19 files changed, 173 insertions, 87 deletions

diff --git a/server/middlewares/activitypub.ts b/server/middlewares/activitypub.ts
index c6d8466ac..ab7d04d25 100644
--- a/server/middlewares/activitypub.ts
+++ b/server/middlewares/activitypub.ts
@@ -1,10 +1,12 @@
 import { NextFunction, Request, Response } from 'express'
-import { ActivityPubSignature } from '../../shared'
+import { ActivityDelete, ActivityPubSignature } from '../../shared'
 import { logger } from '../helpers/logger'
 import { isHTTPSignatureVerified, isJsonLDSignatureVerified, parseHTTPSignature } from '../helpers/peertube-crypto'
 import { ACCEPT_HEADERS, ACTIVITY_PUB, HTTP_SIGNATURE } from '../initializers/constants'
 import { getOrCreateActorAndServerAndModel } from '../lib/activitypub'
 import { loadActorUrlOrGetFromWebfinger } from '../helpers/webfinger'
+import { isActorDeleteActivityValid } from '@server/helpers/custom-validators/activitypub/actor'
+import { getAPId } from '@server/helpers/activitypub'
 
 async function checkSignature (req: Request, res: Response, next: NextFunction) {
   try {
@@ -15,7 +17,7 @@ async function checkSignature (req: Request, res: Response, next: NextFunction)
 
     // Forwarded activity
     const bodyActor = req.body.actor
-    const bodyActorId = bodyActor && bodyActor.id ? bodyActor.id : bodyActor
+    const bodyActorId = getAPId(bodyActor)
     if (bodyActorId && bodyActorId !== actor.url) {
       const jsonLDSignatureChecked = await checkJsonLDSignature(req, res)
       if (jsonLDSignatureChecked !== true) return
@@ -23,7 +25,13 @@ async function checkSignature (req: Request, res: Response, next: NextFunction)
 
     return next()
   } catch (err) {
-    logger.error('Error in ActivityPub signature checker.', err)
+    const activity: ActivityDelete = req.body
+    if (isActorDeleteActivityValid(activity) && activity.object === activity.actor) {
+      logger.debug('Handling signature error on actor delete activity', { err })
+      return res.sendStatus(204)
+    }
+
+    logger.warn('Error in ActivityPub signature checker.', { err })
     return res.sendStatus(403)
   }
 }
diff --git a/server/middlewares/csp.ts b/server/middlewares/csp.ts
index d11d70790..f5de69603 100644
--- a/server/middlewares/csp.ts
+++ b/server/middlewares/csp.ts
@@ -3,20 +3,20 @@ import { CONFIG } from '../initializers/config'
 
 const baseDirectives = Object.assign({},
   {
-    defaultSrc: ["'none'"], // by default, not specifying default-src = '*'
-    connectSrc: ['*', 'data:'],
-    mediaSrc: ["'self'", 'https:', 'blob:'],
-    fontSrc: ["'self'", 'data:'],
-    imgSrc: ["'self'", 'data:', 'blob:'],
-    scriptSrc: ["'self' 'unsafe-inline' 'unsafe-eval'", 'blob:'],
-    styleSrc: ["'self' 'unsafe-inline'"],
-    objectSrc: ["'none'"], // only define to allow plugins, else let defaultSrc 'none' block it
-    formAction: ["'self'"],
-    frameAncestors: ["'none'"],
-    baseUri: ["'self'"],
-    manifestSrc: ["'self'"],
-    frameSrc: ["'self'"], // instead of deprecated child-src / self because of test-embed
-    workerSrc: ["'self'", 'blob:'] // instead of deprecated child-src
+    defaultSrc: [ '\'none\'' ], // by default, not specifying default-src = '*'
+    connectSrc: [ '*', 'data:' ],
+    mediaSrc: [ '\'self\'', 'https:', 'blob:' ],
+    fontSrc: [ '\'self\'', 'data:' ],
+    imgSrc: [ '\'self\'', 'data:', 'blob:' ],
+    scriptSrc: [ '\'self\' \'unsafe-inline\' \'unsafe-eval\'', 'blob:' ],
+    styleSrc: [ '\'self\' \'unsafe-inline\'' ],
+    objectSrc: [ '\'none\'' ], // only define to allow plugins, else let defaultSrc 'none' block it
+    formAction: [ '\'self\'' ],
+    frameAncestors: [ '\'none\'' ],
+    baseUri: [ '\'self\'' ],
+    manifestSrc: [ '\'self\'' ],
+    frameSrc: [ '\'self\'' ], // instead of deprecated child-src / self because of test-embed
+    workerSrc: [ '\'self\'', 'blob:' ] // instead of deprecated child-src
   },
   CONFIG.CSP.REPORT_URI ? { reportUri: CONFIG.CSP.REPORT_URI } : {},
   CONFIG.WEBSERVER.SCHEME === 'https' ? { upgradeInsecureRequests: true } : {}
@@ -29,7 +29,7 @@ const baseCSP = helmet.contentSecurityPolicy({
 })
 
