------------------------------------------------------------
+
 async function createUserFromExternal (pluginAuth: string, options: {
   username: string
   email: string
@@ -252,3 +245,7 @@ async function createUserFromExternal (pluginAuth: string, options: {
 function checkUserValidityOrThrow (user: MUser) {
   if (user.blocked) throw new AccessDeniedError('User is blocked.')
 }
+
+function buildExpiresIn (expiresAt: Date) {
+  return Math.floor((expiresAt.getTime() - new Date().getTime()) / 1000)
+}
diff --git a/server/lib/auth/oauth.ts b/server/lib/auth/oauth.ts
new file mode 100644
index 000000000..5b6130d56
--- /dev/null
+++ b/server/lib/auth/oauth.ts
@@ -0,0 +1,180 @@
+import * as express from 'express'
+import {
+  InvalidClientError,
+  InvalidGrantError,
+  InvalidRequestError,
+  Request,
+  Response,
+  UnauthorizedClientError,
+  UnsupportedGrantTypeError
+} from 'oauth2-server'
+import { randomBytesPromise, sha1 } from '@server/helpers/core-utils'
+import { MOAuthClient } from '@server/types/models'
+import { OAUTH_LIFETIME } from '../../initializers/constants'
+import { BypassLogin, getClient, getRefreshToken, getUser, revokeToken, saveToken } from './oauth-model'
+
+/**
+ *
+ * Reimplement some functions of OAuth2Server to inject external auth methods
+ *
+ */
+
+const oAuthServer = new (require('oauth2-server'))({
+  accessTokenLifetime: OAUTH_LIFETIME.ACCESS_TOKEN,
+  refreshTokenLifetime: OAUTH_LIFETIME.REFRESH_TOKEN,
+
+  // See https://github.com/oauthjs/node-oauth2-server/wiki/Model-specification for the model specifications
+  model: require('./oauth-model')
+})
+
+// ---------------------------------------------------------------------------
+
+async function handleOAuthToken (req: express.Request, options: { refreshTokenAuthName?: string, bypassLogin?: BypassLogin }) {
+  const request = new Request(req)
+  const { refreshTokenAuthName, bypassLogin } = options
+
+  if (request.method !== 'POST') {
+    throw new InvalidRequestError('Invalid request: method must be POST')
+  }
+
+  if (!request.is([ 'application/x-www-form-urlencoded' ])) {
+    throw new InvalidRequestError('Invalid request: content must be application/x-www-form-urlencoded')
+  }
+
+  const clientId = request.body.client_id
+  const clientSecret = request.body.client_secret
+
+  if (!clientId || !clientSecret) {
+    throw new InvalidClientError('Invalid client: cannot retrieve client credentials')
+  }
+
+  const client = await getClient(clientId, clientSecret)
+  if (!client) {
+    throw new InvalidClientError('Invalid client: client is invalid')
+  }
+
+  const grantType = request.body.grant_type
+  if (!grantType) {
+    throw new InvalidRequestError('Missing parameter: `grant_type`')
+  }
+
+  if (![ 'password', 'refresh_token' ].includes(grantType)) {
+    throw new UnsupportedGrantTypeError('Unsupported grant type: `grant_type` is invalid')
+  }
+
+  if (!client.grants.includes(grantType)) {
+    throw new UnauthorizedClientError('Unauthorized client: `grant_type` is invalid')
+  }
+
+  if (grantType === 'password') {
+    return handlePasswordGrant({
+      request,
+      client,
+      bypassLogin
+    })
+  }
+
+  return handleRefreshGrant({
+    request,
+    client,
+    refreshTokenAuthName
+  })
+}
+
+async function handleOAuthAuthenticate (
+  req: express.Request,
+  res: express.Response,
+  authenticateInQuery = false
+) {
+  const options = authenticateInQuery
+    ? { allowBearerTokensInQueryString: true }
+    : {}
+
+  return oAuthServer.authenticate(new Request(req), new Response(res), options)
+}
+
+export {
+  handleOAuthToken,
+  handleOAuthAuthenticate
+}
+
+// ---------------------------------------------------------------------------
+
+async function handlePasswordGrant (options: {
+  request: Request
+  client: MOAuthClient
+  bypassLogin?: BypassLogin
+}) {
+  const { request, client, bypassLogin } = options
+
+  if (!request.body.username) {
+    throw new InvalidRequestError('Missing parameter: `username`')
+  }
+
+  if (!bypassLogin && !request.body.password) {
+    throw new InvalidRequestError('Missing parameter: `password`')
+  }
+
+  const user = await getUser(request.body.username, request.body.password, bypassLogin)
+  if (!user) throw new InvalidGrantError('Invalid grant: user credentials are invalid')
+
+  const token = await buildToken()
+
+  return saveToken(token, client, user, { bypassLogin })
+}
+
+async function handleRefreshGrant (options: {
+  request: Request
