98 files changed, 2223 insertions, 842 deletions

diff --git a/server/controllers/api/jobs.ts b/server/controllers/api/jobs.ts
index 861cc22b9..d7cee1605 100644
--- a/server/controllers/api/jobs.ts
+++ b/server/controllers/api/jobs.ts
@@ -9,10 +9,10 @@ import {
   authenticate,
   ensureUserHasRight,
   jobsSortValidator,
+  paginationValidatorBuilder,
   setDefaultPagination,
   setDefaultSort
 } from '../../middlewares'
-import { paginationValidator } from '../../middlewares/validators'
 import { listJobsValidator } from '../../middlewares/validators/jobs'
 
 const jobsRouter = express.Router()
@@ -20,7 +20,7 @@ const jobsRouter = express.Router()
 jobsRouter.get('/:state?',
   authenticate,
   ensureUserHasRight(UserRight.MANAGE_JOBS),
-  paginationValidator,
+  paginationValidatorBuilder([ 'jobs' ]),
   jobsSortValidator,
   setDefaultSort,
   setDefaultPagination,
diff --git a/server/controllers/api/plugins.ts b/server/controllers/api/plugins.ts
index 1c0b5edb1..bb69f25a1 100644
--- a/server/controllers/api/plugins.ts
+++ b/server/controllers/api/plugins.ts
@@ -205,7 +205,6 @@ async function listAvailablePlugins (req: express.Request, res: express.Response
   if (!resultList) {
     return res.status(HttpStatusCode.SERVICE_UNAVAILABLE_503)
       .json({ error: 'Plugin index unavailable. Please retry later' })
-      .end()
   }
 
   return res.json(resultList)
diff --git a/server/controllers/api/search.ts b/server/controllers/api/search.ts
index 7e1b7b230..f0cdf3a89 100644
--- a/server/controllers/api/search.ts
+++ b/server/controllers/api/search.ts
@@ -1,8 +1,9 @@
 import * as express from 'express'
 import { sanitizeUrl } from '@server/helpers/core-utils'
-import { doRequest } from '@server/helpers/requests'
+import { doJSONRequest } from '@server/helpers/requests'
 import { CONFIG } from '@server/initializers/config'
 import { getOrCreateVideoAndAccountAndChannel } from '@server/lib/activitypub/videos'
+import { Hooks } from '@server/lib/plugins/hooks'
 import { AccountBlocklistModel } from '@server/models/account/account-blocklist'
 import { getServerActor } from '@server/models/application/application'
 import { ServerBlocklistModel } from '@server/models/server/server-blocklist'
@@ -22,8 +23,8 @@ import {
   paginationValidator,
   setDefaultPagination,
   setDefaultSearchSort,
-  videoChannelsSearchSortValidator,
   videoChannelsListSearchValidator,
+  videoChannelsSearchSortValidator,
   videosSearchSortValidator,
   videosSearchValidator
 } from '../../middlewares'
@@ -87,16 +88,17 @@ function searchVideoChannels (req: express.Request, res: express.Response) {
 async function searchVideoChannelsIndex (query: VideoChannelsSearchQuery, res: express.Response) {
   const result = await buildMutedForSearchIndex(res)
 
-  const body = Object.assign(query, result)
+  const body = await Hooks.wrapObject(Object.assign(query, result), 'filter:api.search.video-channels.index.list.params')
 
   const url = sanitizeUrl(CONFIG.SEARCH.SEARCH_INDEX.URL) + '/api/v1/search/video-channels'
 
   try {
     logger.debug('Doing video channels search index request on %s.', url, { body })
 
-    const searchIndexResult = await doRequest<ResultList<VideoChannel>>({ uri: url, body, json: true })
+    const { body: searchIndexResult } = await doJSONRequest<ResultList<VideoChannel>>(url, { method: 'POST', json: body })
+    const jsonResult = await Hooks.wrapObject(searchIndexResult, 'filter:api.search.video-channels.index.list.result')
 
-    return res.json(searchIndexResult.body)
+    return res.json(jsonResult)
   } catch (err) {
     logger.warn('Cannot use search index to make video channels search.', { err })
 
@@ -107,14 +109,19 @@ async function searchVideoChannelsIndex (query: VideoChannelsSearchQuery, res: e
 async function searchVideoChannelsDB (query: VideoChannelsSearchQuery, res: express.Response) {
   const serverActor = await getServerActor()
 
-  const options = {
+  const apiOptions = await Hooks.wrapObject({
     actorId: serverActor.id,
     search: query.search,
     start: query.start,
     count: query.count,
     sort: query.sort
-  }
-  const resultList = await VideoChannelModel.searchForApi(options)
+  }, 'filter:api.search.video-channels.local.list.params')
+
+  const resultList = await Hooks.wrapPromiseFun(
+    VideoChannelModel.searchForApi,
+    apiOptions,
+    'filter:api.search.video-channels.local.list.result'
+  )
 
   return res.json(getFormattedObjects(resultList.data, resultList.total))
 }
@@ -168,7 +175,7 @@ function searchVideos (req: express.Request, res: express.Response) {
 async function searchVideosIndex (query: VideosSearchQuery, res: express.Response) {
   const result = await buildMutedForSearchIndex(res)
 
-  const body: VideosSearchQuery = Object.assign(query, result)
+  let body: VideosSearchQuery = Object.assign(query, result)
 
   // Use the default instance NSFW policy if not specified
   if (!body.nsfw) {
@@ -181,14 +188,17 @@ async function searchVideosIndex (query: VideosSearchQuery, res: express.Respons
       : 'both'
   }
 
+  body = await Hooks.wrapObject(body, 'filter:api.search.videos.index.list.params')
+
   const url = sanitizeUrl(CONFIG.SEARCH.SEARCH_INDEX.URL) + '/api/v1/search/videos'
 
   try {
     logger.debug('Doing videos search index request on %s.', url, { body })
 
-    const searchIndexResult = await doRequest<ResultList<Video>>({ uri: url, body, json: true })
+    const { body: searchIndexResult } = await doJSONRequest<ResultList<Video>>(url, { method: 'POST', json: body })
+    const jsonResult = await Hooks.wrapObject(searchIndexResult, 'filter:api.search.videos.index.list.result')
 
-    return res.json(searchIndexResult.body)
+    return res.json(jsonResult)
   } catch (err) {
     logger.warn('Cannot use search index to make video search.', { err })
 
@@ -197,13 +207,18 @@ async function searchVideosIndex (query: VideosSearchQuery, res: express.Respons
 }
 
 async function searchVideosDB (query: VideosSearchQuery, res: express.Response) {
-  const options = Object.assign(query, {
+  const apiOptions = await Hooks.wrapObject(Object.assign(query, {
     includeLocalVideos: true,
     nsfw: buildNSFWFilter(res, query.nsfw),
     filter: query.filter,
     user: res.locals.oauth ? res.locals.oauth.token.User : undefined
-  })
-  const resultList = await VideoModel.searchAndPopulateAccountAndServer(options)
+  }), 'filter:api.search.videos.local.list.params')
+
+  const resultList = await Hooks.wrapPromiseFun(
+    VideoModel.searchAndPopulateAccountAndServer,
+    apiOptions,
+    'filter:api.search.videos.local.list.result'
+  )
 
   return res.json(getFormattedObjects(resultList.data, resultList.total))
 }
diff --git a/server/controllers/api/users/index.ts b/server/controllers/api/users/index.ts
index 3be1d55ae..e2b1ea7cd 100644
--- a/server/controllers/api/users/index.ts
+++ b/server/controllers/api/users/index.ts
@@ -2,8 +2,10 @@ import * as express from 'express'
 import * as RateLimit from 'express-rate-limit'
 import { tokensRouter } from '@server/controllers/api/users/token'
 import { Hooks } from '@server/lib/plugins/hooks'
+import { OAuthTokenModel } from '@server/models/oauth/oauth-token'
 import { MUser, MUserAccountDefault } from '@server/types/models'
 import { UserCreate, UserRight, UserRole, UserUpdate } from '../../../../shared'
+import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes'
 import { UserAdminFlag } from '../../../../shared/models/users/user-flag.model'
 import { UserRegister } from '../../../../shared/models/users/user-register.model'
 import { auditLoggerFactory, getAuditIdFromRes, UserAuditView } from '../../../helpers/audit-logger'
@@ -14,7 +16,6 @@ import { WEBSERVER } from '../../../initializers/constants'
 import { sequelizeTypescript } from '../../../initializers/database'
 import { Emailer } from '../../../lib/emailer'
 import { Notifier } from '../../../lib/notifier'
-import { deleteUserToken } from '../../../lib/oauth-model'
 import { Redis } from '../../../lib/redis'
 import { createUserAccountAndChannelAndPlaylist, sendVerifyUserEmail } from '../../../lib/user'
 import {
@@ -52,7 +53,6 @@ import { myVideosHistoryRouter } from './my-history'
 import { myNotificationsRouter } from './my-notifications'
 import { mySubscriptionsRouter } from './my-subscriptions'
 import { myVideoPlaylistsRouter } from './my-video-playlists'
-import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes'
 
 const auditLogger = auditLoggerFactory('users')
 
@@ -335,7 +335,7 @@ async function updateUser (req: express.Request, res: express.Response) {
   const user = await userToUpdate.save()
 
   // Destroy user token to refresh rights
-  if (roleChanged || body.password !== undefined) await deleteUserToken(userToUpdate.id)
+  if (roleChanged || body.password !== undefined) await OAuthTokenModel.deleteUserToken(userToUpdate.id)
 
   auditLogger.update(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON()), oldUserAuditView)
 
@@ -395,7 +395,7 @@ async function changeUserBlock (res: express.Response, user: MUserAccountDefault
   user.blockedReason = reason || null
 
   await sequelizeTypescript.transaction(async t => {
-    await deleteUserToken(user.id, t)
+    await OAuthTokenModel.deleteUserToken(user.id, t)
 
     await user.save({ transaction: t })
   })
diff --git a/server/controllers/api/users/my-notifications.ts b/server/controllers/api/users/my-notifications.ts
index 5f5e4c5e6..0a9101a46 100644
--- a/server/controllers/api/users/my-notifications.ts
+++ b/server/controllers/api/users/my-notifications.ts
@@ -80,7 +80,9 @@ async function updateNotificationSettings (req: express.Request, res: express.Re
     newInstanceFollower: body.newInstanceFollower,
     autoInstanceFollowing: body.autoInstanceFollowing,
     abuseNewMessage: body.abuseNewMessage,
-    abuseStateChange: body.abuseStateChange
+    abuseStateChange: body.abuseStateChange,
+    newPeerTubeVersion: body.newPeerTubeVersion,
+    newPluginVersion: body.newPluginVersion
   }
 
   await UserNotificationSettingModel.update(values, query)
diff --git a/server/controllers/api/users/token.ts b/server/controllers/api/users/token.ts
index 821429358..694bb0a92 100644
--- a/server/controllers/api/users/token.ts
+++ b/server/controllers/api/users/token.ts
@@ -1,11 +1,14 @@
-import { handleLogin, handleTokenRevocation } from '@server/lib/auth'
+import * as express from 'express'
 import * as RateLimit from 'express-rate-limit'
+import { v4 as uuidv4 } from 'uuid'
+import { logger } from '@server/helpers/logger'
 import { CONFIG } from '@server/initializers/config'
-import * as express from 'express'
+import { getAuthNameFromRefreshGrant, getBypassFromExternalAuth, getBypassFromPasswordGrant } from '@server/lib/auth/external-auth'
+import { handleOAuthToken } from '@server/lib/auth/oauth'
+import { BypassLogin, revokeToken } from '@server/lib/auth/oauth-model'
 import { Hooks } from '@server/lib/plugins/hooks'
 import { asyncMiddleware, authenticate } from '@server/middlewares'
 import { ScopedToken } from '@shared/models/users/user-scoped-token'
-import { v4 as uuidv4 } from 'uuid'
 
 const tokensRouter = express.Router()
 
@@ -16,8 +19,7 @@ const loginRateLimiter = RateLimit({
 
 tokensRouter.post('/token',
   loginRateLimiter,
-  handleLogin,
-  tokenSuccess
+  asyncMiddleware(handleToken)
 )
 
 tokensRouter.post('/revoke-token',
@@ -42,10 +44,53 @@ export {
 }
 // ---------------------------------------------------------------------------
 
-function tokenSuccess (req: express.Request) {
-  const username = req.body.username
+async function handleToken (req: express.Request, res: express.Response, next: express.NextFunction) {
+  const grantType = req.body.grant_type
+
+  try {
+    const bypassLogin = await buildByPassLogin(req, grantType)
+
+    const refreshTokenAuthName = grantType === 'refresh_token'
+      ? await getAuthNameFromRefreshGrant(req.body.refresh_token)
+      : undefined
+
+    const options = {
+      refreshTokenAuthName,
+      bypassLogin
+    }
+
+    const token = await handleOAuthToken(req, options)
+
+    res.set('Cache-Control', 'no-store')
+    res.set('Pragma', 'no-cache')
+
+    Hooks.runAction('action:api.user.oauth2-got-token', { username: token.user.username, ip: req.ip })
+
+    return res.json({
+      token_type: 'Bearer',
 
-  Hooks.runAction('action:api.user.oauth2-got-token', { username, ip: req.ip })
+      access_token: token.accessToken,
+      refresh_token: token.refreshToken,
+
+      expires_in: token.accessTokenExpiresIn,
+      refresh_token_expires_in: token.refreshTokenExpiresIn
+    })
+  } catch (err) {
+    logger.warn('Login error', { err })
+
+    return res.status(err.code || 400).json({
+      code: err.name,
+      error: err.message
+    })
+  }
+}
+
+async function handleTokenRevocation (req: express.Request, res: express.Response) {
+  const token = res.locals.oauth.token
+
+  const result = await revokeToken(token, { req, explicitLogout: true })
+
+  return res.json(result)
 }
 
 function getScopedTokens (req: express.Request, res: express.Response) {
@@ -66,3 +111,14 @@ async function renewScopedTokens (req: express.Request, res: express.Response) {
     feedToken: user.feedToken
   } as ScopedToken)
 }
+
+async function buildByPassLogin (req: express.Request, grantType: string): Promise<BypassLogin> {
+  if (grantType !== 'password') return undefined
+
+  if (req.body.externalAuthToken) {
+    // Consistency with the getBypassFromPasswordGrant promise
+    return getBypassFromExternalAuth(req.body.username, req.body.externalAuthToken)
+  }
+
+  return getBypassFromPasswordGrant(req.body.username, req.body.password)
+}
diff --git a/server/controllers/api/videos/index.ts b/server/controllers/api/videos/index.ts
index 2447c1288..7fee278f2 100644
--- a/server/controllers/api/videos/index.ts
+++ b/server/controllers/api/videos/index.ts
@@ -17,7 +17,7 @@ import { auditLoggerFactory, getAuditIdFromRes, VideoAuditView } from '../../../
 import { resetSequelizeInstance, retryTransactionWrapper } from '../../../helpers/database-utils'
 import { buildNSFWFilter, createReqFiles, getCountVideos } from '../../../helpers/express-utils'
 import { getMetadataFromFile, getVideoFileFPS, getVideoFileResolution } from '../../../helpers/ffprobe-utils'
-import { logger } from '../../../helpers/logger'
+import { logger, loggerTagsFactory } from '../../../helpers/logger'
 import { getFormattedObjects } from '../../../helpers/utils'
 import { CONFIG } from '../../../initializers/config'
 import {
@@ -67,6 +67,7 @@ import { ownershipVideoRouter } from './ownership'
 import { rateVideoRouter } from './rate'
 import { watchingRouter } from './watching'
 
+const lTags = loggerTagsFactory('api', 'video')
 const auditLogger = auditLoggerFactory('videos')
 const videosRouter = express.Router()
 
@@ -257,14 +258,14 @@ async function addVideo (req: express.Request, res: express.Response) {
     })
 
     auditLogger.create(getAuditIdFromRes(res), new VideoAuditView(videoCreated.toFormattedDetailsJSON()))
-    logger.info('Video with name %s and uuid %s created.', videoInfo.name, videoCreated.uuid)
+    logger.info('Video with name %s and uuid %s created.', videoInfo.name, videoCreated.uuid, lTags(videoCreated.uuid))
 
     return { videoCreated }
   })
 
   // Create the torrent file in async way because it could be long
   createTorrentAndSetInfoHashAsync(video, videoFile)
-    .catch(err => logger.error('Cannot create torrent file for video %s', video.url, { err }))
+    .catch(err => logger.error('Cannot create torrent file for video %s', video.url, { err, ...lTags(video.uuid) }))
     .then(() => VideoModel.loadAndPopulateAccountAndServerAndTags(video.id))
     .then(refreshedVideo => {
       if (!refreshedVideo) return
@@ -276,7 +277,7 @@ async function addVideo (req: express.Request, res: express.Response) {
         return sequelizeTypescript.transaction(t => federateVideoIfNeeded(refreshedVideo, true, t))
       })
     })
-    .catch(err => logger.error('Cannot federate or notify video creation %s', video.url, { err }))
+    .catch(err => logger.error('Cannot federate or notify video creation %s', video.url, { err, ...lTags(video.uuid) }))
 
   if (video.state === VideoState.TO_TRANSCODE) {
     await addOptimizeOrMergeAudioJob(videoCreated, videoFile, res.locals.oauth.token.User)
@@ -389,7 +390,7 @@ async function updateVideo (req: express.Request, res: express.Response) {
         new VideoAuditView(videoInstanceUpdated.toFormattedDetailsJSON()),
         oldVideoAuditView
       )
-      logger.info('Video with name %s and uuid %s updated.', videoInstance.name, videoInstance.uuid)
+      logger.info('Video with name %s and uuid %s updated.', videoInstance.name, videoInstance.uuid, lTags(videoInstance.uuid))
 
       return videoInstanceUpdated
     })
diff --git a/server/controllers/client.ts b/server/controllers/client.ts
index 557cbfdfb..022a17ff4 100644
--- a/server/controllers/client.ts
+++ b/server/controllers/client.ts
@@ -2,7 +2,9 @@ import * as express from 'express'
 import { constants, promises as fs } from 'fs'
 import { readFile } from 'fs-extra'
 import { join } from 'path'
+import { logger } from '@server/helpers/logger'
 import { CONFIG } from '@server/initializers/config'
+import { Hooks } from '@server/lib/plugins/hooks'
 import { HttpStatusCode } from '@shared/core-utils'
 import { buildFileLocale, getCompleteLocale, is18nLocale, LOCALE_FILES } from '@shared/core-utils/i18n'
 import { root } from '../helpers/core-utils'
@@ -27,6 +29,7 @@ const embedMiddlewares = [
     ? embedCSP
     : (req: express.Request, res: express.Response, next: express.NextFunction) => next(),
 
+  // Set headers
   (req: express.Request, res: express.Response, next: express.NextFunction) => {
     res.removeHeader('X-Frame-Options')
 
@@ -105,6 +108,24 @@ function serveServerTranslations (req: express.Request, res: express.Response) {
 }
 
 async function generateEmbedHtmlPage (req: express.Request, res: express.Response) {
+  const hookName = req.originalUrl.startsWith('/video-playlists/')
+    ? 'filter:html.embed.video-playlist.allowed.result'
+    : 'filter:html.embed.video.allowed.result'
+
+  const allowParameters = { req }
+
+  const allowedResult = await Hooks.wrapFun(
+    isEmbedAllowed,
+    allowParameters,
+    hookName
+  )
+
+  if (!allowedResult || allowedResult.allowed !== true) {
+    logger.info('Embed is not allowed.', { allowedResult })
+
+    return sendHTML(allowedResult?.html || '', res)
+  }
+
   const html = await ClientHtml.getEmbedHTML()
 
   return sendHTML(html, res)
@@ -158,3 +179,10 @@ function serveClientOverride (path: string) {
     }
   }
 }
+
+type AllowedResult = { allowed: boolean, html?: string }
+function isEmbedAllowed (_object: {
+  req: express.Request
+}): AllowedResult {
+  return { allowed: true }
+}
diff --git a/server/controllers/download.ts b/server/controllers/download.ts
index 27caa1518..9a8194c5c 100644
--- a/server/controllers/download.ts
+++ b/server/controllers/download.ts
@@ -1,8 +1,10 @@
 import * as cors from 'cors'
 import * as express from 'express'
+import { logger } from '@server/helpers/logger'
 import { VideosTorrentCache } from '@server/lib/files-cache/videos-torrent-cache'
+import { Hooks } from '@server/lib/plugins/hooks'
 import { getVideoFilePath } from '@server/lib/video-paths'
-import { MVideoFile, MVideoFullLight } from '@server/types/models'
+import { MStreamingPlaylist, MVideo, MVideoFile, MVideoFullLight } from '@server/types/models'
 import { HttpStatusCode } from '@shared/core-utils/miscs/http-error-codes'
 import { VideoStreamingPlaylistType } from '@shared/models'
 import { STATIC_DOWNLOAD_PATHS } from '../initializers/constants'
@@ -14,19 +16,19 @@ downloadRouter.use(cors())
 
 downloadRouter.use(
   STATIC_DOWNLOAD_PATHS.TORRENTS + ':filename',
-  downloadTorrent
+  asyncMiddleware(downloadTorrent)
 )
 
 downloadRouter.use(
   STATIC_DOWNLOAD_PATHS.VIDEOS + ':id-:resolution([0-9]+).:extension',
   asyncMiddleware(videosDownloadValidator),
-  downloadVideoFile
+  asyncMiddleware(downloadVideoFile)
 )
 
 downloadRouter.use(
   STATIC_DOWNLOAD_PATHS.HLS_VIDEOS + ':id-:resolution([0-9]+)-fragmented.:extension',
   asyncMiddleware(videosDownloadValidator),
-  downloadHLSVideoFile
+  asyncMiddleware(downloadHLSVideoFile)
 )
 
