16 files changed, 113 insertions, 109 deletions
diff --git a/server/middlewares/activitypub.ts b/server/middlewares/activitypub.ts
index 6ef90b275..86d3c1d6c 100644
--- a/server/middlewares/activitypub.ts
+++ b/server/middlewares/activitypub.ts
@@ -1,8 +1,7 @@
 import { NextFunction, Request, Response } from 'express'
 import { getAPId } from '@server/helpers/activitypub'
 import { isActorDeleteActivityValid } from '@server/helpers/custom-validators/activitypub/actor'
-import { ActivityDelete, ActivityPubSignature } from '../../shared'
+import { ActivityDelete, ActivityPubSignature, HttpStatusCode } from '@shared/models'
-import { HttpStatusCode } from '../../shared/models/http/http-error-codes'
 import { logger } from '../helpers/logger'
 import { isHTTPSignatureVerified, isJsonLDSignatureVerified, parseHTTPSignature } from '../helpers/peertube-crypto'
 import { ACCEPT_HEADERS, ACTIVITY_PUB, HTTP_SIGNATURE } from '../initializers/constants'
diff --git a/server/middlewares/async.ts b/server/middlewares/async.ts
index 3d6e38809..9d0193536 100644
--- a/server/middlewares/async.ts
+++ b/server/middlewares/async.ts
@@ -1,7 +1,7 @@
 import { eachSeries } from 'async'
 import { NextFunction, Request, RequestHandler, Response } from 'express'
 import { ValidationChain } from 'express-validator'
-import { ExpressPromiseHandler } from '@server/types/express'
+import { ExpressPromiseHandler } from '@server/types/express-handler'
 import { retryTransactionWrapper } from '../helpers/database-utils'
 // Syntactic sugar to avoid try/catch in express controllers
diff --git a/server/middlewares/cache/cache.ts b/server/middlewares/cache/cache.ts
index 48162a0ae..e14160ba8 100644
--- a/server/middlewares/cache/cache.ts
+++ b/server/middlewares/cache/cache.ts
@@ -1,10 +1,6 @@
 import { HttpStatusCode } from '../../../shared/models/http/http-error-codes'
-import { Redis } from '../../lib/redis'
 import { ApiCache, APICacheOptions } from './shared'
-// Ensure Redis is initialized
-Redis.Instance.init()
 const defaultOptions: APICacheOptions = {
  excludeStatus: [
    HttpStatusCode.FORBIDDEN_403,
diff --git a/server/middlewares/cache/shared/api-cache.ts b/server/middlewares/cache/shared/api-cache.ts
index f8846dcfc..86c5095b5 100644
--- a/server/middlewares/cache/shared/api-cache.ts
+++ b/server/middlewares/cache/shared/api-cache.ts
@@ -7,6 +7,7 @@ import { isTestInstance, parseDurationToMs } from '@server/helpers/core-utils'
 import { logger } from '@server/helpers/logger'
 import { Redis } from '@server/lib/redis'
 import { HttpStatusCode } from '@shared/models'
+import { asyncMiddleware } from '@server/middlewares'
 export interface APICacheOptions {
  headerBlacklist?: string[]
@@ -40,24 +41,25 @@ export class ApiCache {
  buildMiddleware (strDuration: string) {
    const duration = parseDurationToMs(strDuration)
-    return (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    return asyncMiddleware(
-      const key = Redis.Instance.getPrefix() + 'api-cache-' + req.originalUrl
+      async (req: express.Request, res: express.Response, next: express.NextFunction) => {
-      const redis = Redis.Instance.getClient()
+        const key = Redis.Instance.getPrefix() + 'api-cache-' + req.originalUrl
+        const redis = Redis.Instance.getClient()
-      if (!redis.connected) return this.makeResponseCacheable(res, next, key, duration)
+        if (!Redis.Instance.isConnected()) return this.makeResponseCacheable(res, next, key, duration)
-      try {
+        try {
-        redis.hgetall(key, (err, obj) => {
+          const obj = await redis.hGetAll(key)
-          if (!err && obj && obj.response) {
+          if (obj?.response) {
            return this.sendCachedResponse(req, res, JSON.parse(obj.response), duration)
          }
          return this.makeResponseCacheable(res, next, key, duration)