+  client: MOAuthClient
+  refreshTokenAuthName: string
+}) {
+  const { request, client, refreshTokenAuthName } = options
+
+  if (!request.body.refresh_token) {
+    throw new InvalidRequestError('Missing parameter: `refresh_token`')
+  }
+
+  const refreshToken = await getRefreshToken(request.body.refresh_token)
+
+  if (!refreshToken) {
+    throw new InvalidGrantError('Invalid grant: refresh token is invalid')
+  }
+
+  if (refreshToken.client.id !== client.id) {
+    throw new InvalidGrantError('Invalid grant: refresh token is invalid')
+  }
+
+  if (refreshToken.refreshTokenExpiresAt && refreshToken.refreshTokenExpiresAt < new Date()) {
+    throw new InvalidGrantError('Invalid grant: refresh token has expired')
+  }
+
+  await revokeToken({ refreshToken: refreshToken.refreshToken })
+
+  const token = await buildToken()
+
+  return saveToken(token, client, refreshToken.user, { refreshTokenAuthName })
+}
+
+function generateRandomToken () {
+  return randomBytesPromise(256)
+    .then(buffer => sha1(buffer))
+}
+
+function getTokenExpiresAt (type: 'access' | 'refresh') {
+  const lifetime = type === 'access'
+    ? OAUTH_LIFETIME.ACCESS_TOKEN
+    : OAUTH_LIFETIME.REFRESH_TOKEN
+
+  return new Date(Date.now() + lifetime * 1000)
+}
+
+async function buildToken () {
+  const [ accessToken, refreshToken ] = await Promise.all([ generateRandomToken(), generateRandomToken() ])
+
+  return {
+    accessToken,
+    refreshToken,
+    accessTokenExpiresAt: getTokenExpiresAt('access'),
+    refreshTokenExpiresAt: getTokenExpiresAt('refresh')
+  }
+}
diff --git a/server/lib/auth/tokens-cache.ts b/server/lib/auth/tokens-cache.ts
new file mode 100644
index 000000000..b027ce69a
--- /dev/null
+++ b/server/lib/auth/tokens-cache.ts
@@ -0,0 +1,52 @@
+import * as LRUCache from 'lru-cache'
+import { MOAuthTokenUser } from '@server/types/models'
+import { LRU_CACHE } from '../../initializers/constants'
+
+export class TokensCache {
+
+  private static instance: TokensCache
+
+  private readonly accessTokenCache = new LRUCache<string, MOAuthTokenUser>({ max: LRU_CACHE.USER_TOKENS.MAX_SIZE })
+  private readonly userHavingToken = new LRUCache<number, string>({ max: LRU_CACHE.USER_TOKENS.MAX_SIZE })
+
+  private constructor () { }
+
+  static get Instance () {
+    return this.instance || (this.instance = new this())
+  }
+
+  hasToken (token: string) {
+    return this.accessTokenCache.has(token)
+  }
+
+  getByToken (token: string) {
+    return this.accessTokenCache.get(token)
+  }
+
+  setToken (token: MOAuthTokenUser) {
+    this.accessTokenCache.set(token.accessToken, token)
+    this.userHavingToken.set(token.userId, token.accessToken)
+  }
+
+  deleteUserToken (userId: number) {
+    this.clearCacheByUserId(userId)
+  }
+
+  clearCacheByUserId (userId: number) {
+    const token = this.userHavingToken.get(userId)
+
+    if (token !== undefined) {
+      this.accessTokenCache.del(token)
+      this.userHavingToken.del(userId)
+    }
+  }
+
+  clearCacheByToken (token: string) {
+    const tokenModel = this.accessTokenCache.get(token)
+
+    if (tokenModel !== undefined) {
+      this.userHavingToken.del(tokenModel.userId)
+      this.accessTokenCache.del(token)
+    }
+  }
+}
diff --git a/server/lib/emailer.ts b/server/lib/emailer.ts
index 969eae77b..ce4134d59 100644
--- a/server/lib/emailer.ts
+++ b/server/lib/emailer.ts
@@ -7,12 +7,12 @@ import { MVideoBlacklistLightVideo, MVideoBlacklistVideo } from '@server/types/m
 import { MVideoImport, MVideoImportVideo } from '@server/types/models/video/video-import'
 import { SANITIZE_OPTIONS, TEXT_WITH_HTML_RULES } from '@shared/core-utils'
 import { AbuseState, EmailPayload, UserAbuse } from '@shared/models'
-import { SendEmailOptions } from '../../shared/models/server/emailer.model'
+import { SendEmailDefaultOptions } from '../../shared/models/server/emailer.model'
 import { isTestInstance, root } from '../helpers/core-utils'
 import { bunyanLogger, logger } from '../helpers/logger'
 import { CONFIG, isEmailEnabled } from '../initializers/config'
 import { WEBSERVER } from '../initializers/constants'
-import { MAbuseFull, MAbuseMessage, MAccountDefault, MActorFollowActors, MActorFollowFull, MUser } from '../types/models'
+import { MAbuseFull, MAbuseMessage, MAccountDefault, MActorFollowActors, MActorFollowFull, MPlugin, MUser } from '../types/models'
 import { MCommentOwnerVideo, MVideo, MVideoAccountLight } from '../types/models/video'
 import { JobQueue } from './job-queue'
 