 const embedCSP = helmet.contentSecurityPolicy({
-  directives: Object.assign({}, baseDirectives, { frameAncestors: ['*'] }),
+  directives: Object.assign({}, baseDirectives, { frameAncestors: [ '*' ] }),
   browserSniff: false, // assumes a modern browser, but allows CDN in front
   reportOnly: CONFIG.CSP.REPORT_ONLY
 })
diff --git a/server/middlewares/dnt.ts b/server/middlewares/dnt.ts
index 607def855..dd88005dd 100644
--- a/server/middlewares/dnt.ts
+++ b/server/middlewares/dnt.ts
@@ -1,6 +1,3 @@
-import * as ipaddr from 'ipaddr.js'
-import { format } from 'util'
-
 const advertiseDoNotTrack = (_, res, next) => {
   res.setHeader('Tk', 'N')
   return next()
diff --git a/server/middlewares/oauth.ts b/server/middlewares/oauth.ts
index 749f5cccd..9eef03bb4 100644
--- a/server/middlewares/oauth.ts
+++ b/server/middlewares/oauth.ts
@@ -51,6 +51,7 @@ function authenticateSocket (socket: Socket, next: (err?: any) => void) {
 
       return next()
     })
+    .catch(err => logger.error('Cannot get access token.', { err }))
 }
 
 function authenticatePromiseIfNeeded (req: express.Request, res: express.Response, authenticateInQuery = false) {
diff --git a/server/middlewares/sort.ts b/server/middlewares/sort.ts
index 8c27e8237..fcbb2902c 100644
--- a/server/middlewares/sort.ts
+++ b/server/middlewares/sort.ts
@@ -1,20 +1,14 @@
 import * as express from 'express'
 import { SortType } from '../models/utils'
 
-function setDefaultSort (req: express.Request, res: express.Response, next: express.NextFunction) {
-  if (!req.query.sort) req.query.sort = '-createdAt'
-
-  return next()
-}
+const setDefaultSort = setDefaultSortFactory('-createdAt')
 
-function setDefaultSearchSort (req: express.Request, res: express.Response, next: express.NextFunction) {
-  if (!req.query.sort) req.query.sort = '-match'
+const setDefaultVideoRedundanciesSort = setDefaultSortFactory('name')
 
-  return next()
-}
+const setDefaultSearchSort = setDefaultSortFactory('-match')
 
 function setBlacklistSort (req: express.Request, res: express.Response, next: express.NextFunction) {
-  let newSort: SortType = { sortModel: undefined, sortValue: '' }
+  const newSort: SortType = { sortModel: undefined, sortValue: '' }
 
   if (!req.query.sort) req.query.sort = '-createdAt'
 