-        })
+        } catch (err) {
-      } catch (err) {
+          return this.makeResponseCacheable(res, next, key, duration)
-        return this.makeResponseCacheable(res, next, key, duration)
+        }
      }
-    }
+    )
  }
  private shouldCacheResponse (response: express.Response) {
@@ -93,21 +95,22 @@ export class ApiCache {
    } as CacheObject
  }
-  private cacheResponse (key: string, value: object, duration: number) {
+  private async cacheResponse (key: string, value: object, duration: number) {
    const redis = Redis.Instance.getClient()
-    if (redis.connected) {
+    if (Redis.Instance.isConnected()) {
-      try {
+      await Promise.all([
-        redis.hset(key, 'response', JSON.stringify(value))
+        redis.hSet(key, 'response', JSON.stringify(value)),
-        redis.hset(key, 'duration', duration + '')
+        redis.hSet(key, 'duration', duration + ''),
        redis.expire(key, duration / 1000)
-      } catch (err) {
+      ])
-        logger.error('Cannot set cache in redis.', { err })
-      }
    }
    // add automatic cache clearing from duration, includes max limit on setTimeout
-    this.timers[key] = setTimeout(() => this.clear(key), Math.min(duration, 2147483647))
+    this.timers[key] = setTimeout(() => {
+      this.clear(key)
+        .catch(err => logger.error('Cannot clear Redis key %s.', key, { err }))
+    }, Math.min(duration, 2147483647))
  }
  private accumulateContent (res: express.Response, content: any) {
@@ -184,6 +187,7 @@ export class ApiCache {
            encoding
          )
          self.cacheResponse(key, cacheObject, duration)
+            .catch(err => logger.error('Cannot cache response', { err }))
        }
      }
@@ -235,7 +239,7 @@ export class ApiCache {
    return response.end(data, cacheObject.encoding)
  }
-  private clear (target: string) {
+  private async clear (target: string) {
    const redis = Redis.Instance.getClient()
    if (target) {
@@ -243,7 +247,7 @@ export class ApiCache {
      delete this.timers[target]
      try {
-        redis.del(target)
+        await redis.del(target)
      } catch (err) {
        logger.error('Cannot delete %s in redis cache.', target, { err })
      }
@@ -255,7 +259,7 @@ export class ApiCache {
        delete this.timers[key]
        try {
-          redis.del(key)
+          await redis.del(key)
        } catch (err) {
          logger.error('Cannot delete %s in redis cache.', key, { err })
        }
diff --git a/server/middlewares/error.ts b/server/middlewares/error.ts
index 6c52ce7bd..34c87a26d 100644
--- a/server/middlewares/error.ts
+++ b/server/middlewares/error.ts
@@ -1,5 +1,6 @@
 import express from 'express'
 import { ProblemDocument, ProblemDocumentExtension } from 'http-problem-details'
+import { logger } from '@server/helpers/logger'
 import { HttpStatusCode } from '@shared/models'
 function apiFailMiddleware (req: express.Request, res: express.Response, next: express.NextFunction) {
@@ -18,7 +19,8 @@ function apiFailMiddleware (req: express.Request, res: express.Response, next: e
    res.status(status)
    res.setHeader('Content-Type', 'application/problem+json')
-    res.json(new ProblemDocument({
+    const json = new ProblemDocument({
      status,
      title,
      instance,
@@ -28,7 +30,11 @@ function apiFailMiddleware (req: express.Request, res: express.Response, next: e
      type: type
        ? `https://docs.joinpeertube.org/api-rest-reference.html#section/Errors/${type}`
        : undefined
-    }, extension))
+    }, extension)
+    logger.debug('Bad HTTP request.', { json })
+    res.json(json)
  }
  if (next) next()
diff --git a/server/middlewares/user-right.ts b/server/middlewares/user-right.ts
index ea95b16c2..7d53e8341 100644
--- a/server/middlewares/user-right.ts
+++ b/server/middlewares/user-right.ts