@@ -403,7 +403,7 @@ class Emailer {
   }
 
   async addVideoAutoBlacklistModeratorsNotification (to: string[], videoBlacklist: MVideoBlacklistLightVideo) {
-    const VIDEO_AUTO_BLACKLIST_URL = WEBSERVER.URL + '/admin/moderation/video-auto-blacklist/list'
+    const videoAutoBlacklistUrl = WEBSERVER.URL + '/admin/moderation/video-auto-blacklist/list'
     const videoUrl = WEBSERVER.URL + videoBlacklist.Video.getWatchStaticPath()
     const channel = (await VideoChannelModel.loadByIdAndPopulateAccount(videoBlacklist.Video.channelId)).toFormattedSummaryJSON()
 
@@ -417,7 +417,7 @@ class Emailer {
         videoName: videoBlacklist.Video.name,
         action: {
           text: 'Review autoblacklist',
-          url: VIDEO_AUTO_BLACKLIST_URL
+          url: videoAutoBlacklistUrl
         }
       }
     }
@@ -472,6 +472,36 @@ class Emailer {
     return JobQueue.Instance.createJob({ type: 'email', payload: emailPayload })
   }
 
+  addNewPeerTubeVersionNotification (to: string[], latestVersion: string) {
+    const emailPayload: EmailPayload = {
+      to,
+      template: 'peertube-version-new',
+      subject: `A new PeerTube version is available: ${latestVersion}`,
+      locals: {
+        latestVersion
+      }
+    }
+
+    return JobQueue.Instance.createJob({ type: 'email', payload: emailPayload })
+  }
+
+  addNewPlugionVersionNotification (to: string[], plugin: MPlugin) {
+    const pluginUrl = WEBSERVER.URL + '/admin/plugins/list-installed?pluginType=' + plugin.type
+
+    const emailPayload: EmailPayload = {
+      to,
+      template: 'plugin-version-new',
+      subject: `A new plugin/theme version is available: ${plugin.name}@${plugin.latestVersion}`,
+      locals: {
+        pluginName: plugin.name,
+        latestVersion: plugin.latestVersion,
+        pluginUrl
+      }
+    }
+
+    return JobQueue.Instance.createJob({ type: 'email', payload: emailPayload })
+  }
+
   addPasswordResetEmailJob (username: string, to: string, resetPasswordUrl: string) {
     const emailPayload: EmailPayload = {
       template: 'password-reset',
@@ -569,26 +599,27 @@ class Emailer {
     })
 
     for (const to of options.to) {
-      await email
-        .send(merge(
-          {
-            template: 'common',
-            message: {
-              to,
-              from: options.from,
-              subject: options.subject,
-              replyTo: options.replyTo
-            },
-            locals: { // default variables available in all templates
-              WEBSERVER,
-              EMAIL: CONFIG.EMAIL,
-              instanceName: CONFIG.INSTANCE.NAME,
-              text: options.text,
-              subject: options.subject
-            }
-          },
-          options // overriden/new variables given for a specific template in the payload
-        ) as SendEmailOptions)
+      const baseOptions: SendEmailDefaultOptions = {
+        template: 'common',
+        message: {
+          to,
+          from: options.from,
+          subject: options.subject,
+          replyTo: options.replyTo
+        },
+        locals: { // default variables available in all templates
+          WEBSERVER,
+          EMAIL: CONFIG.EMAIL,
+          instanceName: CONFIG.INSTANCE.NAME,
+          text: options.text,
+          subject: options.subject
+        }
+      }
+
+      // overriden/new variables given for a specific template in the payload
+      const sendOptions = merge(baseOptions, options)
+
+      await email.send(sendOptions)
         .then(res => logger.debug('Sent email.', { res }))
         .catch(err => logger.error('Error in email sender.', { err }))
     }
diff --git a/server/lib/emails/peertube-version-new/html.pug b/server/lib/emails/peertube-version-new/html.pug
new file mode 100644
index 000000000..2f4d9399d
--- /dev/null
+++ b/server/lib/emails/peertube-version-new/html.pug
@@ -0,0 +1,9 @@
+extends ../common/greetings
+
+block title
+  | New PeerTube version available
+
+block content
+  p
+    | A new version of PeerTube is available: #{latestVersion}.
+    | You can check the latest news on #[a(href="https://joinpeertube.org/news") JoinPeerTube].
diff --git a/server/lib/emails/plugin-version-new/html.pug b/server/lib/emails/plugin-version-new/html.pug
new file mode 100644
index 000000000..86d3d87e8
--- /dev/null
+++ b/server/lib/emails/plugin-version-new/html.pug
@@ -0,0 +1,9 @@
+extends ../common/greetings
+
+block title
+  | New plugin version available
+
+block content
+  p
+    | A new version of the plugin/theme #{pluginName} is available: #{latestVersion}.
+    | You might want to upgrade it on #[a(href=pluginUrl) the PeerTube admin interface].
diff --git a/server/lib/files-cache/videos-caption-cache.ts b/server/lib/files-cache/videos-caption-cache.ts
index ee0447010..58e2260b6 100644
--- a/server/lib/files-cache/videos-caption-cache.ts
+++ b/server/lib/files-cache/videos-caption-cache.ts
@@ -41,7 +41,7 @@ class VideosCaptionCache extends AbstractVideoStaticFileCache <string> {
     const remoteUrl = videoCaption.getFileUrl(video)
     const destPath = join(FILES_CACHE.VIDEO_CAPTIONS.DIRECTORY, videoCaption.filename)
 
-    await doRequestAndSaveToFile({ uri: remoteUrl }, destPath)
+    await doRequestAndSaveToFile(remoteUrl, destPath)
 
     return { isOwned: false, path: destPath }
   }
diff --git a/server/lib/files-cache/videos-preview-cache.ts b/server/lib/files-cache/videos-preview-cache.ts
index ee72cd3f9..dd3a84aca 100644
--- a/server/lib/files-cache/videos-preview-cache.ts
+++ b/server/lib/files-cache/videos-preview-cache.ts
@@ -39,7 +39,7 @@ class VideosPreviewCache extends AbstractVideoStaticFileCache <string> {
     const destPath = join(FILES_CACHE.PREVIEWS.DIRECTORY, preview.filename)
 
     const remoteUrl = preview.getFileUrl(video)
-    await doRequestAndSaveToFile({ uri: remoteUrl }, destPath)
+    await doRequestAndSaveToFile(remoteUrl, destPath)
 
     logger.debug('Fetched remote preview %s to %s.', remoteUrl, destPath)
 