@@ -39,5 +33,16 @@ function setBlacklistSort (req: express.Request, res: express.Response, next: ex
 export {
   setDefaultSort,
   setDefaultSearchSort,
+  setDefaultVideoRedundanciesSort,
   setBlacklistSort
 }
+
+// ---------------------------------------------------------------------------
+
+function setDefaultSortFactory (sort: string) {
+  return (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    if (!req.query.sort) req.query.sort = sort
+
+    return next()
+  }
+}
diff --git a/server/middlewares/validators/avatar.ts b/server/middlewares/validators/avatar.ts
index 8623d07e8..2acb97483 100644
--- a/server/middlewares/validators/avatar.ts
+++ b/server/middlewares/validators/avatar.ts
@@ -8,8 +8,8 @@ import { cleanUpReqFiles } from '../../helpers/express-utils'
 
 const updateAvatarValidator = [
   body('avatarfile').custom((value, { req }) => isAvatarFile(req.files)).withMessage(
-    'This file is not supported or too large. Please, make sure it is of the following type : '
-    + CONSTRAINTS_FIELDS.ACTORS.AVATAR.EXTNAME.join(', ')
+    'This file is not supported or too large. Please, make sure it is of the following type : ' +
+    CONSTRAINTS_FIELDS.ACTORS.AVATAR.EXTNAME.join(', ')
   ),
 
   (req: express.Request, res: express.Response, next: express.NextFunction) => {
diff --git a/server/middlewares/validators/config.ts b/server/middlewares/validators/config.ts
index 2d1f61947..dfa549e76 100644
--- a/server/middlewares/validators/config.ts
+++ b/server/middlewares/validators/config.ts
@@ -3,10 +3,10 @@ import { body } from 'express-validator'
 import { isUserNSFWPolicyValid, isUserVideoQuotaDailyValid, isUserVideoQuotaValid } from '../../helpers/custom-validators/users'
 import { logger } from '../../helpers/logger'
 import { CustomConfig } from '../../../shared/models/server/custom-config.model'
-import { Emailer } from '../../lib/emailer'
 import { areValidationErrors } from './utils'
 import { isThemeNameValid } from '../../helpers/custom-validators/plugins'
 import { isThemeRegistered } from '../../lib/plugins/theme-utils'
+import { isEmailEnabled } from '@server/initializers/config'
 
 const customConfigUpdateValidator = [
   body('instance.name').exists().withMessage('Should have a valid instance name'),
@@ -55,7 +55,7 @@ const customConfigUpdateValidator = [
 
   body('theme.default').custom(v => isThemeNameValid(v) && isThemeRegistered(v)).withMessage('Should have a valid theme'),
 
-  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
     logger.debug('Checking customConfigUpdateValidator parameters', { parameters: req.body })
 
     if (areValidationErrors(req, res)) return
@@ -73,7 +73,7 @@ export {
 }
 
 function checkInvalidConfigIfEmailDisabled (customConfig: CustomConfig, res: express.Response) {
-  if (Emailer.isEnabled()) return true
+  if (isEmailEnabled()) return true
 
   if (customConfig.signup.requiresEmailVerification === true) {
     res.status(400)
diff --git a/server/middlewares/validators/feeds.ts b/server/middlewares/validators/feeds.ts
index 29f6c87be..f34c2b174 100644
--- a/server/middlewares/validators/feeds.ts
+++ b/server/middlewares/validators/feeds.ts
@@ -22,13 +22,13 @@ function setFeedFormatContentType (req: express.Request, res: express.Response,
 
   let acceptableContentTypes: string[]
   if (format === 'atom' || format === 'atom1') {
-    acceptableContentTypes = ['application/atom+xml', 'application/xml', 'text/xml']
+    acceptableContentTypes = [ 'application/atom+xml', 'application/xml', 'text/xml' ]
   } else if (format === 'json' || format === 'json1') {
-    acceptableContentTypes = ['application/json']
+    acceptableContentTypes = [ 'application/json' ]
   } else if (format === 'rss' || format === 'rss2') {
-    acceptableContentTypes = ['application/rss+xml', 'application/xml', 'text/xml']
+    acceptableContentTypes = [ 'application/rss+xml', 'application/xml', 'text/xml' ]
   } else {
-    acceptableContentTypes = ['application/xml', 'text/xml']
+    acceptableContentTypes = [ 'application/xml', 'text/xml' ]
   }
 