 // ---------------------------------------------------------------------------
@@ -41,28 +43,58 @@ async function downloadTorrent (req: express.Request, res: express.Response) {
   const result = await VideosTorrentCache.Instance.getFilePath(req.params.filename)
   if (!result) return res.sendStatus(HttpStatusCode.NOT_FOUND_404)
 
+  const allowParameters = { torrentPath: result.path, downloadName: result.downloadName }
+
+  const allowedResult = await Hooks.wrapFun(
+    isTorrentDownloadAllowed,
+    allowParameters,
+    'filter:api.download.torrent.allowed.result'
+  )
+
+  if (!checkAllowResult(res, allowParameters, allowedResult)) return
+
   return res.download(result.path, result.downloadName)
 }
 
-function downloadVideoFile (req: express.Request, res: express.Response) {
+async function downloadVideoFile (req: express.Request, res: express.Response) {
   const video = res.locals.videoAll
 
   const videoFile = getVideoFile(req, video.VideoFiles)
   if (!videoFile) return res.status(HttpStatusCode.NOT_FOUND_404).end()
 
+  const allowParameters = { video, videoFile }
+
+  const allowedResult = await Hooks.wrapFun(
+    isVideoDownloadAllowed,
+    allowParameters,
+    'filter:api.download.video.allowed.result'
+  )
+
+  if (!checkAllowResult(res, allowParameters, allowedResult)) return
+
   return res.download(getVideoFilePath(video, videoFile), `${video.name}-${videoFile.resolution}p${videoFile.extname}`)
 }
 
-function downloadHLSVideoFile (req: express.Request, res: express.Response) {
+async function downloadHLSVideoFile (req: express.Request, res: express.Response) {
   const video = res.locals.videoAll
-  const playlist = getHLSPlaylist(video)
-  if (!playlist) return res.status(HttpStatusCode.NOT_FOUND_404).end
+  const streamingPlaylist = getHLSPlaylist(video)
+  if (!streamingPlaylist) return res.status(HttpStatusCode.NOT_FOUND_404).end
 
-  const videoFile = getVideoFile(req, playlist.VideoFiles)
+  const videoFile = getVideoFile(req, streamingPlaylist.VideoFiles)
   if (!videoFile) return res.status(HttpStatusCode.NOT_FOUND_404).end()
 
-  const filename = `${video.name}-${videoFile.resolution}p-${playlist.getStringType()}${videoFile.extname}`
-  return res.download(getVideoFilePath(playlist, videoFile), filename)
+  const allowParameters = { video, streamingPlaylist, videoFile }
+
+  const allowedResult = await Hooks.wrapFun(
+    isVideoDownloadAllowed,
+    allowParameters,
+    'filter:api.download.video.allowed.result'
+  )
+
+  if (!checkAllowResult(res, allowParameters, allowedResult)) return
+
+  const filename = `${video.name}-${videoFile.resolution}p-${streamingPlaylist.getStringType()}${videoFile.extname}`
+  return res.download(getVideoFilePath(streamingPlaylist, videoFile), filename)
 }
 
 function getVideoFile (req: express.Request, files: MVideoFile[]) {
@@ -76,3 +108,34 @@ function getHLSPlaylist (video: MVideoFullLight) {
 
   return Object.assign(playlist, { Video: video })
 }
+
+type AllowedResult = {
+  allowed: boolean
+  errorMessage?: string
+}
+
+function isTorrentDownloadAllowed (_object: {
+  torrentPath: string
+}): AllowedResult {
+  return { allowed: true }
+}
+
+function isVideoDownloadAllowed (_object: {
+  video: MVideo
+  videoFile: MVideoFile
+  streamingPlaylist?: MStreamingPlaylist
+}): AllowedResult {
+  return { allowed: true }
+}
+
+function checkAllowResult (res: express.Response, allowParameters: any, result?: AllowedResult) {
+  if (!result || result.allowed !== true) {
+    logger.info('Download is not allowed.', { result, allowParameters })
+    res.status(HttpStatusCode.FORBIDDEN_403)
+       .json({ error: result?.errorMessage || 'Refused download' })
+
+    return false
+  }
+
+  return true
+}
diff --git a/server/controllers/feeds.ts b/server/controllers/feeds.ts
index e29a8fe1d..921067e65 100644
--- a/server/controllers/feeds.ts
+++ b/server/controllers/feeds.ts
@@ -1,8 +1,9 @@
 import * as express from 'express'
 import * as Feed from 'pfeed'
+import { VideoFilter } from '../../shared/models/videos/video-query.type'
 import { buildNSFWFilter } from '../helpers/express-utils'
 import { CONFIG } from '../initializers/config'
-import { FEEDS, ROUTE_CACHE_LIFETIME, THUMBNAILS_SIZE, WEBSERVER } from '../initializers/constants'
+import { FEEDS, PREVIEWS_SIZE, ROUTE_CACHE_LIFETIME, WEBSERVER } from '../initializers/constants'
 import {
   asyncMiddleware,
   commonVideosFiltersValidator,
@@ -17,7 +18,6 @@ import {
 import { cacheRoute } from '../middlewares/cache'
 import { VideoModel } from '../models/video/video'
 import { VideoCommentModel } from '../models/video/video-comment'
-import { VideoFilter } from '../../shared/models/videos/video-query.type'
 
 const feedsRouter = express.Router()
 
@@ -318,9 +318,9 @@ function addVideosToFeed (feed, videos: VideoModel[]) {
       },
       thumbnail: [
         {
-          url: WEBSERVER.URL + video.getMiniatureStaticPath(),
-          height: THUMBNAILS_SIZE.height,
-          width: THUMBNAILS_SIZE.width
+          url: WEBSERVER.URL + video.getPreviewStaticPath(),
+          height: PREVIEWS_SIZE.height,
+          width: PREVIEWS_SIZE.width
         }
       ]
     })
diff --git a/server/controllers/plugins.ts b/server/controllers/plugins.ts
index 6a1ccc0bf..105f51518 100644
--- a/server/controllers/plugins.ts
+++ b/server/controllers/plugins.ts
@@ -1,15 +1,15 @@
 import * as express from 'express'
-import { PLUGIN_GLOBAL_CSS_PATH } from '../initializers/constants'
 import { join } from 'path'
-import { PluginManager, RegisteredPlugin } from '../lib/plugins/plugin-manager'
-import { getPluginValidator, pluginStaticDirectoryValidator, getExternalAuthValidator } from '../middlewares/validators/plugins'
-import { serveThemeCSSValidator } from '../middlewares/validators/themes'
-import { HttpStatusCode } from '../../shared/core-utils/miscs/http-error-codes'
+import { logger } from '@server/helpers/logger'
+import { optionalAuthenticate } from '@server/middlewares/auth'
 import { getCompleteLocale, is18nLocale } from '../../shared/core-utils/i18n'
+import { HttpStatusCode } from '../../shared/core-utils/miscs/http-error-codes'
 import { PluginType } from '../../shared/models/plugins/plugin.type'
 import { isTestInstance } from '../helpers/core-utils'
-import { logger } from '@server/helpers/logger'
-import { optionalAuthenticate } from '@server/middlewares/oauth'
+import { PLUGIN_GLOBAL_CSS_PATH } from '../initializers/constants'
+import { PluginManager, RegisteredPlugin } from '../lib/plugins/plugin-manager'
+import { getExternalAuthValidator, getPluginValidator, pluginStaticDirectoryValidator } from '../middlewares/validators/plugins'
+import { serveThemeCSSValidator } from '../middlewares/validators/themes'
 
 const sendFileOptions = {
   maxAge: '30 days',
diff --git a/server/helpers/activitypub.ts b/server/helpers/activitypub.ts
index 08aef2908..e0754b501 100644
--- a/server/helpers/activitypub.ts
+++ b/server/helpers/activitypub.ts
@@ -3,7 +3,6 @@ import { URL } from 'url'
 import validator from 'validator'
 import { ContextType } from '@shared/models/activitypub/context'
 import { ResultList } from '../../shared/models'
-import { Activity } from '../../shared/models/activitypub'
 import { ACTIVITY_PUB, REMOTE_SCHEME } from '../initializers/constants'
 import { MActor, MVideoWithHost } from '../types/models'
 import { pageToStartAndCount } from './core-utils'
@@ -182,10 +181,10 @@ async function activityPubCollectionPagination (
 
 }
 
-function buildSignedActivity (byActor: MActor, data: Object, contextType?: ContextType) {
+function buildSignedActivity <T> (byActor: MActor, data: T, contextType?: ContextType) {
   const activity = activityPubContextify(data, contextType)
 
-  return signJsonLDObject(byActor, activity) as Promise<Activity>
+  return signJsonLDObject(byActor, activity)
 }
 
 function getAPId (activity: string | { id: string }) {
diff --git a/server/helpers/core-utils.ts b/server/helpers/core-utils.ts
index 935fd22d9..0bd84ffaa 100644
--- a/server/helpers/core-utils.ts
+++ b/server/helpers/core-utils.ts
@@ -10,7 +10,9 @@ import { BinaryToTextEncoding, createHash, randomBytes } from 'crypto'
 import { truncate } from 'lodash'
 import { basename, isAbsolute, join, resolve } from 'path'
 import * as pem from 'pem'
+import { pipeline } from 'stream'
 import { URL } from 'url'
+import { promisify } from 'util'
 
 const objectConverter = (oldObject: any, keyConverter: (e: string) => string, valueConverter: (e: any) => any) => {
   if (!oldObject || typeof oldObject !== 'object') {
@@ -249,11 +251,23 @@ function promisify2<T, U, A> (func: (arg1: T, arg2: U, cb: (err: any, result: A)
   }
 }
 
+type SemVersion = { major: number, minor: number, patch: number }
+function parseSemVersion (s: string) {
+  const parsed = s.match(/^v?(\d+)\.(\d+)\.(\d+)$/i)
+
+  return {
+    major: parseInt(parsed[1]),
+    minor: parseInt(parsed[2]),
+    patch: parseInt(parsed[3])
+  } as SemVersion
+}
+
 const randomBytesPromise = promisify1<number, Buffer>(randomBytes)
 const createPrivateKey = promisify1<number, { key: string }>(pem.createPrivateKey)
 const getPublicKey = promisify1<string, { publicKey: string }>(pem.getPublicKey)
 const execPromise2 = promisify2<string, any, string>(exec)
 const execPromise = promisify1<string, string>(exec)
+const pipelinePromise = promisify(pipeline)
 
 // ---------------------------------------------------------------------------
 
@@ -284,5 +298,8 @@ export {
   createPrivateKey,
   getPublicKey,
   execPromise2,
-  execPromise
+  execPromise,
+  pipelinePromise,
+
+  parseSemVersion
 }
diff --git a/server/helpers/custom-validators/activitypub/activity.ts b/server/helpers/custom-validators/activitypub/activity.ts
index da79b2782..b5c96f6e7 100644
--- a/server/helpers/custom-validators/activitypub/activity.ts
+++ b/server/helpers/custom-validators/activitypub/activity.ts
@@ -1,16 +1,13 @@
 import validator from 'validator'
 import { Activity, ActivityType } from '../../../../shared/models/activitypub'
+import { isAbuseReasonValid } from '../abuses'
 import { exists } from '../misc'
 import { sanitizeAndCheckActorObject } from './actor'
 import { isCacheFileObjectValid } from './cache-file'
-import { isFlagActivityValid } from './flag'
 import { isActivityPubUrlValid, isBaseActivityValid, isObjectValid } from './misc'
 import { isPlaylistObjectValid } from './playlist'
-import { isDislikeActivityValid, isLikeActivityValid } from './rate'
-import { isShareActivityValid } from './share'
 import { sanitizeAndCheckVideoCommentObject } from './video-comments'
 import { sanitizeAndCheckVideoTorrentObject } from './videos'
-import { isViewActivityValid } from './view'
 
 function isRootActivityValid (activity: any) {
   return isCollection(activity) || isActivity(activity)
@@ -29,18 +26,18 @@ function isActivity (activity: any) {
 }
 
 const activityCheckers: { [ P in ActivityType ]: (activity: Activity) => boolean } = {
-  Create: checkCreateActivity,
-  Update: checkUpdateActivity,
-  Delete: checkDeleteActivity,
-  Follow: checkFollowActivity,
-  Accept: checkAcceptActivity,
-  Reject: checkRejectActivity,
-  Announce: checkAnnounceActivity,
-  Undo: checkUndoActivity,
-  Like: checkLikeActivity,
-  View: checkViewActivity,
-  Flag: checkFlagActivity,
-  Dislike: checkDislikeActivity
+  Create: isCreateActivityValid,
+  Update: isUpdateActivityValid,
+  Delete: isDeleteActivityValid,
+  Follow: isFollowActivityValid,
+  Accept: isAcceptActivityValid,
+  Reject: isRejectActivityValid,
+  Announce: isAnnounceActivityValid,
+  Undo: isUndoActivityValid,
+  Like: isLikeActivityValid,
+  View: isViewActivityValid,
+  Flag: isFlagActivityValid,
+  Dislike: isDislikeActivityValid
 }
 
 function isActivityValid (activity: any) {
@@ -51,34 +48,34 @@ function isActivityValid (activity: any) {
   return checker(activity)
 }
 
-// ---------------------------------------------------------------------------
-
-export {
-  isRootActivityValid,
-  isActivityValid
+function isFlagActivityValid (activity: any) {
+  return isBaseActivityValid(activity, 'Flag') &&
+    isAbuseReasonValid(activity.content) &&
+    isActivityPubUrlValid(activity.object)
 }
 
-// ---------------------------------------------------------------------------
-
-function checkViewActivity (activity: any) {
-  return isBaseActivityValid(activity, 'View') &&
-    isViewActivityValid(activity)
+function isLikeActivityValid (activity: any) {
+  return isBaseActivityValid(activity, 'Like') &&
+    isObjectValid(activity.object)
 }
 
-function checkFlagActivity (activity: any) {
-  return isBaseActivityValid(activity, 'Flag') &&
-    isFlagActivityValid(activity)
+function isDislikeActivityValid (activity: any) {
+  return isBaseActivityValid(activity, 'Dislike') &&
+    isObjectValid(activity.object)
 }
 
-function checkDislikeActivity (activity: any) {
-  return isDislikeActivityValid(activity)
+function isAnnounceActivityValid (activity: any) {
+  return isBaseActivityValid(activity, 'Announce') &&
+    isObjectValid(activity.object)
 }
 
-function checkLikeActivity (activity: any) {
-  return isLikeActivityValid(activity)
+function isViewActivityValid (activity: any) {
+  return isBaseActivityValid(activity, 'View') &&
+    isActivityPubUrlValid(activity.actor) &&
+    isActivityPubUrlValid(activity.object)
 }
 
-function checkCreateActivity (activity: any) {
+function isCreateActivityValid (activity: any) {
   return isBaseActivityValid(activity, 'Create') &&
     (
       isViewActivityValid(activity.object) ||
@@ -92,7 +89,7 @@ function checkCreateActivity (activity: any) {
     )
 }
 
-function checkUpdateActivity (activity: any) {
+function isUpdateActivityValid (activity: any) {
   return isBaseActivityValid(activity, 'Update') &&
     (
       isCacheFileObjectValid(activity.object) ||
@@ -102,36 +99,51 @@ function checkUpdateActivity (activity: any) {
     )
 }
 
-function checkDeleteActivity (activity: any) {
+function isDeleteActivityValid (activity: any) {
   // We don't really check objects
   return isBaseActivityValid(activity, 'Delete') &&
     isObjectValid(activity.object)
 }
 
-function checkFollowActivity (activity: any) {
+function isFollowActivityValid (activity: any) {
   return isBaseActivityValid(activity, 'Follow') &&
     isObjectValid(activity.object)
 }
 
-function checkAcceptActivity (activity: any) {
+function isAcceptActivityValid (activity: any) {
   return isBaseActivityValid(activity, 'Accept')
 }
 
-function checkRejectActivity (activity: any) {
+function isRejectActivityValid (activity: any) {
   return isBaseActivityValid(activity, 'Reject')
 }
 
-function checkAnnounceActivity (activity: any) {
-  return isShareActivityValid(activity)
-}
-
-function checkUndoActivity (activity: any) {
+function isUndoActivityValid (activity: any) {
   return isBaseActivityValid(activity, 'Undo') &&
     (
-      checkFollowActivity(activity.object) ||
-      checkLikeActivity(activity.object) ||
-      checkDislikeActivity(activity.object) ||
-      checkAnnounceActivity(activity.object) ||
-      checkCreateActivity(activity.object)
+      isFollowActivityValid(activity.object) ||
+      isLikeActivityValid(activity.object) ||
+      isDislikeActivityValid(activity.object) ||
+      isAnnounceActivityValid(activity.object) ||
+      isCreateActivityValid(activity.object)
     )
 }
+
+// ---------------------------------------------------------------------------
+
+export {
+  isRootActivityValid,
+  isActivityValid,
+  isFlagActivityValid,
+  isLikeActivityValid,
+  isDislikeActivityValid,
+  isAnnounceActivityValid,
+  isViewActivityValid,
+  isCreateActivityValid,
+  isUpdateActivityValid,
+  isDeleteActivityValid,
+  isFollowActivityValid,
+  isAcceptActivityValid,
+  isRejectActivityValid,
+  isUndoActivityValid
+}
diff --git a/server/helpers/custom-validators/activitypub/flag.ts b/server/helpers/custom-validators/activitypub/flag.ts
deleted file mode 100644
index dc90b3667..000000000
--- a/server/helpers/custom-validators/activitypub/flag.ts
+++ /dev/null
@@ -1,14 +0,0 @@
-import { isActivityPubUrlValid } from './misc'
-import { isAbuseReasonValid } from '../abuses'
-
-function isFlagActivityValid (activity: any) {
-  return activity.type === 'Flag' &&
-    isAbuseReasonValid(activity.content) &&
-    isActivityPubUrlValid(activity.object)
-}
-
-// ---------------------------------------------------------------------------
-
-export {
-  isFlagActivityValid
-}
diff --git a/server/helpers/custom-validators/activitypub/rate.ts b/server/helpers/custom-validators/activitypub/rate.ts
deleted file mode 100644
index aafdda443..000000000
--- a/server/helpers/custom-validators/activitypub/rate.ts
+++ /dev/null
@@ -1,18 +0,0 @@
-import { isBaseActivityValid, isObjectValid } from './misc'
-
-function isLikeActivityValid (activity: any) {
-  return isBaseActivityValid(activity, 'Like') &&
-    isObjectValid(activity.object)
-}
-
-function isDislikeActivityValid (activity: any) {
-  return isBaseActivityValid(activity, 'Dislike') &&
-    isObjectValid(activity.object)
-}
-
-// ---------------------------------------------------------------------------
-
-export {
-  isDislikeActivityValid,
-  isLikeActivityValid
-}
diff --git a/server/helpers/custom-validators/activitypub/share.ts b/server/helpers/custom-validators/activitypub/share.ts
deleted file mode 100644
index fb5e4c05e..000000000
--- a/server/helpers/custom-validators/activitypub/share.ts
+++ /dev/null
@@ -1,11 +0,0 @@
-import { isBaseActivityValid, isObjectValid } from './misc'
-
-function isShareActivityValid (activity: any) {
-  return isBaseActivityValid(activity, 'Announce') &&
-    isObjectValid(activity.object)
-}
-// ---------------------------------------------------------------------------
-
-export {
-  isShareActivityValid
-}
diff --git a/server/helpers/custom-validators/activitypub/view.ts b/server/helpers/custom-validators/activitypub/view.ts
deleted file mode 100644
index 41d16469f..000000000
--- a/server/helpers/custom-validators/activitypub/view.ts
+++ /dev/null
@@ -1,13 +0,0 @@
-import { isActivityPubUrlValid } from './misc'
-
-function isViewActivityValid (activity: any) {
-  return activity.type === 'View' &&
-    isActivityPubUrlValid(activity.actor) &&
-    isActivityPubUrlValid(activity.object)
-}
-
-// ---------------------------------------------------------------------------
-
-export {
-  isViewActivityValid
-}
diff --git a/server/helpers/custom-validators/user-notifications.ts b/server/helpers/custom-validators/user-notifications.ts
index 8a33b895b..252c107db 100644
--- a/server/helpers/custom-validators/user-notifications.ts
+++ b/server/helpers/custom-validators/user-notifications.ts
@@ -1,10 +1,9 @@
-import { exists } from './misc'
 import validator from 'validator'
-import { UserNotificationType } from '../../../shared/models/users'
 import { UserNotificationSettingValue } from '../../../shared/models/users/user-notification-setting.model'
+import { exists } from './misc'
 
 function isUserNotificationTypeValid (value: any) {
-  return exists(value) && validator.isInt('' + value) && UserNotificationType[value] !== undefined
+  return exists(value) && validator.isInt('' + value)
 }
 
 function isUserNotificationSettingValid (value: any) {
diff --git a/server/helpers/ffmpeg-utils.ts b/server/helpers/ffmpeg-utils.ts
index 620025966..69cd397b9 100644
--- a/server/helpers/ffmpeg-utils.ts
+++ b/server/helpers/ffmpeg-utils.ts
@@ -5,7 +5,7 @@ import { dirname, join } from 'path'
 import { FFMPEG_NICE, VIDEO_LIVE } from '@server/initializers/constants'
 import { AvailableEncoders, EncoderOptionsBuilder, EncoderProfile, VideoResolution } from '../../shared/models/videos'
 import { CONFIG } from '../initializers/config'
-import { promisify0 } from './core-utils'
+import { execPromise, promisify0 } from './core-utils'
 import { computeFPS, getAudioStream, getVideoFileFPS } from './ffprobe-utils'
 import { processImage } from './image-utils'
 import { logger } from './logger'
@@ -649,6 +649,24 @@ function getFFmpeg (input: string, type: 'live' | 'vod') {
   return command
 }
 