diff --git a/server/lib/files-cache/videos-torrent-cache.ts b/server/lib/files-cache/videos-torrent-cache.ts
index ca0e1770d..23217f140 100644
--- a/server/lib/files-cache/videos-torrent-cache.ts
+++ b/server/lib/files-cache/videos-torrent-cache.ts
@@ -5,6 +5,7 @@ import { CONFIG } from '../../initializers/config'
 import { FILES_CACHE } from '../../initializers/constants'
 import { VideoModel } from '../../models/video/video'
 import { AbstractVideoStaticFileCache } from './abstract-video-static-file-cache'
+import { MVideo, MVideoFile } from '@server/types/models'
 
 class VideosTorrentCache extends AbstractVideoStaticFileCache <string> {
 
@@ -22,7 +23,11 @@ class VideosTorrentCache extends AbstractVideoStaticFileCache <string> {
     const file = await VideoFileModel.loadWithVideoOrPlaylistByTorrentFilename(filename)
     if (!file) return undefined
 
-    if (file.getVideo().isOwned()) return { isOwned: true, path: join(CONFIG.STORAGE.TORRENTS_DIR, file.torrentFilename) }
+    if (file.getVideo().isOwned()) {
+      const downloadName = this.buildDownloadName(file.getVideo(), file)
+
+      return { isOwned: true, path: join(CONFIG.STORAGE.TORRENTS_DIR, file.torrentFilename), downloadName }
+    }
 
     return this.loadRemoteFile(filename)
   }
@@ -41,12 +46,16 @@ class VideosTorrentCache extends AbstractVideoStaticFileCache <string> {
     const remoteUrl = file.getRemoteTorrentUrl(video)
     const destPath = join(FILES_CACHE.TORRENTS.DIRECTORY, file.torrentFilename)
 
-    await doRequestAndSaveToFile({ uri: remoteUrl }, destPath)
+    await doRequestAndSaveToFile(remoteUrl, destPath)
 
-    const downloadName = `${video.name}-${file.resolution}p.torrent`
+    const downloadName = this.buildDownloadName(video, file)
 
     return { isOwned: false, path: destPath, downloadName }
   }
+
+  private buildDownloadName (video: MVideo, file: MVideoFile) {
+    return `${video.name}-${file.resolution}p.torrent`
+  }
 }
 
 export {
diff --git a/server/lib/hls.ts b/server/lib/hls.ts
index 04187668c..84539e2c1 100644
--- a/server/lib/hls.ts
+++ b/server/lib/hls.ts
@@ -135,7 +135,7 @@ function downloadPlaylistSegments (playlistUrl: string, destinationDir: string,
         const destPath = join(tmpDirectory, basename(fileUrl))
 
         const bodyKBLimit = 10 * 1000 * 1000 // 10GB
-        await doRequestAndSaveToFile({ uri: fileUrl }, destPath, bodyKBLimit)
+        await doRequestAndSaveToFile(fileUrl, destPath, { bodyKBLimit })
       }
 
       clearTimeout(timer)
@@ -156,7 +156,7 @@ function downloadPlaylistSegments (playlistUrl: string, destinationDir: string,
   }
 
   async function fetchUniqUrls (playlistUrl: string) {
-    const { body } = await doRequest<string>({ uri: playlistUrl })
+    const { body } = await doRequest(playlistUrl)
 
     if (!body) return []
 
diff --git a/server/lib/job-queue/handlers/activitypub-cleaner.ts b/server/lib/job-queue/handlers/activitypub-cleaner.ts
index b58bbc983..1caca1dcc 100644
--- a/server/lib/job-queue/handlers/activitypub-cleaner.ts
+++ b/server/lib/job-queue/handlers/activitypub-cleaner.ts
@@ -1,10 +1,13 @@
 import * as Bluebird from 'bluebird'
 import * as Bull from 'bull'
 import { checkUrlsSameHost } from '@server/helpers/activitypub'
-import { isDislikeActivityValid, isLikeActivityValid } from '@server/helpers/custom-validators/activitypub/rate'
-import { isShareActivityValid } from '@server/helpers/custom-validators/activitypub/share'
+import {
+  isAnnounceActivityValid,
+  isDislikeActivityValid,
+  isLikeActivityValid
+} from '@server/helpers/custom-validators/activitypub/activity'
 import { sanitizeAndCheckVideoCommentObject } from '@server/helpers/custom-validators/activitypub/video-comments'
-import { doRequest } from '@server/helpers/requests'
+import { doJSONRequest, PeerTubeRequestError } from '@server/helpers/requests'
 import { AP_CLEANER_CONCURRENCY } from '@server/initializers/constants'
 import { VideoModel } from '@server/models/video/video'
 import { VideoCommentModel } from '@server/models/video/video-comment'
@@ -78,44 +81,44 @@ async function updateObjectIfNeeded <T> (
   updater: (url: string, newUrl: string) => Promise<T>,
   deleter: (url: string) => Promise<T>
 ): Promise<{ data: T, status: 'deleted' | 'updated' } | null> {
-  // Fetch url
-  const { response, body } = await doRequest<any>({
-    uri: url,
-    json: true,
-    activityPub: true
-  })
-
-  // Does not exist anymore, remove entry
-  if (response.statusCode === HttpStatusCode.NOT_FOUND_404) {
+  const on404OrTombstone = async () => {
     logger.info('Removing remote AP object %s.', url)
     const data = await deleter(url)
 
-    return { status: 'deleted', data }
+    return { status: 'deleted' as 'deleted', data }
   }
 