@@ -1,6 +1,5 @@
 import express from 'express'
-import { UserRight } from '../../shared'
+import { HttpStatusCode, UserRight } from '@shared/models'
-import { HttpStatusCode } from '../../shared/models/http/http-error-codes'
 import { logger } from '../helpers/logger'
 function ensureUserHasRight (userRight: UserRight) {
diff --git a/server/middlewares/validators/blocklist.ts b/server/middlewares/validators/blocklist.ts
index b7749e204..12980ced4 100644
--- a/server/middlewares/validators/blocklist.ts
+++ b/server/middlewares/validators/blocklist.ts
@@ -1,8 +1,10 @@
 import express from 'express'
-import { body, param } from 'express-validator'
+import { body, param, query } from 'express-validator'
+import { areValidActorHandles } from '@server/helpers/custom-validators/activitypub/actor'
+import { toArray } from '@server/helpers/custom-validators/misc'
 import { getServerActor } from '@server/models/application/application'
 import { HttpStatusCode } from '../../../shared/models/http/http-error-codes'
-import { isHostValid } from '../../helpers/custom-validators/servers'
+import { isEachUniqueHostValid, isHostValid } from '../../helpers/custom-validators/servers'
 import { logger } from '../../helpers/logger'
 import { WEBSERVER } from '../../initializers/constants'
 import { AccountBlocklistModel } from '../../models/account/account-blocklist'
@@ -123,6 +125,26 @@ const unblockServerByServerValidator = [
  }
 ]
+const blocklistStatusValidator = [
+  query('hosts')
+    .optional()
+    .customSanitizer(toArray)
+    .custom(isEachUniqueHostValid).withMessage('Should have a valid hosts array'),
+  query('accounts')
+    .optional()
+    .customSanitizer(toArray)
+    .custom(areValidActorHandles).withMessage('Should have a valid accounts array'),
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking blocklistStatusValidator parameters', { query: req.query })
+    if (areValidationErrors(req, res)) return
+    return next()
+  }
+]
 // ---------------------------------------------------------------------------
 export {
@@ -131,7 +153,8 @@ export {
  unblockAccountByAccountValidator,
  unblockServerByAccountValidator,
  unblockAccountByServerValidator,
-  unblockServerByServerValidator
+  unblockServerByServerValidator,
+  blocklistStatusValidator
 }
 // ---------------------------------------------------------------------------
diff --git a/server/middlewares/validators/plugins.ts b/server/middlewares/validators/plugins.ts
index 21171af23..c1e9ebefb 100644
--- a/server/middlewares/validators/plugins.ts
+++ b/server/middlewares/validators/plugins.ts
@@ -116,6 +116,9 @@ const installOrUpdatePluginValidator = [
  body('npmName')
    .optional()
    .custom(isNpmPluginNameValid).withMessage('Should have a valid npm name'),
+  body('pluginVersion')
+    .optional()
+    .custom(isPluginVersionValid).withMessage('Should have a valid plugin version'),
  body('path')
    .optional()
    .custom(isSafePath).withMessage('Should have a valid safe path'),
@@ -129,6 +132,9 @@ const installOrUpdatePluginValidator = [
    if (!body.path && !body.npmName) {
      return res.fail({ message: 'Should have either a npmName or a path' })
    }
+    if (body.pluginVersion && !body.npmName) {
+      return res.fail({ message: 'Should have a npmName when specifying a pluginVersion' })
+    }
    return next()
  }
diff --git a/server/middlewares/validators/shared/video-channels.ts b/server/middlewares/validators/shared/video-channels.ts
index 7c0c89267..bed9f5dbe 100644
--- a/server/middlewares/validators/shared/video-channels.ts
+++ b/server/middlewares/validators/shared/video-channels.ts
@@ -3,12 +3,6 @@ import { VideoChannelModel } from '@server/models/video/video-channel'
 import { MChannelBannerAccountDefault } from '@server/types/models'
 import { HttpStatusCode } from '@shared/models'