+function getFFmpegVersion () {
+  return new Promise<string>((res, rej) => {
+    (ffmpeg() as any)._getFfmpegPath((err, ffmpegPath) => {
+      if (err) return rej(err)
+      if (!ffmpegPath) return rej(new Error('Could not find ffmpeg path'))
+
+      return execPromise(`${ffmpegPath} -version`)
+        .then(stdout => {
+          const parsed = stdout.match(/ffmpeg version .(\d+\.\d+\.\d+)/)
+          if (!parsed || !parsed[1]) return rej(new Error(`Could not find ffmpeg version in ${stdout}`))
+
+          return res(parsed[1])
+        })
+        .catch(err => rej(err))
+    })
+  })
+}
+
 async function runCommand (options: {
   command: ffmpeg.FfmpegCommand
   silent?: boolean // false
@@ -695,6 +713,7 @@ export {
   TranscodeOptionsType,
   transcode,
   runCommand,
+  getFFmpegVersion,
 
   resetSupportedEncoders,
 
diff --git a/server/helpers/logger.ts b/server/helpers/logger.ts
index 6917a64d9..a112fd300 100644
--- a/server/helpers/logger.ts
+++ b/server/helpers/logger.ts
@@ -48,7 +48,7 @@ function getLoggerReplacer () {
 }
 
 const consoleLoggerFormat = winston.format.printf(info => {
-  const toOmit = [ 'label', 'timestamp', 'level', 'message', 'sql' ]
+  const toOmit = [ 'label', 'timestamp', 'level', 'message', 'sql', 'tags' ]
 
   const obj = omit(info, ...toOmit)
 
@@ -150,6 +150,13 @@ const bunyanLogger = {
   error: bunyanLogFactory('error'),
   fatal: bunyanLogFactory('error')
 }
+
+function loggerTagsFactory (...defaultTags: string[]) {
+  return (...tags: string[]) => {
+    return { tags: defaultTags.concat(tags) }
+  }
+}
+
 // ---------------------------------------------------------------------------
 
 export {
@@ -159,5 +166,6 @@ export {
   consoleLoggerFormat,
   jsonLoggerFormat,
   logger,
+  loggerTagsFactory,
   bunyanLogger
 }
diff --git a/server/helpers/peertube-crypto.ts b/server/helpers/peertube-crypto.ts
index 994f725d8..bc6f1d074 100644
--- a/server/helpers/peertube-crypto.ts
+++ b/server/helpers/peertube-crypto.ts
@@ -84,7 +84,7 @@ async function isJsonLDRSA2017Verified (fromActor: MActor, signedDocument: any)
   return verify.verify(fromActor.publicKey, signedDocument.signature.signatureValue, 'base64')
 }
 
-async function signJsonLDObject (byActor: MActor, data: any) {
+async function signJsonLDObject <T> (byActor: MActor, data: T) {
   const signature = {
     type: 'RsaSignature2017',
     creator: byActor.url,
diff --git a/server/helpers/requests.ts b/server/helpers/requests.ts
index b556c392e..fd2a56f30 100644
--- a/server/helpers/requests.ts
+++ b/server/helpers/requests.ts
@@ -1,58 +1,141 @@
-import * as Bluebird from 'bluebird'
 import { createWriteStream, remove } from 'fs-extra'
-import * as request from 'request'
+import got, { CancelableRequest, Options as GotOptions, RequestError } from 'got'
+import { join } from 'path'
+import { CONFIG } from '../initializers/config'
 import { ACTIVITY_PUB, PEERTUBE_VERSION, WEBSERVER } from '../initializers/constants'
+import { pipelinePromise } from './core-utils'
 import { processImage } from './image-utils'
-import { join } from 'path'
 import { logger } from './logger'
-import { CONFIG } from '../initializers/config'
 
-function doRequest <T> (
-  requestOptions: request.CoreOptions & request.UriOptions & { activityPub?: boolean },
-  bodyKBLimit = 1000 // 1MB
-): Bluebird<{ response: request.RequestResponse, body: T }> {
-  if (!(requestOptions.headers)) requestOptions.headers = {}
-  requestOptions.headers['User-Agent'] = getUserAgent()
+export interface PeerTubeRequestError extends Error {
+  statusCode?: number
+  responseBody?: any
+}
 
-  if (requestOptions.activityPub === true) {
-    requestOptions.headers['accept'] = ACTIVITY_PUB.ACCEPT_HEADER
+const httpSignature = require('http-signature')
+
+type PeerTubeRequestOptions = {
+  activityPub?: boolean
+  bodyKBLimit?: number // 1MB
+  httpSignature?: {
+    algorithm: string
+    authorizationHeaderName: string
+    keyId: string
+    key: string
+    headers: string[]
   }
+  jsonResponse?: boolean
+} & Pick<GotOptions, 'headers' | 'json' | 'method' | 'searchParams'>
+
+const peertubeGot = got.extend({
+  headers: {
+    'user-agent': getUserAgent()
+  },
+
+  handlers: [
+    (options, next) => {
+      const promiseOrStream = next(options) as CancelableRequest<any>
+      const bodyKBLimit = options.context?.bodyKBLimit as number
+      if (!bodyKBLimit) throw new Error('No KB limit for this request')
+
+      const bodyLimit = bodyKBLimit * 1000
+
+      /* eslint-disable @typescript-eslint/no-floating-promises */
+      promiseOrStream.on('downloadProgress', progress => {
+        if (progress.transferred > bodyLimit && progress.percent !== 1) {
+          const message = `Exceeded the download limit of ${bodyLimit} B`
+          logger.warn(message)
+
+          // CancelableRequest
+          if (promiseOrStream.cancel) {
+            promiseOrStream.cancel()
+            return
+          }
+
+          // Stream
+          (promiseOrStream as any).destroy()
+        }
+      })
 
-  return new Bluebird<{ response: request.RequestResponse, body: T }>((res, rej) => {
-    request(requestOptions, (err, response, body) => err ? rej(err) : res({ response, body }))
-      .on('data', onRequestDataLengthCheck(bodyKBLimit))
-  })
+      return promiseOrStream
+    }
+  ],
+
+  hooks: {
+    beforeRequest: [
+      options => {
+        const headers = options.headers || {}
+        headers['host'] = options.url.host
+      },
+
+      options => {
+        const httpSignatureOptions = options.context?.httpSignature
+
+        if (httpSignatureOptions) {
+          const method = options.method ?? 'GET'
+          const path = options.path ?? options.url.pathname
+
+          if (!method || !path) {
+            throw new Error(`Cannot sign request without method (${method}) or path (${path}) ${options}`)
+          }
+
+          httpSignature.signRequest({
+            getHeader: function (header) {
+              return options.headers[header]
+            },
+
+            setHeader: function (header, value) {
+              options.headers[header] = value
+            },
+
+            method,
+            path
+          }, httpSignatureOptions)
+        }
+      }
+    ]
+  }
+})
+
+function doRequest (url: string, options: PeerTubeRequestOptions = {}) {
+  const gotOptions = buildGotOptions(options)
+
+  return peertubeGot(url, gotOptions)
+    .catch(err => { throw buildRequestError(err) })
 }
 
-function doRequestAndSaveToFile (
-  requestOptions: request.CoreOptions & request.UriOptions,
+function doJSONRequest <T> (url: string, options: PeerTubeRequestOptions = {}) {
+  const gotOptions = buildGotOptions(options)
+
+  return peertubeGot<T>(url, { ...gotOptions, responseType: 'json' })
+    .catch(err => { throw buildRequestError(err) })
+}
+
+async function doRequestAndSaveToFile (
+  url: string,
   destPath: string,
-  bodyKBLimit = 10000 // 10MB
+  options: PeerTubeRequestOptions = {}
 ) {
-  if (!requestOptions.headers) requestOptions.headers = {}
-  requestOptions.headers['User-Agent'] = getUserAgent()
-
-  return new Bluebird<void>((res, rej) => {
-    const file = createWriteStream(destPath)
-    file.on('finish', () => res())
+  const gotOptions = buildGotOptions(options)
 
-    request(requestOptions)
-      .on('data', onRequestDataLengthCheck(bodyKBLimit))
-      .on('error', err => {
-        file.close()
+  const outFile = createWriteStream(destPath)
 
-        remove(destPath)
-          .catch(err => logger.error('Cannot remove %s after request failure.', destPath, { err }))
+  try {
+    await pipelinePromise(
+      peertubeGot.stream(url, gotOptions),
+      outFile
+    )
+  } catch (err) {
+    remove(destPath)
+      .catch(err => logger.error('Cannot remove %s after request failure.', destPath, { err }))
 
-        return rej(err)
-      })
-      .pipe(file)
-  })
+    throw buildRequestError(err)
+  }
 }
 
 async function downloadImage (url: string, destDir: string, destName: string, size: { width: number, height: number }) {
   const tmpPath = join(CONFIG.STORAGE.TMP_DIR, 'pending-' + destName)
-  await doRequestAndSaveToFile({ method: 'GET', uri: url }, tmpPath)
+  await doRequestAndSaveToFile(url, tmpPath)
 
   const destPath = join(destDir, destName)
 
@@ -73,24 +156,46 @@ function getUserAgent () {
 
 export {
   doRequest,
+  doJSONRequest,
   doRequestAndSaveToFile,
   downloadImage
 }
 
 // ---------------------------------------------------------------------------
 
-// Thanks to https://github.com/request/request/issues/2470#issuecomment-268929907 <3
-function onRequestDataLengthCheck (bodyKBLimit: number) {
-  let bufferLength = 0
-  const bytesLimit = bodyKBLimit * 1000
+function buildGotOptions (options: PeerTubeRequestOptions) {
+  const { activityPub, bodyKBLimit = 1000 } = options
 
-  return function (chunk) {
-    bufferLength += chunk.length
-    if (bufferLength > bytesLimit) {
-      this.abort()
+  const context = { bodyKBLimit, httpSignature: options.httpSignature }
 
-      const error = new Error(`Response was too large - aborted after ${bytesLimit} bytes.`)
-      this.emit('error', error)
-    }
+  let headers = options.headers || {}
+
+  if (!headers.date) {
+    headers = { ...headers, date: new Date().toUTCString() }
+  }
+
+  if (activityPub && !headers.accept) {
+    headers = { ...headers, accept: ACTIVITY_PUB.ACCEPT_HEADER }
   }
+
+  return {
+    method: options.method,
+    json: options.json,
+    searchParams: options.searchParams,
+    headers,
+    context
+  }
+}
+
+function buildRequestError (error: RequestError) {
+  const newError: PeerTubeRequestError = new Error(error.message)
+  newError.name = error.name
+  newError.stack = error.stack
+
+  if (error.response) {
+    newError.responseBody = error.response.body
+    newError.statusCode = error.response.statusCode
+  }
+
+  return newError
 }
diff --git a/server/helpers/youtube-dl.ts b/server/helpers/youtube-dl.ts
index 8537a5772..9d2e54fb5 100644
--- a/server/helpers/youtube-dl.ts
+++ b/server/helpers/youtube-dl.ts
@@ -1,13 +1,13 @@
 import { createWriteStream } from 'fs'
 import { ensureDir, move, pathExists, remove, writeFile } from 'fs-extra'
+import got from 'got'
 import { join } from 'path'
-import * as request from 'request'
 import { CONFIG } from '@server/initializers/config'
 import { HttpStatusCode } from '../../shared/core-utils/miscs/http-error-codes'
 import { VideoResolution } from '../../shared/models/videos'
 import { CONSTRAINTS_FIELDS, VIDEO_CATEGORIES, VIDEO_LANGUAGES, VIDEO_LICENCES } from '../initializers/constants'
 import { getEnabledResolutions } from '../lib/video-transcoding'
-import { peertubeTruncate, root } from './core-utils'
+import { peertubeTruncate, pipelinePromise, root } from './core-utils'
 import { isVideoFileExtnameValid } from './custom-validators/videos'
 import { logger } from './logger'
 import { generateVideoImportTmpPath } from './utils'
@@ -195,55 +195,32 @@ async function updateYoutubeDLBinary () {
 
   await ensureDir(binDirectory)
 
-  return new Promise<void>(res => {
-    request.get(url, { followRedirect: false }, (err, result) => {
-      if (err) {
-        logger.error('Cannot update youtube-dl.', { err })
-        return res()
-      }
-
-      if (result.statusCode !== HttpStatusCode.FOUND_302) {
-        logger.error('youtube-dl update error: did not get redirect for the latest version link. Status %d', result.statusCode)
-        return res()
-      }
-
-      const url = result.headers.location
-      const downloadFile = request.get(url)
-      const newVersion = /yt-dl\.org\/downloads\/(\d{4}\.\d\d\.\d\d(\.\d)?)\/youtube-dl/.exec(url)[1]
-
-      downloadFile.on('response', result => {
-        if (result.statusCode !== HttpStatusCode.OK_200) {
-          logger.error('Cannot update youtube-dl: new version response is not 200, it\'s %d.', result.statusCode)
-          return res()
-        }
-
-        const writeStream = createWriteStream(bin, { mode: 493 }).on('error', err => {
-          logger.error('youtube-dl update error in write stream', { err })
-          return res()
-        })
+  try {
+    const result = await got(url, { followRedirect: false })
 
-        downloadFile.pipe(writeStream)
-      })
+    if (result.statusCode !== HttpStatusCode.FOUND_302) {
+      logger.error('youtube-dl update error: did not get redirect for the latest version link. Status %d', result.statusCode)
+      return
+    }
 
-      downloadFile.on('error', err => {
-        logger.error('youtube-dl update error.', { err })
-        return res()
-      })
+    const newUrl = result.headers.location
+    const newVersion = /yt-dl\.org\/downloads\/(\d{4}\.\d\d\.\d\d(\.\d)?)\/youtube-dl/.exec(newUrl)[1]
 
-      downloadFile.on('end', () => {
-        const details = JSON.stringify({ version: newVersion, path: bin, exec: 'youtube-dl' })
-        writeFile(detailsPath, details, { encoding: 'utf8' }, err => {
-          if (err) {
-            logger.error('youtube-dl update error: cannot write details.', { err })
-            return res()
-          }
+    const downloadFileStream = got.stream(newUrl)
+    const writeStream = createWriteStream(bin, { mode: 493 })
 
-          logger.info('youtube-dl updated to version %s.', newVersion)
-          return res()
-        })
-      })
-    })
-  })
+    await pipelinePromise(
+      downloadFileStream,
+      writeStream
+    )
+
+    const details = JSON.stringify({ version: newVersion, path: bin, exec: 'youtube-dl' })
+    await writeFile(detailsPath, details, { encoding: 'utf8' })
+
+    logger.info('youtube-dl updated to version %s.', newVersion)
+  } catch (err) {
+    logger.error('Cannot update youtube-dl.', { err })
+  }
 }
 
 async function safeGetYoutubeDL () {
diff --git a/server/initializers/checker-after-init.ts b/server/initializers/checker-after-init.ts
index 2b00e2047..a93c8b7fd 100644
--- a/server/initializers/checker-after-init.ts
+++ b/server/initializers/checker-after-init.ts
@@ -1,16 +1,17 @@
 import * as config from 'config'
-import { isProdInstance, isTestInstance } from '../helpers/core-utils'
-import { UserModel } from '../models/account/user'
-import { getServerActor, ApplicationModel } from '../models/application/application'
-import { OAuthClientModel } from '../models/oauth/oauth-client'
+import { uniq } from 'lodash'
 import { URL } from 'url'
-import { CONFIG, isEmailEnabled } from './config'
-import { logger } from '../helpers/logger'
+import { getFFmpegVersion } from '@server/helpers/ffmpeg-utils'
+import { VideoRedundancyConfigFilter } from '@shared/models/redundancy/video-redundancy-config-filter.type'
 import { RecentlyAddedStrategy } from '../../shared/models/redundancy'
+import { isProdInstance, isTestInstance, parseSemVersion } from '../helpers/core-utils'
 import { isArray } from '../helpers/custom-validators/misc'
-import { uniq } from 'lodash'
+import { logger } from '../helpers/logger'
+import { UserModel } from '../models/account/user'
+import { ApplicationModel, getServerActor } from '../models/application/application'
+import { OAuthClientModel } from '../models/oauth/oauth-client'
+import { CONFIG, isEmailEnabled } from './config'
 import { WEBSERVER } from './constants'
-import { VideoRedundancyConfigFilter } from '@shared/models/redundancy/video-redundancy-config-filter.type'
 
 async function checkActivityPubUrls () {
   const actor = await getServerActor()
@@ -176,11 +177,21 @@ async function applicationExist () {
   return totalApplication !== 0
 }
 
+async function checkFFmpegVersion () {
+  const version = await getFFmpegVersion()
+  const { major, minor } = parseSemVersion(version)
+
+  if (major < 4 || (major === 4 && minor < 1)) {
+    logger.warn('Your ffmpeg version (%s) is outdated. PeerTube supports ffmpeg >= 4.1. Please upgrade.', version)
+  }
+}
+
 // ---------------------------------------------------------------------------
 
 export {
   checkConfig,
   clientsExist,
+  checkFFmpegVersion,
   usersExist,
   applicationExist,
   checkActivityPubUrls
diff --git a/server/initializers/checker-before-init.ts b/server/initializers/checker-before-init.ts
index 565e0d1fa..e92cc4d2c 100644
--- a/server/initializers/checker-before-init.ts
+++ b/server/initializers/checker-before-init.ts
@@ -1,5 +1,5 @@
 import * as config from 'config'
-import { promisify0 } from '../helpers/core-utils'
+import { parseSemVersion, promisify0 } from '../helpers/core-utils'
 import { logger } from '../helpers/logger'
 