-  // If not same id, check same host and update
-  if (!body || !body.id || !bodyValidator(body)) throw new Error(`Body or body id of ${url} is invalid`)
+  try {
+    const { body } = await doJSONRequest<any>(url, { activityPub: true })
 
-  if (body.type === 'Tombstone') {
-    logger.info('Removing remote AP object %s.', url)
-    const data = await deleter(url)
+    // If not same id, check same host and update
+    if (!body || !body.id || !bodyValidator(body)) throw new Error(`Body or body id of ${url} is invalid`)
 
-    return { status: 'deleted', data }
-  }
+    if (body.type === 'Tombstone') {
+      return on404OrTombstone()
+    }
 
-  const newUrl = body.id
-  if (newUrl !== url) {
-    if (checkUrlsSameHost(newUrl, url) !== true) {
-      throw new Error(`New url ${newUrl} has not the same host than old url ${url}`)
+    const newUrl = body.id
+    if (newUrl !== url) {
+      if (checkUrlsSameHost(newUrl, url) !== true) {
+        throw new Error(`New url ${newUrl} has not the same host than old url ${url}`)
+      }
+
+      logger.info('Updating remote AP object %s.', url)
+      const data = await updater(url, newUrl)
+
+      return { status: 'updated', data }
     }
 
-    logger.info('Updating remote AP object %s.', url)
-    const data = await updater(url, newUrl)
+    return null
+  } catch (err) {
+    // Does not exist anymore, remove entry
+    if ((err as PeerTubeRequestError).statusCode === HttpStatusCode.NOT_FOUND_404) {
+      return on404OrTombstone()
+    }
 
-    return { status: 'updated', data }
+    throw err
   }
-
-  return null
 }
 
 function rateOptionsFactory () {
@@ -149,7 +152,7 @@ function rateOptionsFactory () {
 
 function shareOptionsFactory () {
   return {
-    bodyValidator: (body: any) => isShareActivityValid(body),
+    bodyValidator: (body: any) => isAnnounceActivityValid(body),
 
     updater: async (url: string, newUrl: string) => {
       const share = await VideoShareModel.loadByUrl(url, undefined)
diff --git a/server/lib/job-queue/handlers/activitypub-http-broadcast.ts b/server/lib/job-queue/handlers/activitypub-http-broadcast.ts
index 7174786d6..c69ff9e83 100644
--- a/server/lib/job-queue/handlers/activitypub-http-broadcast.ts
+++ b/server/lib/job-queue/handlers/activitypub-http-broadcast.ts
@@ -16,8 +16,7 @@ async function processActivityPubHttpBroadcast (job: Bull.Job) {
   const httpSignatureOptions = await buildSignedRequestOptions(payload)
 
   const options = {
-    method: 'POST',
-    uri: '',
+    method: 'POST' as 'POST',
     json: body,
     httpSignature: httpSignatureOptions,
     timeout: REQUEST_TIMEOUT,
@@ -28,7 +27,7 @@ async function processActivityPubHttpBroadcast (job: Bull.Job) {
   const goodUrls: string[] = []
 
   await Bluebird.map(payload.uris, uri => {
-    return doRequest(Object.assign({}, options, { uri }))
+    return doRequest(uri, options)
       .then(() => goodUrls.push(uri))
       .catch(() => badUrls.push(uri))
   }, { concurrency: BROADCAST_CONCURRENCY })
diff --git a/server/lib/job-queue/handlers/activitypub-http-unicast.ts b/server/lib/job-queue/handlers/activitypub-http-unicast.ts
index 74989d62e..585dad671 100644
--- a/server/lib/job-queue/handlers/activitypub-http-unicast.ts
+++ b/server/lib/job-queue/handlers/activitypub-http-unicast.ts
@@ -16,8 +16,7 @@ async function processActivityPubHttpUnicast (job: Bull.Job) {
   const httpSignatureOptions = await buildSignedRequestOptions(payload)
 
   const options = {
-    method: 'POST',
-    uri,
+    method: 'POST' as 'POST',
     json: body,
     httpSignature: httpSignatureOptions,
     timeout: REQUEST_TIMEOUT,
@@ -25,7 +24,7 @@ async function processActivityPubHttpUnicast (job: Bull.Job) {
   }
 
   try {
-    await doRequest(options)
+    await doRequest(uri, options)
     ActorFollowScoreCache.Instance.updateActorFollowsScore([ uri ], [])
   } catch (err) {
     ActorFollowScoreCache.Instance.updateActorFollowsScore([], [ uri ])
diff --git a/server/lib/job-queue/handlers/utils/activitypub-http-utils.ts b/server/lib/job-queue/handlers/utils/activitypub-http-utils.ts
index c030d31ef..e8a91450d 100644
--- a/server/lib/job-queue/handlers/utils/activitypub-http-utils.ts
+++ b/server/lib/job-queue/handlers/utils/activitypub-http-utils.ts
@@ -6,21 +6,24 @@ import { getServerActor } from '@server/models/application/application'
 import { buildDigest } from '@server/helpers/peertube-crypto'
 import { ContextType } from '@shared/models/activitypub/context'
 
-type Payload = { body: any, contextType?: ContextType, signatureActorId?: number }
+type Payload <T> = { body: T, contextType?: ContextType, signatureActorId?: number }
 