-async function doesLocalVideoChannelNameExist (name: string, res: express.Response) {
-  const videoChannel = await VideoChannelModel.loadLocalByNameAndPopulateAccount(name)
-  return processVideoChannelExist(videoChannel, res)
-}
 async function doesVideoChannelIdExist (id: number, res: express.Response) {
  const videoChannel = await VideoChannelModel.loadAndPopulateAccount(+id)
@@ -24,7 +18,6 @@ async function doesVideoChannelNameWithHostExist (nameWithDomain: string, res: e
 // ---------------------------------------------------------------------------
 export {
-  doesLocalVideoChannelNameExist,
  doesVideoChannelIdExist,
  doesVideoChannelNameWithHostExist
 }
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index 33b31d54b..bc6007c6d 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -3,7 +3,7 @@ import { body, param, query } from 'express-validator'
 import { omit } from 'lodash'
 import { Hooks } from '@server/lib/plugins/hooks'
 import { MUserDefault } from '@server/types/models'
-import { HttpStatusCode, UserRegister, UserRole } from '@shared/models'
+import { HttpStatusCode, UserRegister, UserRight, UserRole } from '@shared/models'
 import { isBooleanValid, isIdValid, toBooleanOrNull, toIntOrNull } from '../../helpers/custom-validators/misc'
 import { isThemeNameValid } from '../../helpers/custom-validators/plugins'
 import {
@@ -15,6 +15,7 @@ import {
  isUserDisplayNameValid,
  isUserNoModal,
  isUserNSFWPolicyValid,
+  isUserP2PEnabledValid,
  isUserPasswordValid,
  isUserPasswordValidOrEmpty,
  isUserRoleValid,
@@ -239,6 +240,9 @@ const usersUpdateMeValidator = [
  body('autoPlayVideo')
    .optional()
    .custom(isUserAutoPlayVideoValid).withMessage('Should have a valid automatically plays video attribute'),
+  body('p2pEnabled')
+    .optional()
+    .custom(isUserP2PEnabledValid).withMessage('Should have a valid p2p enabled boolean'),
  body('videoLanguages')
    .optional()
    .custom(isUserVideoLanguages).withMessage('Should have a valid video languages attribute'),
@@ -490,14 +494,17 @@ const ensureAuthUserOwnsAccountValidator = [
  }
 ]
-const ensureAuthUserOwnsChannelValidator = [
+const ensureCanManageChannel = [
  (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    const user = res.locals.oauth.token.User
+    const user = res.locals.oauth.token.user
+    const isUserOwner = res.locals.videoChannel.Account.userId === user.id
+    if (!isUserOwner && user.hasRight(UserRight.MANAGE_ANY_VIDEO_CHANNEL) === false) {
+      const message = `User ${user.username} does not have right to manage channel ${req.params.nameWithHost}.`
-    if (res.locals.videoChannel.Account.userId !== user.id) {
      return res.fail({
        status: HttpStatusCode.FORBIDDEN_403,
-        message: 'Only owner of this video channel can access this ressource'
+        message
      })
    }
@@ -542,8 +549,8 @@ export {
  usersVerifyEmailValidator,
  userAutocompleteValidator,
  ensureAuthUserOwnsAccountValidator,
-  ensureAuthUserOwnsChannelValidator,
+  ensureCanManageUser,
-  ensureCanManageUser
+  ensureCanManageChannel
 }
 // ---------------------------------------------------------------------------
diff --git a/server/middlewares/validators/videos/video-captions.ts b/server/middlewares/validators/videos/video-captions.ts
index 4fc4c8ec5..a399871e1 100644
--- a/server/middlewares/validators/videos/video-captions.ts
+++ b/server/middlewares/validators/videos/video-captions.ts
@@ -1,6 +1,6 @@
 import express from 'express'
 import { body, param } from 'express-validator'
-import { HttpStatusCode, UserRight } from '../../../../shared'
+import { HttpStatusCode, UserRight } from '@shared/models'
 import { isVideoCaptionFile, isVideoCaptionLanguageValid } from '../../../helpers/custom-validators/video-captions'
 import { cleanUpReqFiles } from '../../../helpers/express-utils'