 // ONLY USE CORE MODULES IN THIS FILE!
@@ -37,6 +37,7 @@ function checkMissedConfig () {
     'theme.default',
     'remote_redundancy.videos.accept_from',
     'federation.videos.federate_unlisted', 'federation.videos.cleanup_remote_interactions',
+    'peertube.check_latest_version.enabled', 'peertube.check_latest_version.url',
     'search.remote_uri.users', 'search.remote_uri.anonymous', 'search.search_index.enabled', 'search.search_index.url',
     'search.search_index.disable_local_search', 'search.search_index.is_default_search',
     'live.enabled', 'live.allow_replay', 'live.max_duration', 'live.max_user_lives', 'live.max_instance_lives',
@@ -102,8 +103,7 @@ async function checkFFmpeg (CONFIG: { TRANSCODING: { ENABLED: boolean } }) {
 
 function checkNodeVersion () {
   const v = process.version
-  const majorString = v.split('.')[0].replace('v', '')
-  const major = parseInt(majorString, 10)
+  const { major } = parseSemVersion(v)
 
   logger.debug('Checking NodeJS version %s.', v)
 
diff --git a/server/initializers/config.ts b/server/initializers/config.ts
index c16b63c33..48e7f7397 100644
--- a/server/initializers/config.ts
+++ b/server/initializers/config.ts
@@ -163,6 +163,12 @@ const CONFIG = {
       CLEANUP_REMOTE_INTERACTIONS: config.get<boolean>('federation.videos.cleanup_remote_interactions')
     }
   },
+  PEERTUBE: {
+    CHECK_LATEST_VERSION: {
+      ENABLED: config.get<boolean>('peertube.check_latest_version.enabled'),
+      URL: config.get<string>('peertube.check_latest_version.url')
+    }
+  },
   ADMIN: {
     get EMAIL () { return config.get<string>('admin.email') }
   },
diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts
index 1623e6f42..b37aeb622 100644
--- a/server/initializers/constants.ts
+++ b/server/initializers/constants.ts
@@ -24,12 +24,12 @@ import { CONFIG, registerConfigChangedHandler } from './config'
 
 // ---------------------------------------------------------------------------
 
-const LAST_MIGRATION_VERSION = 610
+const LAST_MIGRATION_VERSION = 625
 
 // ---------------------------------------------------------------------------
 
 const API_VERSION = 'v1'
-const PEERTUBE_VERSION = require(join(root(), 'package.json')).version
+const PEERTUBE_VERSION: string = require(join(root(), 'package.json')).version
 
 const PAGINATION = {
   GLOBAL: {
@@ -207,6 +207,7 @@ const SCHEDULER_INTERVALS_MS = {
   updateVideos: 60000, // 1 minute
   youtubeDLUpdate: 60000 * 60 * 24, // 1 day
   checkPlugins: CONFIG.PLUGINS.INDEX.CHECK_LATEST_VERSIONS_INTERVAL,
+  checkPeerTubeVersion: 60000 * 60 * 24, // 1 day
   autoFollowIndexInstances: 60000 * 60 * 24, // 1 day
   removeOldViews: 60000 * 60 * 24, // 1 day
   removeOldHistory: 60000 * 60 * 24, // 1 day
@@ -763,6 +764,7 @@ if (isTestInstance() === true) {
   SCHEDULER_INTERVALS_MS.updateVideos = 5000
   SCHEDULER_INTERVALS_MS.autoFollowIndexInstances = 5000
   SCHEDULER_INTERVALS_MS.updateInboxStats = 5000
+  SCHEDULER_INTERVALS_MS.checkPeerTubeVersion = 2000
   REPEAT_JOBS['videos-views'] = { every: 5000 }
   REPEAT_JOBS['activitypub-cleaner'] = { every: 5000 }
 
diff --git a/server/initializers/database.ts b/server/initializers/database.ts
index 1f2b6d521..8378fa982 100644
--- a/server/initializers/database.ts
+++ b/server/initializers/database.ts
@@ -76,7 +76,7 @@ const sequelizeTypescript = new SequelizeTypescript({
       newMessage += ' in ' + benchmark + 'ms'
     }
 
-    logger.debug(newMessage, { sql: message })
+    logger.debug(newMessage, { sql: message, tags: [ 'sql' ] })
   }
 })
 
diff --git a/server/initializers/migrations/0610-views-index.ts b/server/initializers/migrations/0610-views-index copy.ts
index 02ee21172..02ee21172 100644
--- a/server/initializers/migrations/0610-views-index.ts
+++ b/server/initializers/migrations/0610-views-index copy.ts
diff --git a/server/initializers/migrations/0615-latest-versions-notification-settings.ts b/server/initializers/migrations/0615-latest-versions-notification-settings.ts
new file mode 100644
index 000000000..86bf56009
--- /dev/null
+++ b/server/initializers/migrations/0615-latest-versions-notification-settings.ts
@@ -0,0 +1,44 @@
+import * as Sequelize from 'sequelize'
+
+async function up (utils: {
+  transaction: Sequelize.Transaction
+  queryInterface: Sequelize.QueryInterface
+  sequelize: Sequelize.Sequelize
+  db: any
+}): Promise<void> {
+  {
+    const notificationSettingColumns = [ 'newPeerTubeVersion', 'newPluginVersion' ]
+
+    for (const column of notificationSettingColumns) {
+      const data = {
+        type: Sequelize.INTEGER,
+        defaultValue: null,
+        allowNull: true
+      }
+      await utils.queryInterface.addColumn('userNotificationSetting', column, data)
+    }
+
+    {
+      const query = 'UPDATE "userNotificationSetting" SET "newPeerTubeVersion" = 3, "newPluginVersion" = 1'
+      await utils.sequelize.query(query)
+    }
+
+    for (const column of notificationSettingColumns) {
+      const data = {
+        type: Sequelize.INTEGER,
+        defaultValue: null,
+        allowNull: false
+      }
+      await utils.queryInterface.changeColumn('userNotificationSetting', column, data)
+    }
+  }
+}
+
+function down (options) {
+  throw new Error('Not implemented.')
+}
+
+export {
+  up,
+  down
+}
diff --git a/server/initializers/migrations/0620-latest-versions-application.ts b/server/initializers/migrations/0620-latest-versions-application.ts
new file mode 100644
index 000000000..a689b18fc
--- /dev/null
+++ b/server/initializers/migrations/0620-latest-versions-application.ts
@@ -0,0 +1,27 @@
+import * as Sequelize from 'sequelize'
+
+async function up (utils: {
+  transaction: Sequelize.Transaction
+  queryInterface: Sequelize.QueryInterface
+  sequelize: Sequelize.Sequelize
+  db: any
+}): Promise<void> {
+
+  {
+    const data = {
+      type: Sequelize.STRING,
+      defaultValue: null,
+      allowNull: true
+    }
+    await utils.queryInterface.addColumn('application', 'latestPeerTubeVersion', data)
+  }
+}
+
+function down (options) {
+  throw new Error('Not implemented.')
+}
+
+export {
+  up,
+  down
+}
diff --git a/server/initializers/migrations/0625-latest-versions-notification.ts b/server/initializers/migrations/0625-latest-versions-notification.ts
new file mode 100644
index 000000000..77f395ce4
--- /dev/null
+++ b/server/initializers/migrations/0625-latest-versions-notification.ts
@@ -0,0 +1,26 @@
+import * as Sequelize from 'sequelize'
+
+async function up (utils: {
+  transaction: Sequelize.Transaction
+  queryInterface: Sequelize.QueryInterface
+  sequelize: Sequelize.Sequelize
+  db: any
+}): Promise<void> {
+
+  {
+    await utils.sequelize.query(`
+      ALTER TABLE "userNotification"
+      ADD COLUMN "applicationId" INTEGER REFERENCES "application" ("id") ON DELETE SET NULL ON UPDATE CASCADE,
+      ADD COLUMN "pluginId" INTEGER REFERENCES "plugin" ("id") ON DELETE SET NULL ON UPDATE CASCADE
+    `)
+  }
+}
+
+function down (options) {
+  throw new Error('Not implemented.')
+}
+
+export {
+  up,
+  down
+}
diff --git a/server/lib/activitypub/actor.ts b/server/lib/activitypub/actor.ts
index a726f9e20..3c9a7ba02 100644
--- a/server/lib/activitypub/actor.ts
+++ b/server/lib/activitypub/actor.ts
@@ -1,26 +1,28 @@
 import * as Bluebird from 'bluebird'
+import { extname } from 'path'
 import { Op, Transaction } from 'sequelize'
 import { URL } from 'url'
 import { v4 as uuidv4 } from 'uuid'
+import { getServerActor } from '@server/models/application/application'
+import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes'
 import { ActivityPubActor, ActivityPubActorType, ActivityPubOrderedCollection } from '../../../shared/models/activitypub'
 import { ActivityPubAttributedTo } from '../../../shared/models/activitypub/objects'
 import { checkUrlsSameHost, getAPId } from '../../helpers/activitypub'
+import { ActorFetchByUrlType, fetchActorByUrl } from '../../helpers/actor'
 import { sanitizeAndCheckActorObject } from '../../helpers/custom-validators/activitypub/actor'
 import { isActivityPubUrlValid } from '../../helpers/custom-validators/activitypub/misc'
 import { retryTransactionWrapper, updateInstanceWithAnother } from '../../helpers/database-utils'
 import { logger } from '../../helpers/logger'
 import { createPrivateAndPublicKeys } from '../../helpers/peertube-crypto'
-import { doRequest } from '../../helpers/requests'
+import { doJSONRequest, PeerTubeRequestError } from '../../helpers/requests'
 import { getUrlFromWebfinger } from '../../helpers/webfinger'
 import { MIMETYPES, WEBSERVER } from '../../initializers/constants'
+import { sequelizeTypescript } from '../../initializers/database'
 import { AccountModel } from '../../models/account/account'
 import { ActorModel } from '../../models/activitypub/actor'
 import { AvatarModel } from '../../models/avatar/avatar'
 import { ServerModel } from '../../models/server/server'
 import { VideoChannelModel } from '../../models/video/video-channel'
-import { JobQueue } from '../job-queue'
-import { ActorFetchByUrlType, fetchActorByUrl } from '../../helpers/actor'
-import { sequelizeTypescript } from '../../initializers/database'
 import {
   MAccount,
   MAccountDefault,
@@ -34,9 +36,7 @@ import {
   MActorId,
   MChannel
 } from '../../types/models'
-import { extname } from 'path'
-import { getServerActor } from '@server/models/application/application'
-import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes'
+import { JobQueue } from '../job-queue'
 
 // Set account keys, this could be long so process after the account creation and do not block the client
 async function generateAndSaveActorKeys <T extends MActor> (actor: T) {
@@ -209,16 +209,10 @@ async function deleteActorAvatarInstance (actor: MActorDefault, t: Transaction)
 }
 
 async function fetchActorTotalItems (url: string) {
-  const options = {
-    uri: url,
-    method: 'GET',
-    json: true,
-    activityPub: true
-  }
-
   try {
-    const { body } = await doRequest<ActivityPubOrderedCollection<unknown>>(options)
-    return body.totalItems ? body.totalItems : 0
+    const { body } = await doJSONRequest<ActivityPubOrderedCollection<unknown>>(url, { activityPub: true })
+
+    return body.totalItems || 0
   } catch (err) {
     logger.warn('Cannot fetch remote actor count %s.', url, { err })
     return 0
@@ -285,16 +279,7 @@ async function refreshActorIfNeeded <T extends MActorFull | MActorAccountChannel
       actorUrl = actor.url
     }
 
-    const { result, statusCode } = await fetchRemoteActor(actorUrl)
-
-    if (statusCode === HttpStatusCode.NOT_FOUND_404) {
-      logger.info('Deleting actor %s because there is a 404 in refresh actor.', actor.url)
-      actor.Account
-        ? await actor.Account.destroy()
-        : await actor.VideoChannel.destroy()
-
-      return { actor: undefined, refreshed: false }
-    }
+    const { result } = await fetchRemoteActor(actorUrl)
 
     if (result === undefined) {
       logger.warn('Cannot fetch remote actor in refresh actor.')
@@ -334,6 +319,15 @@ async function refreshActorIfNeeded <T extends MActorFull | MActorAccountChannel
       return { refreshed: true, actor }
     })
   } catch (err) {
+    if ((err as PeerTubeRequestError).statusCode === HttpStatusCode.NOT_FOUND_404) {
+      logger.info('Deleting actor %s because there is a 404 in refresh actor.', actor.url)
+      actor.Account
+        ? await actor.Account.destroy()
+        : await actor.VideoChannel.destroy()
+
+      return { actor: undefined, refreshed: false }
+    }
+
     logger.warn('Cannot refresh actor %s.', actor.url, { err })
     return { actor, refreshed: false }
   }
@@ -449,26 +443,19 @@ type FetchRemoteActorResult = {
   attributedTo: ActivityPubAttributedTo[]
 }
 async function fetchRemoteActor (actorUrl: string): Promise<{ statusCode?: number, result: FetchRemoteActorResult }> {
-  const options = {
-    uri: actorUrl,
-    method: 'GET',
-    json: true,
-    activityPub: true
-  }
-
   logger.info('Fetching remote actor %s.', actorUrl)
 
-  const requestResult = await doRequest<ActivityPubActor>(options)
+  const requestResult = await doJSONRequest<ActivityPubActor>(actorUrl, { activityPub: true })
   const actorJSON = requestResult.body
 
   if (sanitizeAndCheckActorObject(actorJSON) === false) {
     logger.debug('Remote actor JSON is not valid.', { actorJSON })
-    return { result: undefined, statusCode: requestResult.response.statusCode }
+    return { result: undefined, statusCode: requestResult.statusCode }
   }
 
   if (checkUrlsSameHost(actorJSON.id, actorUrl) !== true) {
     logger.warn('Actor url %s has not the same host than its AP id %s', actorUrl, actorJSON.id)
-    return { result: undefined, statusCode: requestResult.response.statusCode }
+    return { result: undefined, statusCode: requestResult.statusCode }
   }
 
   const followersCount = await fetchActorTotalItems(actorJSON.followers)
@@ -496,7 +483,7 @@ async function fetchRemoteActor (actorUrl: string): Promise<{ statusCode?: numbe
 
   const name = actorJSON.name || actorJSON.preferredUsername
   return {
-    statusCode: requestResult.response.statusCode,
+    statusCode: requestResult.statusCode,
     result: {
       actor,
       name,
diff --git a/server/lib/activitypub/crawl.ts b/server/lib/activitypub/crawl.ts
index 1ed105bbe..278abf7de 100644
--- a/server/lib/activitypub/crawl.ts
+++ b/server/lib/activitypub/crawl.ts
@@ -1,27 +1,26 @@
-import { ACTIVITY_PUB, REQUEST_TIMEOUT, WEBSERVER } from '../../initializers/constants'
-import { doRequest } from '../../helpers/requests'
-import { logger } from '../../helpers/logger'
 import * as Bluebird from 'bluebird'
-import { ActivityPubOrderedCollection } from '../../../shared/models/activitypub'
 import { URL } from 'url'
+import { ActivityPubOrderedCollection } from '../../../shared/models/activitypub'
+import { logger } from '../../helpers/logger'
+import { doJSONRequest } from '../../helpers/requests'
+import { ACTIVITY_PUB, REQUEST_TIMEOUT, WEBSERVER } from '../../initializers/constants'
 
 type HandlerFunction<T> = (items: T[]) => (Promise<any> | Bluebird<any>)
 type CleanerFunction = (startedDate: Date) => (Promise<any> | Bluebird<any>)
 
-async function crawlCollectionPage <T> (uri: string, handler: HandlerFunction<T>, cleaner?: CleanerFunction) {
-  logger.info('Crawling ActivityPub data on %s.', uri)
+async function crawlCollectionPage <T> (argUrl: string, handler: HandlerFunction<T>, cleaner?: CleanerFunction) {
+  let url = argUrl
+
+  logger.info('Crawling ActivityPub data on %s.', url)
 
   const options = {
-    method: 'GET',
-    uri,
-    json: true,
     activityPub: true,
     timeout: REQUEST_TIMEOUT
   }
 
   const startDate = new Date()
 
-  const response = await doRequest<ActivityPubOrderedCollection<T>>(options)
+  const response = await doJSONRequest<ActivityPubOrderedCollection<T>>(url, options)
   const firstBody = response.body
 
   const limit = ACTIVITY_PUB.FETCH_PAGE_LIMIT
@@ -35,9 +34,9 @@ async function crawlCollectionPage <T> (uri: string, handler: HandlerFunction<T>
       const remoteHost = new URL(nextLink).host
       if (remoteHost === WEBSERVER.HOST) continue
 
-      options.uri = nextLink
+      url = nextLink
 
-      const res = await doRequest<ActivityPubOrderedCollection<T>>(options)
+      const res = await doJSONRequest<ActivityPubOrderedCollection<T>>(url, options)
       body = res.body
     } else {
       // nextLink is already the object we want
@@ -49,7 +48,7 @@ async function crawlCollectionPage <T> (uri: string, handler: HandlerFunction<T>
 
     if (Array.isArray(body.orderedItems)) {
       const items = body.orderedItems
-      logger.info('Processing %i ActivityPub items for %s.', items.length, options.uri)
+      logger.info('Processing %i ActivityPub items for %s.', items.length, url)
 
       await handler(items)
     }
diff --git a/server/lib/activitypub/playlist.ts b/server/lib/activitypub/playlist.ts
index d5a3ef7c8..7166c68a6 100644
--- a/server/lib/activitypub/playlist.ts
+++ b/server/lib/activitypub/playlist.ts
@@ -1,24 +1,24 @@
+import * as Bluebird from 'bluebird'
+import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes'
+import { PlaylistElementObject } from '../../../shared/models/activitypub/objects/playlist-element-object'
 import { PlaylistObject } from '../../../shared/models/activitypub/objects/playlist-object'
-import { crawlCollectionPage } from './crawl'
-import { ACTIVITY_PUB, CRAWL_REQUEST_CONCURRENCY } from '../../initializers/constants'
+import { VideoPlaylistPrivacy } from '../../../shared/models/videos/playlist/video-playlist-privacy.model'
+import { checkUrlsSameHost } from '../../helpers/activitypub'
+import { isPlaylistElementObjectValid, isPlaylistObjectValid } from '../../helpers/custom-validators/activitypub/playlist'
 import { isArray } from '../../helpers/custom-validators/misc'
-import { getOrCreateActorAndServerAndModel } from './actor'
 import { logger } from '../../helpers/logger'
+import { doJSONRequest, PeerTubeRequestError } from '../../helpers/requests'
+import { ACTIVITY_PUB, CRAWL_REQUEST_CONCURRENCY } from '../../initializers/constants'
+import { sequelizeTypescript } from '../../initializers/database'
 import { VideoPlaylistModel } from '../../models/video/video-playlist'
-import { doRequest } from '../../helpers/requests'
-import { checkUrlsSameHost } from '../../helpers/activitypub'
-import * as Bluebird from 'bluebird'
-import { PlaylistElementObject } from '../../../shared/models/activitypub/objects/playlist-element-object'
-import { getOrCreateVideoAndAccountAndChannel } from './videos'
-import { isPlaylistElementObjectValid, isPlaylistObjectValid } from '../../helpers/custom-validators/activitypub/playlist'
 import { VideoPlaylistElementModel } from '../../models/video/video-playlist-element'
-import { VideoPlaylistPrivacy } from '../../../shared/models/videos/playlist/video-playlist-privacy.model'
-import { sequelizeTypescript } from '../../initializers/database'
-import { createPlaylistMiniatureFromUrl } from '../thumbnail'
-import { FilteredModelAttributes } from '../../types/sequelize'
 import { MAccountDefault, MAccountId, MVideoId } from '../../types/models'
 import { MVideoPlaylist, MVideoPlaylistId, MVideoPlaylistOwner } from '../../types/models/video/video-playlist'
-import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes'
+import { FilteredModelAttributes } from '../../types/sequelize'
+import { createPlaylistMiniatureFromUrl } from '../thumbnail'
+import { getOrCreateActorAndServerAndModel } from './actor'
+import { crawlCollectionPage } from './crawl'
+import { getOrCreateVideoAndAccountAndChannel } from './videos'
 
 function playlistObjectToDBAttributes (playlistObject: PlaylistObject, byAccount: MAccountId, to: string[]) {
   const privacy = to.includes(ACTIVITY_PUB.PUBLIC)
@@ -56,11 +56,7 @@ async function createAccountPlaylists (playlistUrls: string[], account: MAccount
       if (exists === true) return
 