-async function computeBody (payload: Payload) {
+async function computeBody <T> (
+  payload: Payload<T>
+): Promise<T | T & { type: 'RsaSignature2017', creator: string, created: string }> {
   let body = payload.body
 
   if (payload.signatureActorId) {
     const actorSignature = await ActorModel.load(payload.signatureActorId)
     if (!actorSignature) throw new Error('Unknown signature actor id.')
+
     body = await buildSignedActivity(actorSignature, payload.body, payload.contextType)
   }
 
   return body
 }
 
-async function buildSignedRequestOptions (payload: Payload) {
+async function buildSignedRequestOptions (payload: Payload<any>) {
   let actor: MActor | null
 
   if (payload.signatureActorId) {
@@ -43,9 +46,9 @@ async function buildSignedRequestOptions (payload: Payload) {
 
 function buildGlobalHeaders (body: any) {
   return {
-    'Digest': buildDigest(body),
-    'Content-Type': 'application/activity+json',
-    'Accept': ACTIVITY_PUB.ACCEPT_HEADER
+    'digest': buildDigest(body),
+    'content-type': 'application/activity+json',
+    'accept': ACTIVITY_PUB.ACCEPT_HEADER
   }
 }
 
diff --git a/server/lib/notifier.ts b/server/lib/notifier.ts
index 740c274d7..da7f7cc05 100644
--- a/server/lib/notifier.ts
+++ b/server/lib/notifier.ts
@@ -19,7 +19,7 @@ import { CONFIG } from '../initializers/config'
 import { AccountBlocklistModel } from '../models/account/account-blocklist'
 import { UserModel } from '../models/account/user'
 import { UserNotificationModel } from '../models/account/user-notification'
-import { MAbuseFull, MAbuseMessage, MAccountServer, MActorFollowFull } from '../types/models'
+import { MAbuseFull, MAbuseMessage, MAccountServer, MActorFollowFull, MApplication, MPlugin } from '../types/models'
 import { MCommentOwnerVideo, MVideoAccountLight, MVideoFullLight } from '../types/models/video'
 import { isBlockedByServerOrAccount } from './blocklist'
 import { Emailer } from './emailer'
@@ -144,6 +144,20 @@ class Notifier {
       })
   }
 
+  notifyOfNewPeerTubeVersion (application: MApplication, latestVersion: string) {
+    this.notifyAdminsOfNewPeerTubeVersion(application, latestVersion)
+      .catch(err => {
+        logger.error('Cannot notify on new PeerTubeb version %s.', latestVersion, { err })
+      })
+  }
+
+  notifyOfNewPluginVersion (plugin: MPlugin) {
+    this.notifyAdminsOfNewPluginVersion(plugin)
+      .catch(err => {
+        logger.error('Cannot notify on new plugin version %s.', plugin.name, { err })
+      })
+  }
+
   private async notifySubscribersOfNewVideo (video: MVideoAccountLight) {
     // List all followers that are users
     const users = await UserModel.listUserSubscribersOf(video.VideoChannel.actorId)
@@ -667,6 +681,64 @@ class Notifier {
     return this.notify({ users: moderators, settingGetter, notificationCreator, emailSender })
   }
 
+  private async notifyAdminsOfNewPeerTubeVersion (application: MApplication, latestVersion: string) {
+    // Use the debug right to know who is an administrator
+    const admins = await UserModel.listWithRight(UserRight.MANAGE_DEBUG)
+    if (admins.length === 0) return
+
+    logger.info('Notifying %s admins of new PeerTube version %s.', admins.length, latestVersion)
+
+    function settingGetter (user: MUserWithNotificationSetting) {
+      return user.NotificationSetting.newPeerTubeVersion
+    }
+
+    async function notificationCreator (user: MUserWithNotificationSetting) {
+      const notification = await UserNotificationModel.create<UserNotificationModelForApi>({
+        type: UserNotificationType.NEW_PEERTUBE_VERSION,
+        userId: user.id,
+        applicationId: application.id
+      })
+      notification.Application = application
+
+      return notification
+    }
+
+    function emailSender (emails: string[]) {
+      return Emailer.Instance.addNewPeerTubeVersionNotification(emails, latestVersion)
+    }
+
+    return this.notify({ users: admins, settingGetter, notificationCreator, emailSender })
+  }
+
+  private async notifyAdminsOfNewPluginVersion (plugin: MPlugin) {
+    // Use the debug right to know who is an administrator
+    const admins = await UserModel.listWithRight(UserRight.MANAGE_DEBUG)
+    if (admins.length === 0) return
+
+    logger.info('Notifying %s admins of new plugin version %s@%s.', admins.length, plugin.name, plugin.latestVersion)
+
+    function settingGetter (user: MUserWithNotificationSetting) {
+      return user.NotificationSetting.newPluginVersion
+    }
+
+    async function notificationCreator (user: MUserWithNotificationSetting) {
+      const notification = await UserNotificationModel.create<UserNotificationModelForApi>({
+        type: UserNotificationType.NEW_PLUGIN_VERSION,
+        userId: user.id,
+        pluginId: plugin.id
+      })
+      notification.Plugin = plugin
+
+      return notification
+    }
+
+    function emailSender (emails: string[]) {
+      return Emailer.Instance.addNewPlugionVersionNotification(emails, plugin)
+    }
+
+    return this.notify({ users: admins, settingGetter, notificationCreator, emailSender })
+  }
+
   private async notify<T extends MUserWithNotificationSetting> (options: {
     users: T[]
     notificationCreator: (user: T) => Promise<UserNotificationModelForApi>
diff --git a/server/lib/plugins/plugin-index.ts b/server/lib/plugins/plugin-index.ts
index 7bcb6ed4c..624f5da1d 100644
--- a/server/lib/plugins/plugin-index.ts
+++ b/server/lib/plugins/plugin-index.ts
@@ -1,22 +1,22 @@
-import { doRequest } from '../../helpers/requests'
-import { CONFIG } from '../../initializers/config'
+import { sanitizeUrl } from '@server/helpers/core-utils'
+import { ResultList } from '../../../shared/models'
+import { PeertubePluginIndexList } from '../../../shared/models/plugins/peertube-plugin-index-list.model'
+import { PeerTubePluginIndex } from '../../../shared/models/plugins/peertube-plugin-index.model'
 import {
   PeertubePluginLatestVersionRequest,
   PeertubePluginLatestVersionResponse
 } from '../../../shared/models/plugins/peertube-plugin-latest-version.model'
-import { PeertubePluginIndexList } from '../../../shared/models/plugins/peertube-plugin-index-list.model'
-import { ResultList } from '../../../shared/models'
-import { PeerTubePluginIndex } from '../../../shared/models/plugins/peertube-plugin-index.model'
-import { PluginModel } from '../../models/server/plugin'
-import { PluginManager } from './plugin-manager'
 import { logger } from '../../helpers/logger'
+import { doJSONRequest } from '../../helpers/requests'
+import { CONFIG } from '../../initializers/config'
 import { PEERTUBE_VERSION } from '../../initializers/constants'
-import { sanitizeUrl } from '@server/helpers/core-utils'
+import { PluginModel } from '../../models/server/plugin'
+import { PluginManager } from './plugin-manager'
 