   if (req.accepts(acceptableContentTypes)) {
diff --git a/server/middlewares/validators/redundancy.ts b/server/middlewares/validators/redundancy.ts
index 8098e3a44..8cd3bc33d 100644
--- a/server/middlewares/validators/redundancy.ts
+++ b/server/middlewares/validators/redundancy.ts
@@ -1,12 +1,13 @@
 import * as express from 'express'
-import { body, param } from 'express-validator'
-import { exists, isBooleanValid, isIdOrUUIDValid, toBooleanOrNull, toIntOrNull } from '../../helpers/custom-validators/misc'
+import { body, param, query } from 'express-validator'
+import { exists, isBooleanValid, isIdOrUUIDValid, isIdValid, toBooleanOrNull, toIntOrNull } from '../../helpers/custom-validators/misc'
 import { logger } from '../../helpers/logger'
 import { areValidationErrors } from './utils'
 import { VideoRedundancyModel } from '../../models/redundancy/video-redundancy'
 import { isHostValid } from '../../helpers/custom-validators/servers'
 import { ServerModel } from '../../models/server/server'
 import { doesVideoExist } from '../../helpers/middlewares'
+import { isVideoRedundancyTarget } from '@server/helpers/custom-validators/video-redundancies'
 
 const videoFileRedundancyGetValidator = [
   param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'),
@@ -101,10 +102,77 @@ const updateServerRedundancyValidator = [
   }
 ]
 
+const listVideoRedundanciesValidator = [
+  query('target')
+    .custom(isVideoRedundancyTarget).withMessage('Should have a valid video redundancies target'),
+
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking listVideoRedundanciesValidator parameters', { parameters: req.query })
+
+    if (areValidationErrors(req, res)) return
+
+    return next()
+  }
+]
+
+const addVideoRedundancyValidator = [
+  body('videoId')
+    .custom(isIdValid)
+    .withMessage('Should have a valid video id'),
+
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking addVideoRedundancyValidator parameters', { parameters: req.query })
+
+    if (areValidationErrors(req, res)) return
+
+    if (!await doesVideoExist(req.body.videoId, res, 'only-video')) return
+
+    if (res.locals.onlyVideo.remote === false) {
+      return res.status(400)
+        .json({ error: 'Cannot create a redundancy on a local video' })
+        .end()
+    }
+
+    const alreadyExists = await VideoRedundancyModel.isLocalByVideoUUIDExists(res.locals.onlyVideo.uuid)
+    if (alreadyExists) {
+      return res.status(409)
+        .json({ error: 'This video is already duplicated by your instance.' })
+    }
+
+    return next()
+  }
+]
+
+const removeVideoRedundancyValidator = [
+  param('redundancyId')
+    .custom(isIdValid)
+    .withMessage('Should have a valid redundancy id'),
+
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking removeVideoRedundancyValidator parameters', { parameters: req.query })
+
+    if (areValidationErrors(req, res)) return
+
+    const redundancy = await VideoRedundancyModel.loadByIdWithVideo(parseInt(req.params.redundancyId, 10))
+    if (!redundancy) {
+      return res.status(404)
+                .json({ error: 'Video redundancy not found' })
+                .end()
+    }
+
+    res.locals.videoRedundancy = redundancy
+
+    return next()
+  }
+]
+
 // ---------------------------------------------------------------------------
 