       // Fetch url
-      const { body } = await doRequest<PlaylistObject>({
-        uri: playlistUrl,
-        json: true,
-        activityPub: true
-      })
+      const { body } = await doJSONRequest<PlaylistObject>(playlistUrl, { activityPub: true })
 
       if (!isPlaylistObjectValid(body)) {
         throw new Error(`Invalid playlist object when fetch account playlists: ${JSON.stringify(body)}`)
@@ -120,13 +116,7 @@ async function refreshVideoPlaylistIfNeeded (videoPlaylist: MVideoPlaylistOwner)
   if (!videoPlaylist.isOutdated()) return videoPlaylist
 
   try {
-    const { statusCode, playlistObject } = await fetchRemoteVideoPlaylist(videoPlaylist.url)
-    if (statusCode === HttpStatusCode.NOT_FOUND_404) {
-      logger.info('Cannot refresh remote video playlist %s: it does not exist anymore. Deleting it.', videoPlaylist.url)
-
-      await videoPlaylist.destroy()
-      return undefined
-    }
+    const { playlistObject } = await fetchRemoteVideoPlaylist(videoPlaylist.url)
 
     if (playlistObject === undefined) {
       logger.warn('Cannot refresh remote playlist %s: invalid body.', videoPlaylist.url)
@@ -140,6 +130,13 @@ async function refreshVideoPlaylistIfNeeded (videoPlaylist: MVideoPlaylistOwner)
 
     return videoPlaylist
   } catch (err) {
+    if ((err as PeerTubeRequestError).statusCode === HttpStatusCode.NOT_FOUND_404) {
+      logger.info('Cannot refresh remote video playlist %s: it does not exist anymore. Deleting it.', videoPlaylist.url)
+
+      await videoPlaylist.destroy()
+      return undefined
+    }
+
     logger.warn('Cannot refresh video playlist %s.', videoPlaylist.url, { err })
 
     await videoPlaylist.setAsRefreshed()
@@ -164,12 +161,7 @@ async function resetVideoPlaylistElements (elementUrls: string[], playlist: MVid
 
   await Bluebird.map(elementUrls, async elementUrl => {
     try {
-      // Fetch url
-      const { body } = await doRequest<PlaylistElementObject>({
-        uri: elementUrl,
-        json: true,
-        activityPub: true
-      })
+      const { body } = await doJSONRequest<PlaylistElementObject>(elementUrl, { activityPub: true })
 
       if (!isPlaylistElementObjectValid(body)) throw new Error(`Invalid body in video get playlist element ${elementUrl}`)
 
@@ -199,21 +191,14 @@ async function resetVideoPlaylistElements (elementUrls: string[], playlist: MVid
 }
 
 async function fetchRemoteVideoPlaylist (playlistUrl: string): Promise<{ statusCode: number, playlistObject: PlaylistObject }> {
-  const options = {
-    uri: playlistUrl,
-    method: 'GET',
-    json: true,
-    activityPub: true
-  }
-
   logger.info('Fetching remote playlist %s.', playlistUrl)
 
-  const { response, body } = await doRequest<any>(options)
+  const { body, statusCode } = await doJSONRequest<any>(playlistUrl, { activityPub: true })
 
   if (isPlaylistObjectValid(body) === false || checkUrlsSameHost(body.id, playlistUrl) !== true) {
     logger.debug('Remote video playlist JSON is not valid.', { body })
-    return { statusCode: response.statusCode, playlistObject: undefined }
+    return { statusCode, playlistObject: undefined }
   }
 
-  return { statusCode: response.statusCode, playlistObject: body }
+  return { statusCode, playlistObject: body }
 }
diff --git a/server/lib/activitypub/send/send-create.ts b/server/lib/activitypub/send/send-create.ts
index 9fb218224..baded642a 100644
--- a/server/lib/activitypub/send/send-create.ts
+++ b/server/lib/activitypub/send/send-create.ts
@@ -4,7 +4,7 @@ import { VideoPrivacy } from '../../../../shared/models/videos'
 import { VideoCommentModel } from '../../../models/video/video-comment'
 import { broadcastToActors, broadcastToFollowers, sendVideoRelatedActivity, unicastTo } from './utils'
 import { audiencify, getActorsInvolvedInVideo, getAudience, getAudienceFromFollowersOf, getVideoCommentAudience } from '../audience'
-import { logger } from '../../../helpers/logger'
+import { logger, loggerTagsFactory } from '../../../helpers/logger'
 import { VideoPlaylistPrivacy } from '../../../../shared/models/videos/playlist/video-playlist-privacy.model'
 import {
   MActorLight,
@@ -18,10 +18,12 @@ import {
 import { getServerActor } from '@server/models/application/application'
 import { ContextType } from '@shared/models/activitypub/context'
 
+const lTags = loggerTagsFactory('ap', 'create')
+
 async function sendCreateVideo (video: MVideoAP, t: Transaction) {
   if (!video.hasPrivacyForFederation()) return undefined
 
-  logger.info('Creating job to send video creation of %s.', video.url)
+  logger.info('Creating job to send video creation of %s.', video.url, lTags(video.uuid))
 
   const byActor = video.VideoChannel.Account.Actor
   const videoObject = video.toActivityPubObject()
@@ -37,7 +39,7 @@ async function sendCreateCacheFile (
   video: MVideoAccountLight,
   fileRedundancy: MVideoRedundancyStreamingPlaylistVideo | MVideoRedundancyFileVideo
 ) {
-  logger.info('Creating job to send file cache of %s.', fileRedundancy.url)
+  logger.info('Creating job to send file cache of %s.', fileRedundancy.url, lTags(video.uuid))
 
   return sendVideoRelatedCreateActivity({
     byActor,
@@ -51,7 +53,7 @@ async function sendCreateCacheFile (
 async function sendCreateVideoPlaylist (playlist: MVideoPlaylistFull, t: Transaction) {
   if (playlist.privacy === VideoPlaylistPrivacy.PRIVATE) return undefined
 
-  logger.info('Creating job to send create video playlist of %s.', playlist.url)
+  logger.info('Creating job to send create video playlist of %s.', playlist.url, lTags(playlist.uuid))
 
   const byActor = playlist.OwnerAccount.Actor
   const audience = getAudience(byActor, playlist.privacy === VideoPlaylistPrivacy.PUBLIC)
diff --git a/server/lib/activitypub/share.ts b/server/lib/activitypub/share.ts
index 1f8a8f3c4..c22fa0893 100644
--- a/server/lib/activitypub/share.ts
+++ b/server/lib/activitypub/share.ts
@@ -1,15 +1,17 @@
+import * as Bluebird from 'bluebird'
 import { Transaction } from 'sequelize'
+import { getServerActor } from '@server/models/application/application'
+import { checkUrlsSameHost, getAPId } from '../../helpers/activitypub'
+import { logger, loggerTagsFactory } from '../../helpers/logger'
+import { doJSONRequest } from '../../helpers/requests'
+import { CRAWL_REQUEST_CONCURRENCY } from '../../initializers/constants'
 import { VideoShareModel } from '../../models/video/video-share'
+import { MChannelActorLight, MVideo, MVideoAccountLight, MVideoId } from '../../types/models/video'
+import { getOrCreateActorAndServerAndModel } from './actor'
 import { sendUndoAnnounce, sendVideoAnnounce } from './send'
 import { getLocalVideoAnnounceActivityPubUrl } from './url'
-import * as Bluebird from 'bluebird'
-import { doRequest } from '../../helpers/requests'
-import { getOrCreateActorAndServerAndModel } from './actor'
-import { logger } from '../../helpers/logger'
-import { CRAWL_REQUEST_CONCURRENCY } from '../../initializers/constants'
-import { checkUrlsSameHost, getAPId } from '../../helpers/activitypub'
-import { MChannelActorLight, MVideo, MVideoAccountLight, MVideoId } from '../../types/models/video'
-import { getServerActor } from '@server/models/application/application'
+
+const lTags = loggerTagsFactory('share')
 
 async function shareVideoByServerAndChannel (video: MVideoAccountLight, t: Transaction) {
   if (!video.hasPrivacyForFederation()) return undefined
@@ -25,7 +27,10 @@ async function changeVideoChannelShare (
   oldVideoChannel: MChannelActorLight,
   t: Transaction
 ) {
-  logger.info('Updating video channel of video %s: %s -> %s.', video.uuid, oldVideoChannel.name, video.VideoChannel.name)
+  logger.info(
+    'Updating video channel of video %s: %s -> %s.', video.uuid, oldVideoChannel.name, video.VideoChannel.name,
+    lTags(video.uuid)
+  )
 
   await undoShareByVideoChannel(video, oldVideoChannel, t)
 
@@ -35,12 +40,7 @@ async function changeVideoChannelShare (
 async function addVideoShares (shareUrls: string[], video: MVideoId) {
   await Bluebird.map(shareUrls, async shareUrl => {
     try {
-      // Fetch url
-      const { body } = await doRequest<any>({
-        uri: shareUrl,
-        json: true,
-        activityPub: true
-      })
+      const { body } = await doJSONRequest<any>(shareUrl, { activityPub: true })
       if (!body || !body.actor) throw new Error('Body or body actor is invalid')
 
       const actorUrl = getAPId(body.actor)
diff --git a/server/lib/activitypub/video-comments.ts b/server/lib/activitypub/video-comments.ts
index d025ed7f1..e23e0c0e7 100644
--- a/server/lib/activitypub/video-comments.ts
+++ b/server/lib/activitypub/video-comments.ts
@@ -1,13 +1,13 @@
+import * as Bluebird from 'bluebird'
+import { checkUrlsSameHost } from '../../helpers/activitypub'
 import { sanitizeAndCheckVideoCommentObject } from '../../helpers/custom-validators/activitypub/video-comments'
 import { logger } from '../../helpers/logger'
-import { doRequest } from '../../helpers/requests'
+import { doJSONRequest } from '../../helpers/requests'
 import { ACTIVITY_PUB, CRAWL_REQUEST_CONCURRENCY } from '../../initializers/constants'
 import { VideoCommentModel } from '../../models/video/video-comment'
+import { MCommentOwner, MCommentOwnerVideo, MVideoAccountLightBlacklistAllFiles } from '../../types/models/video'
 import { getOrCreateActorAndServerAndModel } from './actor'
 import { getOrCreateVideoAndAccountAndChannel } from './videos'
-import * as Bluebird from 'bluebird'
-import { checkUrlsSameHost } from '../../helpers/activitypub'
-import { MCommentOwner, MCommentOwnerVideo, MVideoAccountLightBlacklistAllFiles } from '../../types/models/video'
 
 type ResolveThreadParams = {
   url: string
@@ -18,8 +18,12 @@ type ResolveThreadParams = {
 type ResolveThreadResult = Promise<{ video: MVideoAccountLightBlacklistAllFiles, comment: MCommentOwnerVideo, commentCreated: boolean }>
 
 async function addVideoComments (commentUrls: string[]) {
-  return Bluebird.map(commentUrls, commentUrl => {
-    return resolveThread({ url: commentUrl, isVideo: false })
+  return Bluebird.map(commentUrls, async commentUrl => {
+    try {
+      await resolveThread({ url: commentUrl, isVideo: false })
+    } catch (err) {
+      logger.warn('Cannot resolve thread %s.', commentUrl, { err })
+    }
   }, { concurrency: CRAWL_REQUEST_CONCURRENCY })
 }
 
@@ -126,11 +130,7 @@ async function resolveRemoteParentComment (params: ResolveThreadParams) {
     throw new Error('Recursion limit reached when resolving a thread')
   }
 
-  const { body } = await doRequest<any>({
-    uri: url,
-    json: true,
-    activityPub: true
-  })
+  const { body } = await doJSONRequest<any>(url, { activityPub: true })
 
   if (sanitizeAndCheckVideoCommentObject(body) === false) {
     throw new Error(`Remote video comment JSON ${url} is not valid:` + JSON.stringify(body))
diff --git a/server/lib/activitypub/video-rates.ts b/server/lib/activitypub/video-rates.ts
index e246b1313..f40c07fea 100644
--- a/server/lib/activitypub/video-rates.ts
+++ b/server/lib/activitypub/video-rates.ts
@@ -1,26 +1,22 @@
+import * as Bluebird from 'bluebird'
 import { Transaction } from 'sequelize'
-import { sendLike, sendUndoDislike, sendUndoLike } from './send'
+import { doJSONRequest } from '@server/helpers/requests'
 import { VideoRateType } from '../../../shared/models/videos'
-import * as Bluebird from 'bluebird'
-import { getOrCreateActorAndServerAndModel } from './actor'
-import { AccountVideoRateModel } from '../../models/account/account-video-rate'
+import { checkUrlsSameHost, getAPId } from '../../helpers/activitypub'
 import { logger } from '../../helpers/logger'
 import { CRAWL_REQUEST_CONCURRENCY } from '../../initializers/constants'
-import { doRequest } from '../../helpers/requests'
-import { checkUrlsSameHost, getAPId } from '../../helpers/activitypub'
-import { getVideoDislikeActivityPubUrlByLocalActor, getVideoLikeActivityPubUrlByLocalActor } from './url'
-import { sendDislike } from './send/send-dislike'
+import { AccountVideoRateModel } from '../../models/account/account-video-rate'
 import { MAccountActor, MActorUrl, MVideo, MVideoAccountLight, MVideoId } from '../../types/models'
+import { getOrCreateActorAndServerAndModel } from './actor'
+import { sendLike, sendUndoDislike, sendUndoLike } from './send'
+import { sendDislike } from './send/send-dislike'
+import { getVideoDislikeActivityPubUrlByLocalActor, getVideoLikeActivityPubUrlByLocalActor } from './url'
 
 async function createRates (ratesUrl: string[], video: MVideo, rate: VideoRateType) {
   await Bluebird.map(ratesUrl, async rateUrl => {
     try {
       // Fetch url
-      const { body } = await doRequest<any>({
-        uri: rateUrl,
-        json: true,
-        activityPub: true
-      })
+      const { body } = await doJSONRequest<any>(rateUrl, { activityPub: true })
       if (!body || !body.actor) throw new Error('Body or body actor is invalid')
 
       const actorUrl = getAPId(body.actor)
diff --git a/server/lib/activitypub/videos.ts b/server/lib/activitypub/videos.ts
index c02578aad..d484edd36 100644
--- a/server/lib/activitypub/videos.ts
+++ b/server/lib/activitypub/videos.ts
@@ -2,7 +2,6 @@ import * as Bluebird from 'bluebird'
 import { maxBy, minBy } from 'lodash'
 import * as magnetUtil from 'magnet-uri'
 import { basename, join } from 'path'
-import * as request from 'request'
 import { Transaction } from 'sequelize/types'
 import { TrackerModel } from '@server/models/server/tracker'
 import { VideoLiveModel } from '@server/models/video/video-live'
@@ -31,7 +30,7 @@ import { isArray } from '../../helpers/custom-validators/misc'
 import { isVideoFileInfoHashValid } from '../../helpers/custom-validators/videos'
 import { deleteNonExistingModels, resetSequelizeInstance, retryTransactionWrapper } from '../../helpers/database-utils'
 import { logger } from '../../helpers/logger'
-import { doRequest } from '../../helpers/requests'
+import { doJSONRequest, PeerTubeRequestError } from '../../helpers/requests'
 import { fetchVideoByUrl, getExtFromMimetype, VideoFetchByUrlType } from '../../helpers/video'
 import {
   ACTIVITY_PUB,
@@ -115,36 +114,26 @@ async function federateVideoIfNeeded (videoArg: MVideoAPWithoutCaption, isNewVid
   }
 }
 
-async function fetchRemoteVideo (videoUrl: string): Promise<{ response: request.RequestResponse, videoObject: VideoObject }> {
-  const options = {
-    uri: videoUrl,
-    method: 'GET',
-    json: true,
-    activityPub: true
-  }
-
+async function fetchRemoteVideo (videoUrl: string): Promise<{ statusCode: number, videoObject: VideoObject }> {
   logger.info('Fetching remote video %s.', videoUrl)
 
-  const { response, body } = await doRequest<any>(options)
+  const { statusCode, body } = await doJSONRequest<any>(videoUrl, { activityPub: true })
 
   if (sanitizeAndCheckVideoTorrentObject(body) === false || checkUrlsSameHost(body.id, videoUrl) !== true) {
     logger.debug('Remote video JSON is not valid.', { body })
-    return { response, videoObject: undefined }
+    return { statusCode, videoObject: undefined }
   }
 
-  return { response, videoObject: body }
+  return { statusCode, videoObject: body }
 }
 
 async function fetchRemoteVideoDescription (video: MVideoAccountLight) {
   const host = video.VideoChannel.Account.Actor.Server.host
   const path = video.getDescriptionAPIPath()
-  const options = {
-    uri: REMOTE_SCHEME.HTTP + '://' + host + path,
-    json: true
-  }
+  const url = REMOTE_SCHEME.HTTP + '://' + host + path
 
-  const { body } = await doRequest<any>(options)
-  return body.description ? body.description : ''
+  const { body } = await doJSONRequest<any>(url)
+  return body.description || ''
 }
 
 function getOrCreateVideoChannelFromVideoObject (videoObject: VideoObject) {
@@ -534,14 +523,7 @@ async function refreshVideoIfNeeded (options: {
     : await VideoModel.loadByUrlAndPopulateAccount(options.video.url)
 
   try {
-    const { response, videoObject } = await fetchRemoteVideo(video.url)
-    if (response.statusCode === HttpStatusCode.NOT_FOUND_404) {
-      logger.info('Cannot refresh remote video %s: video does not exist anymore. Deleting it.', video.url)
-
-      // Video does not exist anymore
-      await video.destroy()
-      return undefined
-    }
+    const { videoObject } = await fetchRemoteVideo(video.url)
 
     if (videoObject === undefined) {
       logger.warn('Cannot refresh remote video %s: invalid body.', video.url)
@@ -565,6 +547,14 @@ async function refreshVideoIfNeeded (options: {
 
     return video
   } catch (err) {
+    if ((err as PeerTubeRequestError).statusCode === HttpStatusCode.NOT_FOUND_404) {
+      logger.info('Cannot refresh remote video %s: video does not exist anymore. Deleting it.', video.url)
+
+      // Video does not exist anymore
+      await video.destroy()
+      return undefined
+    }
+
     logger.warn('Cannot refresh video %s.', options.video.url, { err })
 
     ActorFollowScoreCache.Instance.addBadServerId(video.VideoChannel.Actor.serverId)
diff --git a/server/lib/auth.ts b/server/lib/auth/external-auth.ts
index dbd421a7b..80f5064b6 100644
--- a/server/lib/auth.ts
+++ b/server/lib/auth/external-auth.ts
@@ -1,28 +1,16 @@
+
 import { isUserDisplayNameValid, isUserRoleValid, isUserUsernameValid } from '@server/helpers/custom-validators/users'
 import { logger } from '@server/helpers/logger'
 import { generateRandomString } from '@server/helpers/utils'
-import { OAUTH_LIFETIME, PLUGIN_EXTERNAL_AUTH_TOKEN_LIFETIME } from '@server/initializers/constants'
-import { revokeToken } from '@server/lib/oauth-model'
+import { PLUGIN_EXTERNAL_AUTH_TOKEN_LIFETIME } from '@server/initializers/constants'
 import { PluginManager } from '@server/lib/plugins/plugin-manager'
 import { OAuthTokenModel } from '@server/models/oauth/oauth-token'
-import { UserRole } from '@shared/models'
 import {
   RegisterServerAuthenticatedResult,
   RegisterServerAuthPassOptions,
   RegisterServerExternalAuthenticatedResult
 } from '@server/types/plugins/register-server-auth.model'
-import * as express from 'express'
-import * as OAuthServer from 'express-oauth-server'
-import { HttpStatusCode } from '@shared/core-utils/miscs/http-error-codes'
-
-const oAuthServer = new OAuthServer({
-  useErrorHandler: true,
-  accessTokenLifetime: OAUTH_LIFETIME.ACCESS_TOKEN,
-  refreshTokenLifetime: OAUTH_LIFETIME.REFRESH_TOKEN,
-  allowExtendedTokenAttributes: true,
-  continueMiddleware: true,
-  model: require('./oauth-model')
-})
+import { UserRole } from '@shared/models'
 
 // Token is the key, expiration date is the value
 const authBypassTokens = new Map<string, {
@@ -37,42 +25,6 @@ const authBypassTokens = new Map<string, {
   npmName: string
 }>()
 