 async function listAvailablePluginsFromIndex (options: PeertubePluginIndexList) {
   const { start = 0, count = 20, search, sort = 'npmName', pluginType } = options
 
-  const qs: PeertubePluginIndexList = {
+  const searchParams: PeertubePluginIndexList & Record<string, string | number> = {
     start,
     count,
     sort,
@@ -28,7 +28,7 @@ async function listAvailablePluginsFromIndex (options: PeertubePluginIndexList)
   const uri = CONFIG.PLUGINS.INDEX.URL + '/api/v1/plugins'
 
   try {
-    const { body } = await doRequest<any>({ uri, qs, json: true })
+    const { body } = await doJSONRequest<any>(uri, { searchParams })
 
     logger.debug('Got result from PeerTube index.', { body })
 
@@ -58,7 +58,11 @@ async function getLatestPluginsVersion (npmNames: string[]): Promise<PeertubePlu
 
   const uri = sanitizeUrl(CONFIG.PLUGINS.INDEX.URL) + '/api/v1/plugins/latest-version'
 
-  const { body } = await doRequest<any>({ uri, body: bodyRequest, json: true, method: 'POST' })
+  const options = {
+    json: bodyRequest,
+    method: 'POST' as 'POST'
+  }
+  const { body } = await doJSONRequest<PeertubePluginLatestVersionResponse>(uri, options)
 
   return body
 }
diff --git a/server/lib/plugins/register-helpers.ts b/server/lib/plugins/register-helpers.ts
index 1f2a88c27..9b5e1a546 100644
--- a/server/lib/plugins/register-helpers.ts
+++ b/server/lib/plugins/register-helpers.ts
@@ -7,7 +7,7 @@ import {
   VIDEO_PLAYLIST_PRIVACIES,
   VIDEO_PRIVACIES
 } from '@server/initializers/constants'
-import { onExternalUserAuthenticated } from '@server/lib/auth'
+import { onExternalUserAuthenticated } from '@server/lib/auth/external-auth'
 import { PluginModel } from '@server/models/server/plugin'
 import {
   RegisterServerAuthExternalOptions,
diff --git a/server/lib/schedulers/auto-follow-index-instances.ts b/server/lib/schedulers/auto-follow-index-instances.ts
index f62f52f9c..0b8cd1389 100644
--- a/server/lib/schedulers/auto-follow-index-instances.ts
+++ b/server/lib/schedulers/auto-follow-index-instances.ts
@@ -1,5 +1,5 @@
 import { chunk } from 'lodash'
-import { doRequest } from '@server/helpers/requests'
+import { doJSONRequest } from '@server/helpers/requests'
 import { JobQueue } from '@server/lib/job-queue'
 import { ActorFollowModel } from '@server/models/activitypub/actor-follow'
 import { getServerActor } from '@server/models/application/application'
@@ -34,12 +34,12 @@ export class AutoFollowIndexInstances extends AbstractScheduler {
     try {
       const serverActor = await getServerActor()
 
-      const qs = { count: 1000 }
-      if (this.lastCheck) Object.assign(qs, { since: this.lastCheck.toISOString() })
+      const searchParams = { count: 1000 }
+      if (this.lastCheck) Object.assign(searchParams, { since: this.lastCheck.toISOString() })
 
       this.lastCheck = new Date()
 