 import { logger } from '../../../helpers/logger'
diff --git a/server/middlewares/validators/videos/video-channels.ts b/server/middlewares/validators/videos/video-channels.ts
index edce48c7f..3bfdebbb1 100644
--- a/server/middlewares/validators/videos/video-channels.ts
+++ b/server/middlewares/validators/videos/video-channels.ts
@@ -1,7 +1,7 @@
 import express from 'express'
 import { body, param, query } from 'express-validator'
-import { MChannelAccountDefault, MUser } from '@server/types/models'
+import { CONFIG } from '@server/initializers/config'
-import { UserRight } from '../../../../shared'
+import { MChannelAccountDefault } from '@server/types/models'
 import { HttpStatusCode } from '../../../../shared/models/http/http-error-codes'
 import { isBooleanValid, toBooleanOrNull } from '../../../helpers/custom-validators/misc'
 import {
@@ -13,8 +13,7 @@ import {
 import { logger } from '../../../helpers/logger'
 import { ActorModel } from '../../../models/actor/actor'
 import { VideoChannelModel } from '../../../models/video/video-channel'
-import { areValidationErrors, doesLocalVideoChannelNameExist, doesVideoChannelNameWithHostExist } from '../shared'
+import { areValidationErrors, doesVideoChannelNameWithHostExist } from '../shared'
-import { CONFIG } from '@server/initializers/config'
 const videoChannelsAddValidator = [
  body('name').custom(isVideoChannelUsernameValid).withMessage('Should have a valid channel name'),
@@ -71,16 +70,10 @@ const videoChannelsUpdateValidator = [
 ]
 const videoChannelsRemoveValidator = [
-  param('nameWithHost').exists().withMessage('Should have an video channel name with host'),
  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
    logger.debug('Checking videoChannelsRemove parameters', { parameters: req.params })
-    if (areValidationErrors(req, res)) return
+    if (!await checkVideoChannelIsNotTheLastOne(res.locals.videoChannel, res)) return
-    if (!await doesVideoChannelNameWithHostExist(req.params.nameWithHost, res)) return
-    if (!checkUserCanDeleteVideoChannel(res.locals.oauth.token.User, res.locals.videoChannel, res)) return
-    if (!await checkVideoChannelIsNotTheLastOne(res)) return
    return next()
  }
@@ -100,14 +93,14 @@ const videoChannelsNameWithHostValidator = [
  }
 ]
-const localVideoChannelValidator = [
+const ensureIsLocalChannel = [
-  param('name').custom(isVideoChannelDisplayNameValid).withMessage('Should have a valid video channel name'),
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    if (res.locals.videoChannel.Actor.isOwned() === false) {
-  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+      return res.fail({
-    logger.debug('Checking localVideoChannelValidator parameters', { parameters: req.params })
+        status: HttpStatusCode.FORBIDDEN_403,
+        message: 'This channel is not owned.'
-    if (areValidationErrors(req, res)) return
+      })
-    if (!await doesLocalVideoChannelNameExist(req.params.name, res)) return
+    }
    return next()
  }
@@ -144,38 +137,15 @@ export {
  videoChannelsUpdateValidator,
  videoChannelsRemoveValidator,
  videoChannelsNameWithHostValidator,
+  ensureIsLocalChannel,
  videoChannelsListValidator,
-  localVideoChannelValidator,
  videoChannelStatsValidator
 }
 // ---------------------------------------------------------------------------
-function checkUserCanDeleteVideoChannel (user: MUser, videoChannel: MChannelAccountDefault, res: express.Response) {
+async function checkVideoChannelIsNotTheLastOne (videoChannel: MChannelAccountDefault, res: express.Response) {
-  if (videoChannel.Actor.isOwned() === false) {
+  const count = await VideoChannelModel.countByAccount(videoChannel.Account.id)
-    res.fail({
-      status: HttpStatusCode.FORBIDDEN_403,
-      message: 'Cannot remove video channel of another server.'