-async function handleLogin (req: express.Request, res: express.Response, next: express.NextFunction) {
-  const grantType = req.body.grant_type
-
-  if (grantType === 'password') {
-    if (req.body.externalAuthToken) proxifyExternalAuthBypass(req, res)
-    else await proxifyPasswordGrant(req, res)
-  } else if (grantType === 'refresh_token') {
-    await proxifyRefreshGrant(req, res)
-  }
-
-  return forwardTokenReq(req, res, next)
-}
-
-async function handleTokenRevocation (req: express.Request, res: express.Response) {
-  const token = res.locals.oauth.token
-
-  res.locals.explicitLogout = true
-  const result = await revokeToken(token)
-
-  // FIXME: uncomment when https://github.com/oauthjs/node-oauth2-server/pull/289 is released
-  // oAuthServer.revoke(req, res, err => {
-  //   if (err) {
-  //     logger.warn('Error in revoke token handler.', { err })
-  //
-  //     return res.status(err.status)
-  //               .json({
-  //                 error: err.message,
-  //                 code: err.name
-  //               })
-  //               .end()
-  //   }
-  // })
-
-  return res.json(result)
-}
-
 async function onExternalUserAuthenticated (options: {
   npmName: string
   authName: string
@@ -107,7 +59,7 @@ async function onExternalUserAuthenticated (options: {
     authName
   })
 
-  // Cleanup
+  // Cleanup expired tokens
   const now = new Date()
   for (const [ key, value ] of authBypassTokens) {
     if (value.expires.getTime() < now.getTime()) {
@@ -118,37 +70,15 @@ async function onExternalUserAuthenticated (options: {
   res.redirect(`/login?externalAuthToken=${bypassToken}&username=${user.username}`)
 }
 
-// ---------------------------------------------------------------------------
-
-export { oAuthServer, handleLogin, onExternalUserAuthenticated, handleTokenRevocation }
-
-// ---------------------------------------------------------------------------
-
-function forwardTokenReq (req: express.Request, res: express.Response, next?: express.NextFunction) {
-  return oAuthServer.token()(req, res, err => {
-    if (err) {
-      logger.warn('Login error.', { err })
-
-      return res.status(err.status)
-        .json({
-          error: err.message,
-          code: err.name
-        })
-    }
-
-    if (next) return next()
-  })
-}
-
-async function proxifyRefreshGrant (req: express.Request, res: express.Response) {
-  const refreshToken = req.body.refresh_token
-  if (!refreshToken) return
+async function getAuthNameFromRefreshGrant (refreshToken?: string) {
+  if (!refreshToken) return undefined
 
   const tokenModel = await OAuthTokenModel.loadByRefreshToken(refreshToken)
-  if (tokenModel?.authName) res.locals.refreshTokenAuthName = tokenModel.authName
+
+  return tokenModel?.authName
 }
 
-async function proxifyPasswordGrant (req: express.Request, res: express.Response) {
+async function getBypassFromPasswordGrant (username: string, password: string) {
   const plugins = PluginManager.Instance.getIdAndPassAuths()
   const pluginAuths: { npmName?: string, registerAuthOptions: RegisterServerAuthPassOptions }[] = []
 
@@ -174,8 +104,8 @@ async function proxifyPasswordGrant (req: express.Request, res: express.Response
   })
 
   const loginOptions = {
-    id: req.body.username,
-    password: req.body.password
+    id: username,
+    password
   }
 
   for (const pluginAuth of pluginAuths) {
@@ -199,49 +129,41 @@ async function proxifyPasswordGrant (req: express.Request, res: express.Response
         authName, npmName, loginOptions.id
       )
 
-      res.locals.bypassLogin = {
+      return {
         bypass: true,
         pluginName: pluginAuth.npmName,
         authName: authOptions.authName,
         user: buildUserResult(loginResult)
       }
-
-      return
     } catch (err) {
       logger.error('Error in auth method %s of plugin %s', authOptions.authName, pluginAuth.npmName, { err })
     }
   }
+
+  return undefined
 }
 
-function proxifyExternalAuthBypass (req: express.Request, res: express.Response) {
-  const obj = authBypassTokens.get(req.body.externalAuthToken)
-  if (!obj) {
-    logger.error('Cannot authenticate user with unknown bypass token')
-    return res.sendStatus(HttpStatusCode.BAD_REQUEST_400)
-  }
+function getBypassFromExternalAuth (username: string, externalAuthToken: string) {
+  const obj = authBypassTokens.get(externalAuthToken)
+  if (!obj) throw new Error('Cannot authenticate user with unknown bypass token')
 
   const { expires, user, authName, npmName } = obj
 
   const now = new Date()
   if (now.getTime() > expires.getTime()) {
-    logger.error('Cannot authenticate user with an expired external auth token')
-    return res.sendStatus(HttpStatusCode.BAD_REQUEST_400)
+    throw new Error('Cannot authenticate user with an expired external auth token')
   }
 
-  if (user.username !== req.body.username) {
-    logger.error('Cannot authenticate user %s with invalid username %s.', req.body.username)
-    return res.sendStatus(HttpStatusCode.BAD_REQUEST_400)
+  if (user.username !== username) {
+    throw new Error(`Cannot authenticate user ${user.username} with invalid username ${username}`)
   }
 
-  // Bypass oauth library validation
-  req.body.password = 'fake'
-
   logger.info(
     'Auth success with external auth method %s of plugin %s for %s.',
     authName, npmName, user.email
   )
 
-  res.locals.bypassLogin = {
+  return {
     bypass: true,
     pluginName: npmName,
     authName: authName,
@@ -286,3 +208,12 @@ function buildUserResult (pluginResult: RegisterServerAuthenticatedResult) {
     displayName: pluginResult.displayName || pluginResult.username
   }
 }
+
+// ---------------------------------------------------------------------------
+
+export {
+  onExternalUserAuthenticated,
+  getBypassFromExternalAuth,
+  getAuthNameFromRefreshGrant,
+  getBypassFromPasswordGrant
+}
diff --git a/server/lib/oauth-model.ts b/server/lib/auth/oauth-model.ts
index a2c53a2c9..b9c69eb2d 100644
--- a/server/lib/oauth-model.ts
+++ b/server/lib/auth/oauth-model.ts
@@ -1,49 +1,36 @@
 import * as express from 'express'
-import * as LRUCache from 'lru-cache'
 import { AccessDeniedError } from 'oauth2-server'
-import { Transaction } from 'sequelize'
 import { PluginManager } from '@server/lib/plugins/plugin-manager'
 import { ActorModel } from '@server/models/activitypub/actor'
+import { MOAuthClient } from '@server/types/models'
 import { MOAuthTokenUser } from '@server/types/models/oauth/oauth-token'
 import { MUser } from '@server/types/models/user/user'
 import { UserAdminFlag } from '@shared/models/users/user-flag.model'
 import { UserRole } from '@shared/models/users/user-role'
-import { logger } from '../helpers/logger'
-import { CONFIG } from '../initializers/config'
-import { LRU_CACHE } from '../initializers/constants'
-import { UserModel } from '../models/account/user'
-import { OAuthClientModel } from '../models/oauth/oauth-client'
-import { OAuthTokenModel } from '../models/oauth/oauth-token'
-import { createUserAccountAndChannelAndPlaylist } from './user'
-
-type TokenInfo = { accessToken: string, refreshToken: string, accessTokenExpiresAt: Date, refreshTokenExpiresAt: Date }
-
-const accessTokenCache = new LRUCache<string, MOAuthTokenUser>({ max: LRU_CACHE.USER_TOKENS.MAX_SIZE })
-const userHavingToken = new LRUCache<number, string>({ max: LRU_CACHE.USER_TOKENS.MAX_SIZE })
-
-// ---------------------------------------------------------------------------
-
-function deleteUserToken (userId: number, t?: Transaction) {
-  clearCacheByUserId(userId)
-
-  return OAuthTokenModel.deleteUserToken(userId, t)
+import { logger } from '../../helpers/logger'
+import { CONFIG } from '../../initializers/config'
+import { UserModel } from '../../models/account/user'
+import { OAuthClientModel } from '../../models/oauth/oauth-client'
+import { OAuthTokenModel } from '../../models/oauth/oauth-token'
+import { createUserAccountAndChannelAndPlaylist } from '../user'
+import { TokensCache } from './tokens-cache'
+
+type TokenInfo = {
+  accessToken: string
+  refreshToken: string
+  accessTokenExpiresAt: Date
+  refreshTokenExpiresAt: Date
 }
 
-function clearCacheByUserId (userId: number) {
-  const token = userHavingToken.get(userId)
-
-  if (token !== undefined) {
-    accessTokenCache.del(token)
-    userHavingToken.del(userId)
-  }
-}
-
-function clearCacheByToken (token: string) {
-  const tokenModel = accessTokenCache.get(token)
-
-  if (tokenModel !== undefined) {
-    userHavingToken.del(tokenModel.userId)
-    accessTokenCache.del(token)
+export type BypassLogin = {
+  bypass: boolean
+  pluginName: string
+  authName?: string
+  user: {
+    username: string
+    email: string
+    displayName: string
+    role: UserRole
   }
 }
 
@@ -54,15 +41,12 @@ async function getAccessToken (bearerToken: string) {
 
   let tokenModel: MOAuthTokenUser
 
-  if (accessTokenCache.has(bearerToken)) {
-    tokenModel = accessTokenCache.get(bearerToken)
+  if (TokensCache.Instance.hasToken(bearerToken)) {
+    tokenModel = TokensCache.Instance.getByToken(bearerToken)
   } else {
     tokenModel = await OAuthTokenModel.getByTokenAndPopulateUser(bearerToken)
 
-    if (tokenModel) {
-      accessTokenCache.set(bearerToken, tokenModel)
-      userHavingToken.set(tokenModel.userId, tokenModel.accessToken)
-    }
+    if (tokenModel) TokensCache.Instance.setToken(tokenModel)
   }
 
   if (!tokenModel) return undefined
@@ -99,16 +83,13 @@ async function getRefreshToken (refreshToken: string) {
   return tokenInfo
 }
 
-async function getUser (usernameOrEmail?: string, password?: string) {
-  const res: express.Response = this.request.res
-
+async function getUser (usernameOrEmail?: string, password?: string, bypassLogin?: BypassLogin) {
   // Special treatment coming from a plugin
-  if (res.locals.bypassLogin && res.locals.bypassLogin.bypass === true) {
-    const obj = res.locals.bypassLogin
-    logger.info('Bypassing oauth login by plugin %s.', obj.pluginName)
+  if (bypassLogin && bypassLogin.bypass === true) {
+    logger.info('Bypassing oauth login by plugin %s.', bypassLogin.pluginName)
 
-    let user = await UserModel.loadByEmail(obj.user.email)
-    if (!user) user = await createUserFromExternal(obj.pluginName, obj.user)
+    let user = await UserModel.loadByEmail(bypassLogin.user.email)
+    if (!user) user = await createUserFromExternal(bypassLogin.pluginName, bypassLogin.user)
 
     // Cannot create a user
     if (!user) throw new AccessDeniedError('Cannot create such user: an actor with that name already exists.')
@@ -117,7 +98,7 @@ async function getUser (usernameOrEmail?: string, password?: string) {
     // Then we just go through a regular login process
     if (user.pluginAuth !== null) {
       // This user does not belong to this plugin, skip it
-      if (user.pluginAuth !== obj.pluginName) return null
+      if (user.pluginAuth !== bypassLogin.pluginName) return null
 
       checkUserValidityOrThrow(user)
 
@@ -143,18 +124,25 @@ async function getUser (usernameOrEmail?: string, password?: string) {
   return user
 }
 
-async function revokeToken (tokenInfo: { refreshToken: string }): Promise<{ success: boolean, redirectUrl?: string }> {
-  const res: express.Response = this.request.res
+async function revokeToken (
+  tokenInfo: { refreshToken: string },
+  options: {
+    req?: express.Request
+    explicitLogout?: boolean
+  } = {}
+): Promise<{ success: boolean, redirectUrl?: string }> {
+  const { req, explicitLogout } = options
+
   const token = await OAuthTokenModel.getByRefreshTokenAndPopulateUser(tokenInfo.refreshToken)
 
   if (token) {
     let redirectUrl: string
 
-    if (res.locals.explicitLogout === true && token.User.pluginAuth && token.authName) {
-      redirectUrl = await PluginManager.Instance.onLogout(token.User.pluginAuth, token.authName, token.User, this.request)
+    if (explicitLogout === true && token.User.pluginAuth && token.authName) {
+      redirectUrl = await PluginManager.Instance.onLogout(token.User.pluginAuth, token.authName, token.User, req)
     }
 
-    clearCacheByToken(token.accessToken)
+    TokensCache.Instance.clearCacheByToken(token.accessToken)
 
     token.destroy()
          .catch(err => logger.error('Cannot destroy token when revoking token.', { err }))
@@ -165,14 +153,22 @@ async function revokeToken (tokenInfo: { refreshToken: string }): Promise<{ succ
   return { success: false }
 }
 
-async function saveToken (token: TokenInfo, client: OAuthClientModel, user: UserModel) {
-  const res: express.Response = this.request.res
-
+async function saveToken (
+  token: TokenInfo,
+  client: MOAuthClient,
+  user: MUser,
+  options: {
+    refreshTokenAuthName?: string
+    bypassLogin?: BypassLogin
+  } = {}
+) {
+  const { refreshTokenAuthName, bypassLogin } = options
   let authName: string = null
-  if (res.locals.bypassLogin?.bypass === true) {
-    authName = res.locals.bypassLogin.authName
-  } else if (res.locals.refreshTokenAuthName) {
-    authName = res.locals.refreshTokenAuthName
+
+  if (bypassLogin?.bypass === true) {
+    authName = bypassLogin.authName
+  } else if (refreshTokenAuthName) {
+    authName = refreshTokenAuthName
   }
 
   logger.debug('Saving token ' + token.accessToken + ' for client ' + client.id + ' and user ' + user.id + '.')
@@ -199,17 +195,12 @@ async function saveToken (token: TokenInfo, client: OAuthClientModel, user: User
     refreshTokenExpiresAt: tokenCreated.refreshTokenExpiresAt,
     client,
     user,
-    refresh_token_expires_in: Math.floor((tokenCreated.refreshTokenExpiresAt.getTime() - new Date().getTime()) / 1000)
+    accessTokenExpiresIn: buildExpiresIn(tokenCreated.accessTokenExpiresAt),
+    refreshTokenExpiresIn: buildExpiresIn(tokenCreated.refreshTokenExpiresAt)
   }
 }
 
-// ---------------------------------------------------------------------------
-
-// See https://github.com/oauthjs/node-oauth2-server/wiki/Model-specification for the model specifications
 export {
-  deleteUserToken,
-  clearCacheByUserId,
-  clearCacheByToken,
   getAccessToken,
   getClient,
   getRefreshToken,
@@ -218,6 +209,8 @@ export {
   saveToken
 }
 
+// ---------------------------------------------------------------------------
+
 async function createUserFromExternal (pluginAuth: string, options: {
   username: string
   email: string
@@ -252,3 +245,7 @@ async function createUserFromExternal (pluginAuth: string, options: {
 function checkUserValidityOrThrow (user: MUser) {
   if (user.blocked) throw new AccessDeniedError('User is blocked.')
 }
+
+function buildExpiresIn (expiresAt: Date) {
+  return Math.floor((expiresAt.getTime() - new Date().getTime()) / 1000)
+}
diff --git a/server/lib/auth/oauth.ts b/server/lib/auth/oauth.ts
new file mode 100644
index 000000000..5b6130d56
--- /dev/null
+++ b/server/lib/auth/oauth.ts
@@ -0,0 +1,180 @@
+import * as express from 'express'
+import {
+  InvalidClientError,
+  InvalidGrantError,
+  InvalidRequestError,
+  Request,
+  Response,
+  UnauthorizedClientError,
+  UnsupportedGrantTypeError
+} from 'oauth2-server'
+import { randomBytesPromise, sha1 } from '@server/helpers/core-utils'
+import { MOAuthClient } from '@server/types/models'
+import { OAUTH_LIFETIME } from '../../initializers/constants'
+import { BypassLogin, getClient, getRefreshToken, getUser, revokeToken, saveToken } from './oauth-model'
+
+/**
+ *
+ * Reimplement some functions of OAuth2Server to inject external auth methods
+ *
+ */
+
+const oAuthServer = new (require('oauth2-server'))({
+  accessTokenLifetime: OAUTH_LIFETIME.ACCESS_TOKEN,
+  refreshTokenLifetime: OAUTH_LIFETIME.REFRESH_TOKEN,
+
+  // See https://github.com/oauthjs/node-oauth2-server/wiki/Model-specification for the model specifications
+  model: require('./oauth-model')
+})
+
+// ---------------------------------------------------------------------------
+
+async function handleOAuthToken (req: express.Request, options: { refreshTokenAuthName?: string, bypassLogin?: BypassLogin }) {
+  const request = new Request(req)
+  const { refreshTokenAuthName, bypassLogin } = options
+
+  if (request.method !== 'POST') {
+    throw new InvalidRequestError('Invalid request: method must be POST')
+  }
+
+  if (!request.is([ 'application/x-www-form-urlencoded' ])) {
+    throw new InvalidRequestError('Invalid request: content must be application/x-www-form-urlencoded')
+  }
+
+  const clientId = request.body.client_id
+  const clientSecret = request.body.client_secret
+
+  if (!clientId || !clientSecret) {
+    throw new InvalidClientError('Invalid client: cannot retrieve client credentials')
+  }
+
+  const client = await getClient(clientId, clientSecret)
+  if (!client) {
+    throw new InvalidClientError('Invalid client: client is invalid')
+  }
+
+  const grantType = request.body.grant_type
+  if (!grantType) {
+    throw new InvalidRequestError('Missing parameter: `grant_type`')
+  }
+
+  if (![ 'password', 'refresh_token' ].includes(grantType)) {
+    throw new UnsupportedGrantTypeError('Unsupported grant type: `grant_type` is invalid')
+  }
+
+  if (!client.grants.includes(grantType)) {
+    throw new UnauthorizedClientError('Unauthorized client: `grant_type` is invalid')
+  }
+
+  if (grantType === 'password') {
+    return handlePasswordGrant({
+      request,
+      client,
+      bypassLogin
+    })
+  }
+
+  return handleRefreshGrant({
+    request,
+    client,
+    refreshTokenAuthName
+  })
+}
+
+async function handleOAuthAuthenticate (
+  req: express.Request,
+  res: express.Response,
+  authenticateInQuery = false
+) {
+  const options = authenticateInQuery
+    ? { allowBearerTokensInQueryString: true }
+    : {}
+
+  return oAuthServer.authenticate(new Request(req), new Response(res), options)
+}
+
+export {
+  handleOAuthToken,
+  handleOAuthAuthenticate
+}
+
+// ---------------------------------------------------------------------------
+
+async function handlePasswordGrant (options: {
+  request: Request
+  client: MOAuthClient
+  bypassLogin?: BypassLogin
+}) {
+  const { request, client, bypassLogin } = options
+
+  if (!request.body.username) {
+    throw new InvalidRequestError('Missing parameter: `username`')
+  }
+
+  if (!bypassLogin && !request.body.password) {
+    throw new InvalidRequestError('Missing parameter: `password`')
+  }
+
+  const user = await getUser(request.body.username, request.body.password, bypassLogin)
+  if (!user) throw new InvalidGrantError('Invalid grant: user credentials are invalid')
+
+  const token = await buildToken()
+
+  return saveToken(token, client, user, { bypassLogin })
+}
+
+async function handleRefreshGrant (options: {
+  request: Request
+  client: MOAuthClient
+  refreshTokenAuthName: string
+}) {
+  const { request, client, refreshTokenAuthName } = options
+
+  if (!request.body.refresh_token) {
+    throw new InvalidRequestError('Missing parameter: `refresh_token`')
+  }
+
+  const refreshToken = await getRefreshToken(request.body.refresh_token)
+
+  if (!refreshToken) {
+    throw new InvalidGrantError('Invalid grant: refresh token is invalid')
+  }
+
+  if (refreshToken.client.id !== client.id) {
+    throw new InvalidGrantError('Invalid grant: refresh token is invalid')
+  }
+
+  if (refreshToken.refreshTokenExpiresAt && refreshToken.refreshTokenExpiresAt < new Date()) {
+    throw new InvalidGrantError('Invalid grant: refresh token has expired')
+  }
+
+  await revokeToken({ refreshToken: refreshToken.refreshToken })
+
+  const token = await buildToken()
+
+  return saveToken(token, client, refreshToken.user, { refreshTokenAuthName })
+}
+
+function generateRandomToken () {
+  return randomBytesPromise(256)
+    .then(buffer => sha1(buffer))
+}
+
+function getTokenExpiresAt (type: 'access' | 'refresh') {
+  const lifetime = type === 'access'
+    ? OAUTH_LIFETIME.ACCESS_TOKEN
+    : OAUTH_LIFETIME.REFRESH_TOKEN
+
+  return new Date(Date.now() + lifetime * 1000)
+}
+
+async function buildToken () {
+  const [ accessToken, refreshToken ] = await Promise.all([ generateRandomToken(), generateRandomToken() ])
+
+  return {
+    accessToken,
+    refreshToken,
+    accessTokenExpiresAt: getTokenExpiresAt('access'),
+    refreshTokenExpiresAt: getTokenExpiresAt('refresh')
+  }
+}
diff --git a/server/lib/auth/tokens-cache.ts b/server/lib/auth/tokens-cache.ts
new file mode 100644
index 000000000..b027ce69a
--- /dev/null
+++ b/server/lib/auth/tokens-cache.ts
@@ -0,0 +1,52 @@
+import * as LRUCache from 'lru-cache'
+import { MOAuthTokenUser } from '@server/types/models'
+import { LRU_CACHE } from '../../initializers/constants'
+
+export class TokensCache {
+
+  private static instance: TokensCache
+
+  private readonly accessTokenCache = new LRUCache<string, MOAuthTokenUser>({ max: LRU_CACHE.USER_TOKENS.MAX_SIZE })
+  private readonly userHavingToken = new LRUCache<number, string>({ max: LRU_CACHE.USER_TOKENS.MAX_SIZE })
+
+  private constructor () { }
+
+  static get Instance () {
+    return this.instance || (this.instance = new this())
+  }
+
+  hasToken (token: string) {
+    return this.accessTokenCache.has(token)
+  }
+
+  getByToken (token: string) {
+    return this.accessTokenCache.get(token)
+  }
+
+  setToken (token: MOAuthTokenUser) {
+    this.accessTokenCache.set(token.accessToken, token)
+    this.userHavingToken.set(token.userId, token.accessToken)
+  }
+
+  deleteUserToken (userId: number) {
+    this.clearCacheByUserId(userId)
+  }
+
+  clearCacheByUserId (userId: number) {
+    const token = this.userHavingToken.get(userId)
+
+    if (token !== undefined) {
+      this.accessTokenCache.del(token)
+      this.userHavingToken.del(userId)
+    }
+  }
+
+  clearCacheByToken (token: string) {
+    const tokenModel = this.accessTokenCache.get(token)
+
+    if (tokenModel !== undefined) {
+      this.userHavingToken.del(tokenModel.userId)
+      this.accessTokenCache.del(token)
+    }
+  }
+}
diff --git a/server/lib/emailer.ts b/server/lib/emailer.ts
index 969eae77b..ce4134d59 100644
--- a/server/lib/emailer.ts
+++ b/server/lib/emailer.ts
@@ -7,12 +7,12 @@ import { MVideoBlacklistLightVideo, MVideoBlacklistVideo } from '@server/types/m
 import { MVideoImport, MVideoImportVideo } from '@server/types/models/video/video-import'
 import { SANITIZE_OPTIONS, TEXT_WITH_HTML_RULES } from '@shared/core-utils'
 import { AbuseState, EmailPayload, UserAbuse } from '@shared/models'
-import { SendEmailOptions } from '../../shared/models/server/emailer.model'
+import { SendEmailDefaultOptions } from '../../shared/models/server/emailer.model'
 import { isTestInstance, root } from '../helpers/core-utils'
 import { bunyanLogger, logger } from '../helpers/logger'
 import { CONFIG, isEmailEnabled } from '../initializers/config'
 import { WEBSERVER } from '../initializers/constants'
-import { MAbuseFull, MAbuseMessage, MAccountDefault, MActorFollowActors, MActorFollowFull, MUser } from '../types/models'
+import { MAbuseFull, MAbuseMessage, MAccountDefault, MActorFollowActors, MActorFollowFull, MPlugin, MUser } from '../types/models'
 import { MCommentOwnerVideo, MVideo, MVideoAccountLight } from '../types/models/video'
 import { JobQueue } from './job-queue'
 