 export {
   videoFileRedundancyGetValidator,
   videoPlaylistRedundancyGetValidator,
-  updateServerRedundancyValidator
+  updateServerRedundancyValidator,
+  listVideoRedundanciesValidator,
+  addVideoRedundancyValidator,
+  removeVideoRedundancyValidator
 }
diff --git a/server/middlewares/validators/server.ts b/server/middlewares/validators/server.ts
index f6812647b..6158c3363 100644
--- a/server/middlewares/validators/server.ts
+++ b/server/middlewares/validators/server.ts
@@ -5,9 +5,8 @@ import { isHostValid, isValidContactBody } from '../../helpers/custom-validators
 import { ServerModel } from '../../models/server/server'
 import { body } from 'express-validator'
 import { isUserDisplayNameValid } from '../../helpers/custom-validators/users'
-import { Emailer } from '../../lib/emailer'
 import { Redis } from '../../lib/redis'
-import { CONFIG } from '../../initializers/config'
+import { CONFIG, isEmailEnabled } from '../../initializers/config'
 
 const serverGetValidator = [
   body('host').custom(isHostValid).withMessage('Should have a valid host'),
@@ -50,7 +49,7 @@ const contactAdministratorValidator = [
         .end()
     }
 
-    if (Emailer.isEnabled() === false) {
+    if (isEmailEnabled() === false) {
       return res
         .status(409)
         .send({ error: 'Emailer is not enabled on this instance.' })
diff --git a/server/middlewares/validators/sort.ts b/server/middlewares/validators/sort.ts
index c75e701d6..b76dab722 100644
--- a/server/middlewares/validators/sort.ts
+++ b/server/middlewares/validators/sort.ts
@@ -23,6 +23,7 @@ const SORTABLE_USER_NOTIFICATIONS_COLUMNS = createSortableColumns(SORTABLE_COLUM
 const SORTABLE_VIDEO_PLAYLISTS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.VIDEO_PLAYLISTS)
 const SORTABLE_PLUGINS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.PLUGINS)
 const SORTABLE_AVAILABLE_PLUGINS_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.AVAILABLE_PLUGINS)
+const SORTABLE_VIDEO_REDUNDANCIES_COLUMNS = createSortableColumns(SORTABLE_COLUMNS.VIDEO_REDUNDANCIES)
 
 const usersSortValidator = checkSort(SORTABLE_USERS_COLUMNS)
 const accountsSortValidator = checkSort(SORTABLE_ACCOUNTS_COLUMNS)
@@ -45,6 +46,7 @@ const userNotificationsSortValidator = checkSort(SORTABLE_USER_NOTIFICATIONS_COL
 const videoPlaylistsSortValidator = checkSort(SORTABLE_VIDEO_PLAYLISTS_COLUMNS)
 const pluginsSortValidator = checkSort(SORTABLE_PLUGINS_COLUMNS)
 const availablePluginsSortValidator = checkSort(SORTABLE_AVAILABLE_PLUGINS_COLUMNS)
+const videoRedundanciesSortValidator = checkSort(SORTABLE_VIDEO_REDUNDANCIES_COLUMNS)
 
 // ---------------------------------------------------------------------------
 
@@ -69,5 +71,6 @@ export {
   serversBlocklistSortValidator,
   userNotificationsSortValidator,
   videoPlaylistsSortValidator,
+  videoRedundanciesSortValidator,
   pluginsSortValidator
 }
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index c78c67a8c..adc67a046 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -14,6 +14,7 @@ import {
   isUserDisplayNameValid,
   isUserNSFWPolicyValid,
   isUserPasswordValid,
+  isUserPasswordValidOrEmpty,
   isUserRoleValid,
   isUserUsernameValid,
   isUserVideoLanguages,
@@ -36,11 +37,10 @@ import { doesVideoExist } from '../../helpers/middlewares'
 import { UserRole } from '../../../shared/models/users'
 import { MUserDefault } from '@server/typings/models'
 import { Hooks } from '@server/lib/plugins/hooks'
-import { isLocalVideoAccepted } from '@server/lib/moderation'
 