-    })
-    return false
-  }
-  // Check if the user can delete the video channel
-  // The user can delete it if s/he is an admin
-  // Or if s/he is the video channel's account
-  if (user.hasRight(UserRight.REMOVE_ANY_VIDEO_CHANNEL) === false && videoChannel.Account.userId !== user.id) {
-    res.fail({
-      status: HttpStatusCode.FORBIDDEN_403,
-      message: 'Cannot remove video channel of another user'
-    })
-    return false
-  }
-  return true
-}
-async function checkVideoChannelIsNotTheLastOne (res: express.Response) {
-  const count = await VideoChannelModel.countByAccount(res.locals.oauth.token.User.Account.id)
  if (count <= 1) {
    res.fail({
diff --git a/server/middlewares/validators/videos/video-comments.ts b/server/middlewares/validators/videos/video-comments.ts
index 3ea8bdcbb..665fb04c8 100644
--- a/server/middlewares/validators/videos/video-comments.ts
+++ b/server/middlewares/validators/videos/video-comments.ts
@@ -1,8 +1,7 @@
 import express from 'express'
 import { body, param, query } from 'express-validator'
 import { MUserAccountUrl } from '@server/types/models'
-import { UserRight } from '../../../../shared'
+import { HttpStatusCode, UserRight } from '@shared/models'
-import { HttpStatusCode } from '../../../../shared/models/http/http-error-codes'
 import { exists, isBooleanValid, isIdValid, toBooleanOrNull } from '../../../helpers/custom-validators/misc'
 import { isValidVideoCommentText } from '../../../helpers/custom-validators/video-comments'
 import { logger } from '../../../helpers/logger'
diff --git a/server/middlewares/validators/videos/video-files.ts b/server/middlewares/validators/videos/video-files.ts
index c1fa77502..35b0ac757 100644
--- a/server/middlewares/validators/videos/video-files.ts
+++ b/server/middlewares/validators/videos/video-files.ts
@@ -1,6 +1,6 @@
 import express from 'express'
 import { MVideo } from '@server/types/models'
-import { HttpStatusCode } from '../../../../shared'
+import { HttpStatusCode } from '@shared/models'
 import { logger } from '../../../helpers/logger'
 import { areValidationErrors, doesVideoExist, isValidVideoIdParam } from '../shared'
diff --git a/server/middlewares/validators/videos/video-playlists.ts b/server/middlewares/validators/videos/video-playlists.ts
index 8f5c75fd5..f5fee845e 100644
--- a/server/middlewares/validators/videos/video-playlists.ts
+++ b/server/middlewares/validators/videos/video-playlists.ts
@@ -1,11 +1,15 @@
 import express from 'express'
 import { body, param, query, ValidationChain } from 'express-validator'
-import { ExpressPromiseHandler } from '@server/types/express'
+import { ExpressPromiseHandler } from '@server/types/express-handler'
 import { MUserAccountId } from '@server/types/models'
-import { UserRight, VideoPlaylistCreate, VideoPlaylistUpdate } from '../../../../shared'
+import {
-import { HttpStatusCode } from '../../../../shared/models/http/http-error-codes'
+  HttpStatusCode,
-import { VideoPlaylistPrivacy } from '../../../../shared/models/videos/playlist/video-playlist-privacy.model'
+  UserRight,
-import { VideoPlaylistType } from '../../../../shared/models/videos/playlist/video-playlist-type.model'
+  VideoPlaylistCreate,
+  VideoPlaylistPrivacy,
+  VideoPlaylistType,
+  VideoPlaylistUpdate
+} from '@shared/models'
 import {
  isArrayOf,
  isIdOrUUIDValid,
diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts
index 782f495e8..3a1a905f3 100644
--- a/server/middlewares/validators/videos/videos.ts
+++ b/server/middlewares/validators/videos/videos.ts
@@ -5,12 +5,10 @@ import { getResumableUploadPath } from '@server/helpers/upload'
 import { Redis } from '@server/lib/redis'
 import { isAbleToUploadVideo } from '@server/lib/user'
 import { getServerActor } from '@server/models/application/application'
-import { ExpressPromiseHandler } from '@server/types/express'
+import { ExpressPromiseHandler } from '@server/types/express-handler'
 import { MUserAccountId, MVideoFullLight } from '@server/types/models'
 import { getAllPrivacies } from '@shared/core-utils'
-import { VideoInclude } from '@shared/models'
+import { HttpStatusCode, ServerErrorCode, UserRight, VideoInclude, VideoPrivacy } from '@shared/models'
-import { ServerErrorCode, UserRight, VideoPrivacy } from '../../../../shared'
-import { HttpStatusCode } from '../../../../shared/models/http/http-error-codes'
 import {
  exists,
  isBooleanValid,