@@ -403,7 +403,7 @@ class Emailer {
   }
 
   async addVideoAutoBlacklistModeratorsNotification (to: string[], videoBlacklist: MVideoBlacklistLightVideo) {
-    const VIDEO_AUTO_BLACKLIST_URL = WEBSERVER.URL + '/admin/moderation/video-auto-blacklist/list'
+    const videoAutoBlacklistUrl = WEBSERVER.URL + '/admin/moderation/video-auto-blacklist/list'
     const videoUrl = WEBSERVER.URL + videoBlacklist.Video.getWatchStaticPath()
     const channel = (await VideoChannelModel.loadByIdAndPopulateAccount(videoBlacklist.Video.channelId)).toFormattedSummaryJSON()
 
@@ -417,7 +417,7 @@ class Emailer {
         videoName: videoBlacklist.Video.name,
         action: {
           text: 'Review autoblacklist',
-          url: VIDEO_AUTO_BLACKLIST_URL
+          url: videoAutoBlacklistUrl
         }
       }
     }
@@ -472,6 +472,36 @@ class Emailer {
     return JobQueue.Instance.createJob({ type: 'email', payload: emailPayload })
   }
 
+  addNewPeerTubeVersionNotification (to: string[], latestVersion: string) {
+    const emailPayload: EmailPayload = {
+      to,
+      template: 'peertube-version-new',
+      subject: `A new PeerTube version is available: ${latestVersion}`,
+      locals: {
+        latestVersion
+      }
+    }
+
+    return JobQueue.Instance.createJob({ type: 'email', payload: emailPayload })
+  }
+
+  addNewPlugionVersionNotification (to: string[], plugin: MPlugin) {
+    const pluginUrl = WEBSERVER.URL + '/admin/plugins/list-installed?pluginType=' + plugin.type
+
+    const emailPayload: EmailPayload = {
+      to,
+      template: 'plugin-version-new',
+      subject: `A new plugin/theme version is available: ${plugin.name}@${plugin.latestVersion}`,
+      locals: {
+        pluginName: plugin.name,
+        latestVersion: plugin.latestVersion,
+        pluginUrl
+      }
+    }
+
+    return JobQueue.Instance.createJob({ type: 'email', payload: emailPayload })
+  }
+
   addPasswordResetEmailJob (username: string, to: string, resetPasswordUrl: string) {
     const emailPayload: EmailPayload = {
       template: 'password-reset',
@@ -569,26 +599,27 @@ class Emailer {
     })
 
     for (const to of options.to) {
-      await email
-        .send(merge(
-          {
-            template: 'common',
-            message: {
-              to,
-              from: options.from,
-              subject: options.subject,
-              replyTo: options.replyTo
-            },
-            locals: { // default variables available in all templates
-              WEBSERVER,
-              EMAIL: CONFIG.EMAIL,
-              instanceName: CONFIG.INSTANCE.NAME,
-              text: options.text,
-              subject: options.subject
-            }
-          },
-          options // overriden/new variables given for a specific template in the payload
-        ) as SendEmailOptions)
+      const baseOptions: SendEmailDefaultOptions = {
+        template: 'common',
+        message: {
+          to,
+          from: options.from,
+          subject: options.subject,
+          replyTo: options.replyTo
+        },
+        locals: { // default variables available in all templates
+          WEBSERVER,
+          EMAIL: CONFIG.EMAIL,
+          instanceName: CONFIG.INSTANCE.NAME,
+          text: options.text,
+          subject: options.subject
+        }
+      }
+
+      // overriden/new variables given for a specific template in the payload
+      const sendOptions = merge(baseOptions, options)
+
+      await email.send(sendOptions)
         .then(res => logger.debug('Sent email.', { res }))
         .catch(err => logger.error('Error in email sender.', { err }))
     }
diff --git a/server/lib/emails/peertube-version-new/html.pug b/server/lib/emails/peertube-version-new/html.pug
new file mode 100644
index 000000000..2f4d9399d
--- /dev/null
+++ b/server/lib/emails/peertube-version-new/html.pug
@@ -0,0 +1,9 @@
+extends ../common/greetings
+
+block title
+  | New PeerTube version available
+
+block content
+  p
+    | A new version of PeerTube is available: #{latestVersion}.
+    | You can check the latest news on #[a(href="https://joinpeertube.org/news") JoinPeerTube].
diff --git a/server/lib/emails/plugin-version-new/html.pug b/server/lib/emails/plugin-version-new/html.pug
new file mode 100644
index 000000000..86d3d87e8
--- /dev/null
+++ b/server/lib/emails/plugin-version-new/html.pug
@@ -0,0 +1,9 @@
+extends ../common/greetings
+
+block title
+  | New plugin version available
+
+block content
+  p
+    | A new version of the plugin/theme #{pluginName} is available: #{latestVersion}.
+    | You might want to upgrade it on #[a(href=pluginUrl) the PeerTube admin interface].
diff --git a/server/lib/files-cache/videos-caption-cache.ts b/server/lib/files-cache/videos-caption-cache.ts
index ee0447010..58e2260b6 100644
--- a/server/lib/files-cache/videos-caption-cache.ts
+++ b/server/lib/files-cache/videos-caption-cache.ts
@@ -41,7 +41,7 @@ class VideosCaptionCache extends AbstractVideoStaticFileCache <string> {
     const remoteUrl = videoCaption.getFileUrl(video)
     const destPath = join(FILES_CACHE.VIDEO_CAPTIONS.DIRECTORY, videoCaption.filename)
 
-    await doRequestAndSaveToFile({ uri: remoteUrl }, destPath)
+    await doRequestAndSaveToFile(remoteUrl, destPath)
 
     return { isOwned: false, path: destPath }
   }
diff --git a/server/lib/files-cache/videos-preview-cache.ts b/server/lib/files-cache/videos-preview-cache.ts
index ee72cd3f9..dd3a84aca 100644
--- a/server/lib/files-cache/videos-preview-cache.ts
+++ b/server/lib/files-cache/videos-preview-cache.ts
@@ -39,7 +39,7 @@ class VideosPreviewCache extends AbstractVideoStaticFileCache <string> {
     const destPath = join(FILES_CACHE.PREVIEWS.DIRECTORY, preview.filename)
 
     const remoteUrl = preview.getFileUrl(video)
-    await doRequestAndSaveToFile({ uri: remoteUrl }, destPath)
+    await doRequestAndSaveToFile(remoteUrl, destPath)
 
     logger.debug('Fetched remote preview %s to %s.', remoteUrl, destPath)
 
diff --git a/server/lib/files-cache/videos-torrent-cache.ts b/server/lib/files-cache/videos-torrent-cache.ts
index ca0e1770d..23217f140 100644
--- a/server/lib/files-cache/videos-torrent-cache.ts
+++ b/server/lib/files-cache/videos-torrent-cache.ts
@@ -5,6 +5,7 @@ import { CONFIG } from '../../initializers/config'
 import { FILES_CACHE } from '../../initializers/constants'
 import { VideoModel } from '../../models/video/video'
 import { AbstractVideoStaticFileCache } from './abstract-video-static-file-cache'
+import { MVideo, MVideoFile } from '@server/types/models'
 
 class VideosTorrentCache extends AbstractVideoStaticFileCache <string> {
 
@@ -22,7 +23,11 @@ class VideosTorrentCache extends AbstractVideoStaticFileCache <string> {
     const file = await VideoFileModel.loadWithVideoOrPlaylistByTorrentFilename(filename)
     if (!file) return undefined
 
-    if (file.getVideo().isOwned()) return { isOwned: true, path: join(CONFIG.STORAGE.TORRENTS_DIR, file.torrentFilename) }
+    if (file.getVideo().isOwned()) {
+      const downloadName = this.buildDownloadName(file.getVideo(), file)
+
+      return { isOwned: true, path: join(CONFIG.STORAGE.TORRENTS_DIR, file.torrentFilename), downloadName }
+    }
 
     return this.loadRemoteFile(filename)
   }
@@ -41,12 +46,16 @@ class VideosTorrentCache extends AbstractVideoStaticFileCache <string> {
     const remoteUrl = file.getRemoteTorrentUrl(video)
     const destPath = join(FILES_CACHE.TORRENTS.DIRECTORY, file.torrentFilename)
 
-    await doRequestAndSaveToFile({ uri: remoteUrl }, destPath)
+    await doRequestAndSaveToFile(remoteUrl, destPath)
 
-    const downloadName = `${video.name}-${file.resolution}p.torrent`
+    const downloadName = this.buildDownloadName(video, file)
 
     return { isOwned: false, path: destPath, downloadName }
   }
+
+  private buildDownloadName (video: MVideo, file: MVideoFile) {
+    return `${video.name}-${file.resolution}p.torrent`
+  }
 }
 
 export {
diff --git a/server/lib/hls.ts b/server/lib/hls.ts
index 04187668c..84539e2c1 100644
--- a/server/lib/hls.ts
+++ b/server/lib/hls.ts
@@ -135,7 +135,7 @@ function downloadPlaylistSegments (playlistUrl: string, destinationDir: string,
         const destPath = join(tmpDirectory, basename(fileUrl))
 
         const bodyKBLimit = 10 * 1000 * 1000 // 10GB
-        await doRequestAndSaveToFile({ uri: fileUrl }, destPath, bodyKBLimit)
+        await doRequestAndSaveToFile(fileUrl, destPath, { bodyKBLimit })
       }
 
       clearTimeout(timer)
@@ -156,7 +156,7 @@ function downloadPlaylistSegments (playlistUrl: string, destinationDir: string,
   }
 
   async function fetchUniqUrls (playlistUrl: string) {
-    const { body } = await doRequest<string>({ uri: playlistUrl })
+    const { body } = await doRequest(playlistUrl)
 
     if (!body) return []
 
diff --git a/server/lib/job-queue/handlers/activitypub-cleaner.ts b/server/lib/job-queue/handlers/activitypub-cleaner.ts
index b58bbc983..1caca1dcc 100644
--- a/server/lib/job-queue/handlers/activitypub-cleaner.ts
+++ b/server/lib/job-queue/handlers/activitypub-cleaner.ts
@@ -1,10 +1,13 @@
 import * as Bluebird from 'bluebird'
 import * as Bull from 'bull'
 import { checkUrlsSameHost } from '@server/helpers/activitypub'
-import { isDislikeActivityValid, isLikeActivityValid } from '@server/helpers/custom-validators/activitypub/rate'
-import { isShareActivityValid } from '@server/helpers/custom-validators/activitypub/share'
+import {
+  isAnnounceActivityValid,
+  isDislikeActivityValid,
+  isLikeActivityValid
+} from '@server/helpers/custom-validators/activitypub/activity'
 import { sanitizeAndCheckVideoCommentObject } from '@server/helpers/custom-validators/activitypub/video-comments'
-import { doRequest } from '@server/helpers/requests'
+import { doJSONRequest, PeerTubeRequestError } from '@server/helpers/requests'
 import { AP_CLEANER_CONCURRENCY } from '@server/initializers/constants'
 import { VideoModel } from '@server/models/video/video'
 import { VideoCommentModel } from '@server/models/video/video-comment'
@@ -78,44 +81,44 @@ async function updateObjectIfNeeded <T> (
   updater: (url: string, newUrl: string) => Promise<T>,
   deleter: (url: string) => Promise<T>
 ): Promise<{ data: T, status: 'deleted' | 'updated' } | null> {
-  // Fetch url
-  const { response, body } = await doRequest<any>({
-    uri: url,
-    json: true,
-    activityPub: true
-  })
-
-  // Does not exist anymore, remove entry
-  if (response.statusCode === HttpStatusCode.NOT_FOUND_404) {
+  const on404OrTombstone = async () => {
     logger.info('Removing remote AP object %s.', url)
     const data = await deleter(url)
 
-    return { status: 'deleted', data }
+    return { status: 'deleted' as 'deleted', data }
   }
 
-  // If not same id, check same host and update
-  if (!body || !body.id || !bodyValidator(body)) throw new Error(`Body or body id of ${url} is invalid`)
+  try {
+    const { body } = await doJSONRequest<any>(url, { activityPub: true })
 
-  if (body.type === 'Tombstone') {
-    logger.info('Removing remote AP object %s.', url)
-    const data = await deleter(url)
+    // If not same id, check same host and update
+    if (!body || !body.id || !bodyValidator(body)) throw new Error(`Body or body id of ${url} is invalid`)
 
-    return { status: 'deleted', data }
-  }
+    if (body.type === 'Tombstone') {
+      return on404OrTombstone()
+    }
 
-  const newUrl = body.id
-  if (newUrl !== url) {
-    if (checkUrlsSameHost(newUrl, url) !== true) {
-      throw new Error(`New url ${newUrl} has not the same host than old url ${url}`)
+    const newUrl = body.id
+    if (newUrl !== url) {
+      if (checkUrlsSameHost(newUrl, url) !== true) {
+        throw new Error(`New url ${newUrl} has not the same host than old url ${url}`)
+      }
+
+      logger.info('Updating remote AP object %s.', url)
+      const data = await updater(url, newUrl)
+
+      return { status: 'updated', data }
     }
 
-    logger.info('Updating remote AP object %s.', url)
-    const data = await updater(url, newUrl)
+    return null
+  } catch (err) {
+    // Does not exist anymore, remove entry
+    if ((err as PeerTubeRequestError).statusCode === HttpStatusCode.NOT_FOUND_404) {
+      return on404OrTombstone()
+    }
 
-    return { status: 'updated', data }
+    throw err
   }
-
-  return null
 }
 
 function rateOptionsFactory () {
@@ -149,7 +152,7 @@ function rateOptionsFactory () {
 
 function shareOptionsFactory () {
   return {
-    bodyValidator: (body: any) => isShareActivityValid(body),
+    bodyValidator: (body: any) => isAnnounceActivityValid(body),
 
     updater: async (url: string, newUrl: string) => {
       const share = await VideoShareModel.loadByUrl(url, undefined)
diff --git a/server/lib/job-queue/handlers/activitypub-http-broadcast.ts b/server/lib/job-queue/handlers/activitypub-http-broadcast.ts
index 7174786d6..c69ff9e83 100644
--- a/server/lib/job-queue/handlers/activitypub-http-broadcast.ts
+++ b/server/lib/job-queue/handlers/activitypub-http-broadcast.ts
@@ -16,8 +16,7 @@ async function processActivityPubHttpBroadcast (job: Bull.Job) {
   const httpSignatureOptions = await buildSignedRequestOptions(payload)
 
   const options = {
-    method: 'POST',
-    uri: '',
+    method: 'POST' as 'POST',
     json: body,
     httpSignature: httpSignatureOptions,
     timeout: REQUEST_TIMEOUT,
@@ -28,7 +27,7 @@ async function processActivityPubHttpBroadcast (job: Bull.Job) {
   const goodUrls: string[] = []
 
   await Bluebird.map(payload.uris, uri => {
-    return doRequest(Object.assign({}, options, { uri }))
+    return doRequest(uri, options)
       .then(() => goodUrls.push(uri))
       .catch(() => badUrls.push(uri))
   }, { concurrency: BROADCAST_CONCURRENCY })
diff --git a/server/lib/job-queue/handlers/activitypub-http-unicast.ts b/server/lib/job-queue/handlers/activitypub-http-unicast.ts
index 74989d62e..585dad671 100644
--- a/server/lib/job-queue/handlers/activitypub-http-unicast.ts
+++ b/server/lib/job-queue/handlers/activitypub-http-unicast.ts
@@ -16,8 +16,7 @@ async function processActivityPubHttpUnicast (job: Bull.Job) {
   const httpSignatureOptions = await buildSignedRequestOptions(payload)
 
   const options = {
-    method: 'POST',
-    uri,
+    method: 'POST' as 'POST',
     json: body,
     httpSignature: httpSignatureOptions,
     timeout: REQUEST_TIMEOUT,
@@ -25,7 +24,7 @@ async function processActivityPubHttpUnicast (job: Bull.Job) {
   }
 
   try {
-    await doRequest(options)
+    await doRequest(uri, options)
     ActorFollowScoreCache.Instance.updateActorFollowsScore([ uri ], [])
   } catch (err) {
     ActorFollowScoreCache.Instance.updateActorFollowsScore([], [ uri ])
diff --git a/server/lib/job-queue/handlers/utils/activitypub-http-utils.ts b/server/lib/job-queue/handlers/utils/activitypub-http-utils.ts
index c030d31ef..e8a91450d 100644
--- a/server/lib/job-queue/handlers/utils/activitypub-http-utils.ts
+++ b/server/lib/job-queue/handlers/utils/activitypub-http-utils.ts
@@ -6,21 +6,24 @@ import { getServerActor } from '@server/models/application/application'
 import { buildDigest } from '@server/helpers/peertube-crypto'
 import { ContextType } from '@shared/models/activitypub/context'
 