 const usersAddValidator = [
   body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'),
-  body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
+  body('password').custom(isUserPasswordValidOrEmpty).withMessage('Should have a valid password'),
   body('email').isEmail().withMessage('Should have a valid email'),
   body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
   body('videoQuotaDaily').custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'),
@@ -149,7 +149,7 @@ const usersBlockingValidator = [
 ]
 
 const deleteMeValidator = [
-  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
     const user = res.locals.oauth.token.User
     if (user.username === 'root') {
       return res.status(400)
@@ -303,7 +303,7 @@ const ensureUserRegistrationAllowed = [
 ]
 
 const ensureUserRegistrationAllowedForIP = [
-  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
     const allowed = isSignupAllowedForCurrentIP(req.ip)
 
     if (allowed === false) {
@@ -410,7 +410,7 @@ const userAutocompleteValidator = [
 ]
 
 const ensureAuthUserOwnsAccountValidator = [
-  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
     const user = res.locals.oauth.token.User
 
     if (res.locals.account.id !== user.Account.id) {
diff --git a/server/middlewares/validators/videos/video-captions.ts b/server/middlewares/validators/videos/video-captions.ts
index 7b0cd6f66..872d9c2ab 100644
--- a/server/middlewares/validators/videos/video-captions.ts
+++ b/server/middlewares/validators/videos/video-captions.ts
@@ -13,10 +13,12 @@ const addVideoCaptionValidator = [
   param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid video id'),
   param('captionLanguage').custom(isVideoCaptionLanguageValid).not().isEmpty().withMessage('Should have a valid caption language'),
   body('captionfile')
-    .custom((_, { req }) => isVideoCaptionFile(req.files, 'captionfile')).withMessage(
-    `This caption file is not supported or too large. Please, make sure it is under ${CONSTRAINTS_FIELDS.VIDEO_CAPTIONS.CAPTION_FILE.FILE_SIZE} and one of the following mimetypes: `
-    + Object.keys(MIMETYPES.VIDEO_CAPTIONS.MIMETYPE_EXT).map(key => `${key} (${MIMETYPES.VIDEO_CAPTIONS.MIMETYPE_EXT[key]})`).join(', ')
-  ),
+    .custom((_, { req }) => isVideoCaptionFile(req.files, 'captionfile'))
+    .withMessage(
+      'This caption file is not supported or too large. ' +
+      `Please, make sure it is under ${CONSTRAINTS_FIELDS.VIDEO_CAPTIONS.CAPTION_FILE.FILE_SIZE} and one of the following mimetypes: ` +
+      Object.keys(MIMETYPES.VIDEO_CAPTIONS.MIMETYPE_EXT).map(key => `${key} (${MIMETYPES.VIDEO_CAPTIONS.MIMETYPE_EXT[key]})`).join(', ')
+    ),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
     logger.debug('Checking addVideoCaption parameters', { parameters: req.body })
diff --git a/server/middlewares/validators/videos/video-comments.ts b/server/middlewares/validators/videos/video-comments.ts
index 77c5f940d..da2fafb10 100644
--- a/server/middlewares/validators/videos/video-comments.ts
+++ b/server/middlewares/validators/videos/video-comments.ts
@@ -50,7 +50,7 @@ const addVideoCommentThreadValidator = [
     if (areValidationErrors(req, res)) return
     if (!await doesVideoExist(req.params.videoId, res)) return
     if (!isVideoCommentsEnabled(res.locals.videoAll, res)) return
-    if (!await isVideoCommentAccepted(req, res, res.locals.videoAll,false)) return
+    if (!await isVideoCommentAccepted(req, res, res.locals.videoAll, false)) return
 