-      const { body } = await doRequest<any>({ uri: indexUrl, qs, json: true })
+      const { body } = await doJSONRequest<any>(indexUrl, { searchParams })
       if (!body.data || Array.isArray(body.data) === false) {
         logger.error('Cannot auto follow instances of index %s. Please check the auto follow URL.', indexUrl, { body })
         return
diff --git a/server/lib/schedulers/peertube-version-check-scheduler.ts b/server/lib/schedulers/peertube-version-check-scheduler.ts
new file mode 100644
index 000000000..c8960465c
--- /dev/null
+++ b/server/lib/schedulers/peertube-version-check-scheduler.ts
@@ -0,0 +1,55 @@
+
+import { doJSONRequest } from '@server/helpers/requests'
+import { ApplicationModel } from '@server/models/application/application'
+import { compareSemVer } from '@shared/core-utils'
+import { JoinPeerTubeVersions } from '@shared/models'
+import { logger } from '../../helpers/logger'
+import { CONFIG } from '../../initializers/config'
+import { PEERTUBE_VERSION, SCHEDULER_INTERVALS_MS } from '../../initializers/constants'
+import { Notifier } from '../notifier'
+import { AbstractScheduler } from './abstract-scheduler'
+
+export class PeerTubeVersionCheckScheduler extends AbstractScheduler {
+
+  private static instance: AbstractScheduler
+
+  protected schedulerIntervalMs = SCHEDULER_INTERVALS_MS.checkPeerTubeVersion
+
+  private constructor () {
+    super()
+  }
+
+  protected async internalExecute () {
+    return this.checkLatestVersion()
+  }
+
+  private async checkLatestVersion () {
+    if (CONFIG.PEERTUBE.CHECK_LATEST_VERSION.ENABLED === false) return
+
+    logger.info('Checking latest PeerTube version.')
+
+    const { body } = await doJSONRequest<JoinPeerTubeVersions>(CONFIG.PEERTUBE.CHECK_LATEST_VERSION.URL)
+
+    if (!body?.peertube?.latestVersion) {
+      logger.warn('Cannot check latest PeerTube version: body is invalid.', { body })
+      return
+    }
+
+    const latestVersion = body.peertube.latestVersion
+    const application = await ApplicationModel.load()
+
+    // Already checked this version
+    if (application.latestPeerTubeVersion === latestVersion) return
+
+    if (compareSemVer(PEERTUBE_VERSION, latestVersion) < 0) {
+      application.latestPeerTubeVersion = latestVersion
+      await application.save()
+
+      Notifier.Instance.notifyOfNewPeerTubeVersion(application, latestVersion)
+    }
+  }
+
+  static get Instance () {
+    return this.instance || (this.instance = new this())
+  }
+}
diff --git a/server/lib/schedulers/plugins-check-scheduler.ts b/server/lib/schedulers/plugins-check-scheduler.ts
index 014993e94..9a1ae3ec5 100644
--- a/server/lib/schedulers/plugins-check-scheduler.ts
+++ b/server/lib/schedulers/plugins-check-scheduler.ts
@@ -6,6 +6,7 @@ import { PluginModel } from '../../models/server/plugin'
 import { chunk } from 'lodash'
 import { getLatestPluginsVersion } from '../plugins/plugin-index'
 import { compareSemVer } from '../../../shared/core-utils/miscs/miscs'
+import { Notifier } from '../notifier'
 
 export class PluginsCheckScheduler extends AbstractScheduler {
 
@@ -53,6 +54,11 @@ export class PluginsCheckScheduler extends AbstractScheduler {
             plugin.latestVersion = result.latestVersion
             await plugin.save()
 
+            // Notify if there is an higher plugin version available
+            if (compareSemVer(plugin.version, result.latestVersion) < 0) {
+              Notifier.Instance.notifyOfNewPluginVersion(plugin)
+            }
+
             logger.info('Plugin %s has a new latest version %s.', result.npmName, plugin.latestVersion)
           }
         }
diff --git a/server/lib/user.ts b/server/lib/user.ts
index e1892f22c..9b0a0a2f1 100644
--- a/server/lib/user.ts
+++ b/server/lib/user.ts
@@ -193,7 +193,9 @@ function createDefaultUserNotificationSettings (user: MUserId, t: Transaction |
     newInstanceFollower: UserNotificationSettingValue.WEB,
     abuseNewMessage: UserNotificationSettingValue.WEB | UserNotificationSettingValue.EMAIL,
     abuseStateChange: UserNotificationSettingValue.WEB | UserNotificationSettingValue.EMAIL,
-    autoInstanceFollowing: UserNotificationSettingValue.WEB
+    autoInstanceFollowing: UserNotificationSettingValue.WEB,
+    newPeerTubeVersion: UserNotificationSettingValue.WEB | UserNotificationSettingValue.EMAIL,
+    newPluginVersion: UserNotificationSettingValue.WEB
   }
 
   return UserNotificationSettingModel.create(values, { transaction: t })
diff --git a/server/lib/video-blacklist.ts b/server/lib/video-blacklist.ts
index dbb37e0b2..37c43c3b0 100644
--- a/server/lib/video-blacklist.ts
+++ b/server/lib/video-blacklist.ts
@@ -11,7 +11,7 @@ import {
 } from '@server/types/models'
 import { UserRight, VideoBlacklistCreate, VideoBlacklistType } from '../../shared/models'
 import { UserAdminFlag } from '../../shared/models/users/user-flag.model'
-import { logger } from '../helpers/logger'
+import { logger, loggerTagsFactory } from '../helpers/logger'
 import { CONFIG } from '../initializers/config'
 import { VideoBlacklistModel } from '../models/video/video-blacklist'
 import { sendDeleteVideo } from './activitypub/send'
@@ -20,6 +20,8 @@ import { LiveManager } from './live-manager'
 import { Notifier } from './notifier'
 import { Hooks } from './plugins/hooks'
 
+const lTags = loggerTagsFactory('blacklist')
+
 async function autoBlacklistVideoIfNeeded (parameters: {
   video: MVideoWithBlacklistLight
   user?: MUser
@@ -60,7 +62,7 @@ async function autoBlacklistVideoIfNeeded (parameters: {
     })
   }
 
-  logger.info('Video %s auto-blacklisted.', video.uuid)
+  logger.info('Video %s auto-blacklisted.', video.uuid, lTags(video.uuid))
 
   return true
 }