     return next()
   }
diff --git a/server/middlewares/validators/videos/video-imports.ts b/server/middlewares/validators/videos/video-imports.ts
index 318dad100..5dc5db533 100644
--- a/server/middlewares/validators/videos/video-imports.ts
+++ b/server/middlewares/validators/videos/video-imports.ts
@@ -22,10 +22,11 @@ const videoImportAddValidator = getCommonVideoEditAttributes().concat([
     .optional()
     .custom(isVideoMagnetUriValid).withMessage('Should have a valid video magnet URI'),
   body('torrentfile')
-    .custom((value, { req }) => isVideoImportTorrentFile(req.files)).withMessage(
-    'This torrent file is not supported or too large. Please, make sure it is of the following type: '
-    + CONSTRAINTS_FIELDS.VIDEO_IMPORTS.TORRENT_FILE.EXTNAME.join(', ')
-  ),
+    .custom((value, { req }) => isVideoImportTorrentFile(req.files))
+    .withMessage(
+      'This torrent file is not supported or too large. Please, make sure it is of the following type: ' +
+      CONSTRAINTS_FIELDS.VIDEO_IMPORTS.TORRENT_FILE.EXTNAME.join(', ')
+    ),
   body('name')
     .optional()
     .custom(isVideoNameValid).withMessage('Should have a valid name'),
diff --git a/server/middlewares/validators/videos/video-playlists.ts b/server/middlewares/validators/videos/video-playlists.ts
index 1d67e8666..6b15c5464 100644
--- a/server/middlewares/validators/videos/video-playlists.ts
+++ b/server/middlewares/validators/videos/video-playlists.ts
@@ -384,10 +384,11 @@ export {
 function getCommonPlaylistEditAttributes () {
   return [
     body('thumbnailfile')
-      .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage(
-      'This thumbnail file is not supported or too large. Please, make sure it is of the following type: '
-      + CONSTRAINTS_FIELDS.VIDEO_PLAYLISTS.IMAGE.EXTNAME.join(', ')
-    ),
+      .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile'))
+      .withMessage(
+        'This thumbnail file is not supported or too large. Please, make sure it is of the following type: ' +
+        CONSTRAINTS_FIELDS.VIDEO_PLAYLISTS.IMAGE.EXTNAME.join(', ')
+      ),
 
     body('description')
       .optional()
diff --git a/server/middlewares/validators/videos/video-rates.ts b/server/middlewares/validators/videos/video-rates.ts
index 4021cfecc..cbc144f69 100644
--- a/server/middlewares/validators/videos/video-rates.ts
+++ b/server/middlewares/validators/videos/video-rates.ts
@@ -24,7 +24,7 @@ const videoUpdateRateValidator = [
   }
 ]
 
-const getAccountVideoRateValidator = function (rateType: VideoRateType) {
+const getAccountVideoRateValidatorFactory = function (rateType: VideoRateType) {
   return [
     param('name').custom(isAccountNameValid).withMessage('Should have a valid account name'),
     param('videoId').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid videoId'),
@@ -51,7 +51,7 @@ const getAccountVideoRateValidator = function (rateType: VideoRateType) {
 const videoRatingValidator = [
   query('rating').optional().custom(isRatingValid).withMessage('Value must be one of "like" or "dislike"'),
 
-  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
     logger.debug('Checking rating parameter', { parameters: req.params })
 
     if (areValidationErrors(req, res)) return
@@ -64,6 +64,6 @@ const videoRatingValidator = [
 
 export {
   videoUpdateRateValidator,
-  getAccountVideoRateValidator,
+  getAccountVideoRateValidatorFactory,
   videoRatingValidator
 }
diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts
index 6733d9dec..a027c4840 100644
--- a/server/middlewares/validators/videos/videos.ts
+++ b/server/middlewares/validators/videos/videos.ts
@@ -49,8 +49,8 @@ import { getVideoWithAttributes } from '../../../helpers/video'
 const videosAddValidator = getCommonVideoEditAttributes().concat([
   body('videofile')
     .custom((value, { req }) => isVideoFile(req.files)).withMessage(
-      'This file is not supported or too large. Please, make sure it is of the following type: '
-      + CONSTRAINTS_FIELDS.VIDEOS.EXTNAME.join(', ')
+      'This file is not supported or too large. Please, make sure it is of the following type: ' +
+      CONSTRAINTS_FIELDS.VIDEOS.EXTNAME.join(', ')
     ),
   body('name').custom(isVideoNameValid).withMessage('Should have a valid name'),
   body('channelId')
@@ -147,7 +147,10 @@ async function checkVideoFollowConstraints (req: express.Request, res: express.R
             })
 }
 
-const videosCustomGetValidator = (fetchType: 'all' | 'only-video' | 'only-video-with-rights', authenticateInQuery = false) => {
+const videosCustomGetValidator = (
+  fetchType: 'all' | 'only-video' | 'only-video-with-rights' | 'only-immutable-attributes',
+  authenticateInQuery = false
+) => {
   return [
     param('id').custom(isIdOrUUIDValid).not().isEmpty().withMessage('Should have a valid id'),
 
@@ -157,6 +160,9 @@ const videosCustomGetValidator = (fetchType: 'all' | 'only-video' | 'only-video-
       if (areValidationErrors(req, res)) return
       if (!await doesVideoExist(req.params.id, res, fetchType)) return
 
+      // Controllers does not need to check video rights
+      if (fetchType === 'only-immutable-attributes') return next()
+
       const video = getVideoWithAttributes(res)
       const videoAll = video as MVideoFullLight
 
@@ -245,19 +251,15 @@ const videosTerminateChangeOwnershipValidator = [
     // Check if the user who did the request is able to change the ownership of the video
     if (!checkUserCanTerminateOwnershipChange(res.locals.oauth.token.User, res.locals.videoChangeOwnership, res)) return
 
-    return next()
-  },
-  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
     const videoChangeOwnership = res.locals.videoChangeOwnership
 
-    if (videoChangeOwnership.status === VideoChangeOwnershipStatus.WAITING) {
-      return next()
-    } else {
+    if (videoChangeOwnership.status !== VideoChangeOwnershipStatus.WAITING) {
       res.status(403)
-        .json({ error: 'Ownership already accepted or refused' })
-
+         .json({ error: 'Ownership already accepted or refused' })
       return
     }
+
+    return next()
   }
 ]
 
@@ -284,14 +286,14 @@ function getCommonVideoEditAttributes () {
   return [
     body('thumbnailfile')
       .custom((value, { req }) => isVideoImage(req.files, 'thumbnailfile')).withMessage(
-      'This thumbnail file is not supported or too large. Please, make sure it is of the following type: '
-      + CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ')
-    ),
+        'This thumbnail file is not supported or too large. Please, make sure it is of the following type: ' +
+        CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ')
+      ),
     body('previewfile')
       .custom((value, { req }) => isVideoImage(req.files, 'previewfile')).withMessage(
-      'This preview file is not supported or too large. Please, make sure it is of the following type: '
-      + CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ')
-    ),
+        'This preview file is not supported or too large. Please, make sure it is of the following type: ' +
+        CONSTRAINTS_FIELDS.VIDEOS.IMAGE.EXTNAME.join(', ')
+      ),
 
     body('category')
       .optional()
diff --git a/server/middlewares/validators/webfinger.ts b/server/middlewares/validators/webfinger.ts
index d50e6527f..5fe864f8b 100644
--- a/server/middlewares/validators/webfinger.ts
+++ b/server/middlewares/validators/webfinger.ts
@@ -18,15 +18,14 @@ const webfingerValidator = [
     const nameWithHost = getHostWithPort(req.query.resource.substr(5))
     const [ name ] = nameWithHost.split('@')
 
-    // FIXME: we don't need the full actor
-    const actor = await ActorModel.loadLocalByName(name)
+    const actor = await ActorModel.loadLocalUrlByName(name)
     if (!actor) {
       return res.status(404)
         .send({ error: 'Actor not found' })
         .end()
     }
 
-    res.locals.actorFull = actor
+    res.locals.actorUrl = actor
     return next()
   }
 ]