-type Payload = { body: any, contextType?: ContextType, signatureActorId?: number }
+type Payload <T> = { body: T, contextType?: ContextType, signatureActorId?: number }
 
-async function computeBody (payload: Payload) {
+async function computeBody <T> (
+  payload: Payload<T>
+): Promise<T | T & { type: 'RsaSignature2017', creator: string, created: string }> {
   let body = payload.body
 
   if (payload.signatureActorId) {
     const actorSignature = await ActorModel.load(payload.signatureActorId)
     if (!actorSignature) throw new Error('Unknown signature actor id.')
+
     body = await buildSignedActivity(actorSignature, payload.body, payload.contextType)
   }
 
   return body
 }
 
-async function buildSignedRequestOptions (payload: Payload) {
+async function buildSignedRequestOptions (payload: Payload<any>) {
   let actor: MActor | null
 
   if (payload.signatureActorId) {
@@ -43,9 +46,9 @@ async function buildSignedRequestOptions (payload: Payload) {
 
 function buildGlobalHeaders (body: any) {
   return {
-    'Digest': buildDigest(body),
-    'Content-Type': 'application/activity+json',
-    'Accept': ACTIVITY_PUB.ACCEPT_HEADER
+    'digest': buildDigest(body),
+    'content-type': 'application/activity+json',
+    'accept': ACTIVITY_PUB.ACCEPT_HEADER
   }
 }
 
diff --git a/server/lib/notifier.ts b/server/lib/notifier.ts
index 740c274d7..da7f7cc05 100644
--- a/server/lib/notifier.ts
+++ b/server/lib/notifier.ts
@@ -19,7 +19,7 @@ import { CONFIG } from '../initializers/config'
 import { AccountBlocklistModel } from '../models/account/account-blocklist'
 import { UserModel } from '../models/account/user'
 import { UserNotificationModel } from '../models/account/user-notification'
-import { MAbuseFull, MAbuseMessage, MAccountServer, MActorFollowFull } from '../types/models'
+import { MAbuseFull, MAbuseMessage, MAccountServer, MActorFollowFull, MApplication, MPlugin } from '../types/models'
 import { MCommentOwnerVideo, MVideoAccountLight, MVideoFullLight } from '../types/models/video'
 import { isBlockedByServerOrAccount } from './blocklist'
 import { Emailer } from './emailer'
@@ -144,6 +144,20 @@ class Notifier {
       })
   }
 
+  notifyOfNewPeerTubeVersion (application: MApplication, latestVersion: string) {
+    this.notifyAdminsOfNewPeerTubeVersion(application, latestVersion)
+      .catch(err => {
+        logger.error('Cannot notify on new PeerTubeb version %s.', latestVersion, { err })
+      })
+  }
+
+  notifyOfNewPluginVersion (plugin: MPlugin) {
+    this.notifyAdminsOfNewPluginVersion(plugin)
+      .catch(err => {
+        logger.error('Cannot notify on new plugin version %s.', plugin.name, { err })
+      })
+  }
+
   private async notifySubscribersOfNewVideo (video: MVideoAccountLight) {
     // List all followers that are users
     const users = await UserModel.listUserSubscribersOf(video.VideoChannel.actorId)
@@ -667,6 +681,64 @@ class Notifier {
     return this.notify({ users: moderators, settingGetter, notificationCreator, emailSender })
   }
 
+  private async notifyAdminsOfNewPeerTubeVersion (application: MApplication, latestVersion: string) {
+    // Use the debug right to know who is an administrator
+    const admins = await UserModel.listWithRight(UserRight.MANAGE_DEBUG)
+    if (admins.length === 0) return
+
+    logger.info('Notifying %s admins of new PeerTube version %s.', admins.length, latestVersion)
+
+    function settingGetter (user: MUserWithNotificationSetting) {
+      return user.NotificationSetting.newPeerTubeVersion
+    }
+
+    async function notificationCreator (user: MUserWithNotificationSetting) {
+      const notification = await UserNotificationModel.create<UserNotificationModelForApi>({
+        type: UserNotificationType.NEW_PEERTUBE_VERSION,
+        userId: user.id,
+        applicationId: application.id
+      })
+      notification.Application = application
+
+      return notification
+    }
+
+    function emailSender (emails: string[]) {
+      return Emailer.Instance.addNewPeerTubeVersionNotification(emails, latestVersion)
+    }
+
+    return this.notify({ users: admins, settingGetter, notificationCreator, emailSender })
+  }
+
+  private async notifyAdminsOfNewPluginVersion (plugin: MPlugin) {
+    // Use the debug right to know who is an administrator
+    const admins = await UserModel.listWithRight(UserRight.MANAGE_DEBUG)
+    if (admins.length === 0) return
+
+    logger.info('Notifying %s admins of new plugin version %s@%s.', admins.length, plugin.name, plugin.latestVersion)
+
+    function settingGetter (user: MUserWithNotificationSetting) {
+      return user.NotificationSetting.newPluginVersion
+    }
+
+    async function notificationCreator (user: MUserWithNotificationSetting) {
+      const notification = await UserNotificationModel.create<UserNotificationModelForApi>({
+        type: UserNotificationType.NEW_PLUGIN_VERSION,
+        userId: user.id,
+        pluginId: plugin.id
+      })
+      notification.Plugin = plugin
+
+      return notification
+    }
+
+    function emailSender (emails: string[]) {
+      return Emailer.Instance.addNewPlugionVersionNotification(emails, plugin)
+    }
+
+    return this.notify({ users: admins, settingGetter, notificationCreator, emailSender })
+  }
+
   private async notify<T extends MUserWithNotificationSetting> (options: {
     users: T[]
     notificationCreator: (user: T) => Promise<UserNotificationModelForApi>
diff --git a/server/lib/plugins/plugin-index.ts b/server/lib/plugins/plugin-index.ts
index 7bcb6ed4c..624f5da1d 100644
--- a/server/lib/plugins/plugin-index.ts
+++ b/server/lib/plugins/plugin-index.ts
@@ -1,22 +1,22 @@
-import { doRequest } from '../../helpers/requests'
-import { CONFIG } from '../../initializers/config'
+import { sanitizeUrl } from '@server/helpers/core-utils'
+import { ResultList } from '../../../shared/models'
+import { PeertubePluginIndexList } from '../../../shared/models/plugins/peertube-plugin-index-list.model'
+import { PeerTubePluginIndex } from '../../../shared/models/plugins/peertube-plugin-index.model'
 import {
   PeertubePluginLatestVersionRequest,
   PeertubePluginLatestVersionResponse
 } from '../../../shared/models/plugins/peertube-plugin-latest-version.model'
-import { PeertubePluginIndexList } from '../../../shared/models/plugins/peertube-plugin-index-list.model'
-import { ResultList } from '../../../shared/models'
-import { PeerTubePluginIndex } from '../../../shared/models/plugins/peertube-plugin-index.model'
-import { PluginModel } from '../../models/server/plugin'
-import { PluginManager } from './plugin-manager'
 import { logger } from '../../helpers/logger'
+import { doJSONRequest } from '../../helpers/requests'
+import { CONFIG } from '../../initializers/config'
 import { PEERTUBE_VERSION } from '../../initializers/constants'
-import { sanitizeUrl } from '@server/helpers/core-utils'
+import { PluginModel } from '../../models/server/plugin'
+import { PluginManager } from './plugin-manager'
 
 async function listAvailablePluginsFromIndex (options: PeertubePluginIndexList) {
   const { start = 0, count = 20, search, sort = 'npmName', pluginType } = options
 
-  const qs: PeertubePluginIndexList = {
+  const searchParams: PeertubePluginIndexList & Record<string, string | number> = {
     start,
     count,
     sort,
@@ -28,7 +28,7 @@ async function listAvailablePluginsFromIndex (options: PeertubePluginIndexList)
   const uri = CONFIG.PLUGINS.INDEX.URL + '/api/v1/plugins'
 
   try {
-    const { body } = await doRequest<any>({ uri, qs, json: true })
+    const { body } = await doJSONRequest<any>(uri, { searchParams })
 
     logger.debug('Got result from PeerTube index.', { body })
 
@@ -58,7 +58,11 @@ async function getLatestPluginsVersion (npmNames: string[]): Promise<PeertubePlu
 
   const uri = sanitizeUrl(CONFIG.PLUGINS.INDEX.URL) + '/api/v1/plugins/latest-version'
 
-  const { body } = await doRequest<any>({ uri, body: bodyRequest, json: true, method: 'POST' })
+  const options = {
+    json: bodyRequest,
+    method: 'POST' as 'POST'
+  }
+  const { body } = await doJSONRequest<PeertubePluginLatestVersionResponse>(uri, options)
 
   return body
 }
diff --git a/server/lib/plugins/register-helpers.ts b/server/lib/plugins/register-helpers.ts
index 1f2a88c27..9b5e1a546 100644
--- a/server/lib/plugins/register-helpers.ts
+++ b/server/lib/plugins/register-helpers.ts
@@ -7,7 +7,7 @@ import {
   VIDEO_PLAYLIST_PRIVACIES,
   VIDEO_PRIVACIES
 } from '@server/initializers/constants'
-import { onExternalUserAuthenticated } from '@server/lib/auth'
+import { onExternalUserAuthenticated } from '@server/lib/auth/external-auth'
 import { PluginModel } from '@server/models/server/plugin'
 import {
   RegisterServerAuthExternalOptions,
diff --git a/server/lib/schedulers/auto-follow-index-instances.ts b/server/lib/schedulers/auto-follow-index-instances.ts
index f62f52f9c..0b8cd1389 100644
--- a/server/lib/schedulers/auto-follow-index-instances.ts
+++ b/server/lib/schedulers/auto-follow-index-instances.ts
@@ -1,5 +1,5 @@
 import { chunk } from 'lodash'
-import { doRequest } from '@server/helpers/requests'
+import { doJSONRequest } from '@server/helpers/requests'
 import { JobQueue } from '@server/lib/job-queue'
 import { ActorFollowModel } from '@server/models/activitypub/actor-follow'
 import { getServerActor } from '@server/models/application/application'
@@ -34,12 +34,12 @@ export class AutoFollowIndexInstances extends AbstractScheduler {
     try {
       const serverActor = await getServerActor()
 
-      const qs = { count: 1000 }
-      if (this.lastCheck) Object.assign(qs, { since: this.lastCheck.toISOString() })
+      const searchParams = { count: 1000 }
+      if (this.lastCheck) Object.assign(searchParams, { since: this.lastCheck.toISOString() })
 
       this.lastCheck = new Date()
 
-      const { body } = await doRequest<any>({ uri: indexUrl, qs, json: true })
+      const { body } = await doJSONRequest<any>(indexUrl, { searchParams })
       if (!body.data || Array.isArray(body.data) === false) {
         logger.error('Cannot auto follow instances of index %s. Please check the auto follow URL.', indexUrl, { body })
         return
diff --git a/server/lib/schedulers/peertube-version-check-scheduler.ts b/server/lib/schedulers/peertube-version-check-scheduler.ts
new file mode 100644
index 000000000..c8960465c
--- /dev/null
+++ b/server/lib/schedulers/peertube-version-check-scheduler.ts
@@ -0,0 +1,55 @@
+
+import { doJSONRequest } from '@server/helpers/requests'
+import { ApplicationModel } from '@server/models/application/application'
+import { compareSemVer } from '@shared/core-utils'
+import { JoinPeerTubeVersions } from '@shared/models'
+import { logger } from '../../helpers/logger'
+import { CONFIG } from '../../initializers/config'
+import { PEERTUBE_VERSION, SCHEDULER_INTERVALS_MS } from '../../initializers/constants'
+import { Notifier } from '../notifier'
+import { AbstractScheduler } from './abstract-scheduler'
+
+export class PeerTubeVersionCheckScheduler extends AbstractScheduler {
+
+  private static instance: AbstractScheduler
+
+  protected schedulerIntervalMs = SCHEDULER_INTERVALS_MS.checkPeerTubeVersion
+
+  private constructor () {
+    super()
+  }
+
+  protected async internalExecute () {
+    return this.checkLatestVersion()
+  }
+
+  private async checkLatestVersion () {
+    if (CONFIG.PEERTUBE.CHECK_LATEST_VERSION.ENABLED === false) return
+
+    logger.info('Checking latest PeerTube version.')
+
+    const { body } = await doJSONRequest<JoinPeerTubeVersions>(CONFIG.PEERTUBE.CHECK_LATEST_VERSION.URL)
+
+    if (!body?.peertube?.latestVersion) {
+      logger.warn('Cannot check latest PeerTube version: body is invalid.', { body })
+      return
+    }
+
+    const latestVersion = body.peertube.latestVersion
+    const application = await ApplicationModel.load()
+
+    // Already checked this version
+    if (application.latestPeerTubeVersion === latestVersion) return
+
+    if (compareSemVer(PEERTUBE_VERSION, latestVersion) < 0) {
+      application.latestPeerTubeVersion = latestVersion
+      await application.save()
+
+      Notifier.Instance.notifyOfNewPeerTubeVersion(application, latestVersion)
+    }
+  }
+
+  static get Instance () {
+    return this.instance || (this.instance = new this())
+  }
+}
diff --git a/server/lib/schedulers/plugins-check-scheduler.ts b/server/lib/schedulers/plugins-check-scheduler.ts
index 014993e94..9a1ae3ec5 100644
--- a/server/lib/schedulers/plugins-check-scheduler.ts
+++ b/server/lib/schedulers/plugins-check-scheduler.ts
@@ -6,6 +6,7 @@ import { PluginModel } from '../../models/server/plugin'
 import { chunk } from 'lodash'
 import { getLatestPluginsVersion } from '../plugins/plugin-index'
 import { compareSemVer } from '../../../shared/core-utils/miscs/miscs'
+import { Notifier } from '../notifier'
 
 export class PluginsCheckScheduler extends AbstractScheduler {
 
@@ -53,6 +54,11 @@ export class PluginsCheckScheduler extends AbstractScheduler {
             plugin.latestVersion = result.latestVersion
             await plugin.save()
 
+            // Notify if there is an higher plugin version available
+            if (compareSemVer(plugin.version, result.latestVersion) < 0) {
+              Notifier.Instance.notifyOfNewPluginVersion(plugin)
+            }
+
             logger.info('Plugin %s has a new latest version %s.', result.npmName, plugin.latestVersion)
           }
         }
diff --git a/server/lib/user.ts b/server/lib/user.ts
index e1892f22c..9b0a0a2f1 100644
--- a/server/lib/user.ts
+++ b/server/lib/user.ts
@@ -193,7 +193,9 @@ function createDefaultUserNotificationSettings (user: MUserId, t: Transaction |
     newInstanceFollower: UserNotificationSettingValue.WEB,
     abuseNewMessage: UserNotificationSettingValue.WEB | UserNotificationSettingValue.EMAIL,
     abuseStateChange: UserNotificationSettingValue.WEB | UserNotificationSettingValue.EMAIL,
-    autoInstanceFollowing: UserNotificationSettingValue.WEB
+    autoInstanceFollowing: UserNotificationSettingValue.WEB,
+    newPeerTubeVersion: UserNotificationSettingValue.WEB | UserNotificationSettingValue.EMAIL,
+    newPluginVersion: UserNotificationSettingValue.WEB
   }
 
   return UserNotificationSettingModel.create(values, { transaction: t })
diff --git a/server/lib/video-blacklist.ts b/server/lib/video-blacklist.ts
index dbb37e0b2..37c43c3b0 100644
--- a/server/lib/video-blacklist.ts
+++ b/server/lib/video-blacklist.ts
@@ -11,7 +11,7 @@ import {
 } from '@server/types/models'
 import { UserRight, VideoBlacklistCreate, VideoBlacklistType } from '../../shared/models'
 import { UserAdminFlag } from '../../shared/models/users/user-flag.model'
-import { logger } from '../helpers/logger'
+import { logger, loggerTagsFactory } from '../helpers/logger'
 import { CONFIG } from '../initializers/config'
 import { VideoBlacklistModel } from '../models/video/video-blacklist'
 import { sendDeleteVideo } from './activitypub/send'
@@ -20,6 +20,8 @@ import { LiveManager } from './live-manager'
 import { Notifier } from './notifier'
 import { Hooks } from './plugins/hooks'
 
+const lTags = loggerTagsFactory('blacklist')
+
 async function autoBlacklistVideoIfNeeded (parameters: {
   video: MVideoWithBlacklistLight
   user?: MUser
@@ -60,7 +62,7 @@ async function autoBlacklistVideoIfNeeded (parameters: {
     })
   }
 
-  logger.info('Video %s auto-blacklisted.', video.uuid)
+  logger.info('Video %s auto-blacklisted.', video.uuid, lTags(video.uuid))
 
   return true
 }
diff --git a/server/middlewares/oauth.ts b/server/middlewares/auth.ts
index 280595acc..f38373624 100644
--- a/server/middlewares/oauth.ts
+++ b/server/middlewares/auth.ts
@@ -1,15 +1,19 @@
 import * as express from 'express'
 import { Socket } from 'socket.io'
-import { oAuthServer } from '@server/lib/auth'
-import { logger } from '../helpers/logger'
-import { getAccessToken } from '../lib/oauth-model'
+import { getAccessToken } from '@server/lib/auth/oauth-model'
 import { HttpStatusCode } from '../../shared/core-utils/miscs/http-error-codes'
+import { logger } from '../helpers/logger'
+import { handleOAuthAuthenticate } from '../lib/auth/oauth'
 
 function authenticate (req: express.Request, res: express.Response, next: express.NextFunction, authenticateInQuery = false) {
-  const options = authenticateInQuery ? { allowBearerTokensInQueryString: true } : {}
+  handleOAuthAuthenticate(req, res, authenticateInQuery)
+    .then((token: any) => {
+      res.locals.oauth = { token }
+      res.locals.authenticated = true
 
-  oAuthServer.authenticate(options)(req, res, err => {
-    if (err) {
+      return next()
+    })
+    .catch(err => {
       logger.warn('Cannot authenticate.', { err })
 
       return res.status(err.status)
@@ -17,13 +21,7 @@ function authenticate (req: express.Request, res: express.Response, next: expres
           error: 'Token is invalid.',
           code: err.name
         })
-        .end()
-    }
-
-    res.locals.authenticated = true
-
-    return next()
-  })
+    })
 }
 
 function authenticateSocket (socket: Socket, next: (err?: any) => void) {
diff --git a/server/middlewares/index.ts b/server/middlewares/index.ts
index b758a8586..3e280e16f 100644
--- a/server/middlewares/index.ts
+++ b/server/middlewares/index.ts
@@ -1,7 +1,7 @@
 export * from './validators'
 export * from './activitypub'
 export * from './async'
-export * from './oauth'
+export * from './auth'
 export * from './pagination'
 export * from './servers'
 export * from './sort'
diff --git a/server/middlewares/validators/activitypub/signature.ts b/server/middlewares/validators/activitypub/signature.ts
index 02b191480..7c4e49463 100644
--- a/server/middlewares/validators/activitypub/signature.ts
+++ b/server/middlewares/validators/activitypub/signature.ts
@@ -23,7 +23,7 @@ const signatureValidator = [
     .custom(isSignatureValueValid).withMessage('Should have a valid signature value'),
 
   (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking activitypub signature parameter', { parameters: { signature: req.body.signature } })
+    logger.debug('Checking Linked Data Signature parameter', { parameters: { signature: req.body.signature } })
 
     if (areValidationErrors(req, res)) return
 
diff --git a/server/middlewares/validators/jobs.ts b/server/middlewares/validators/jobs.ts
index 99ef25e0a..d87b28c06 100644
--- a/server/middlewares/validators/jobs.ts
+++ b/server/middlewares/validators/jobs.ts
@@ -1,9 +1,11 @@
 import * as express from 'express'
 import { param, query } from 'express-validator'
 import { isValidJobState, isValidJobType } from '../../helpers/custom-validators/jobs'
-import { logger } from '../../helpers/logger'
+import { logger, loggerTagsFactory } from '../../helpers/logger'
 import { areValidationErrors } from './utils'
 
+const lTags = loggerTagsFactory('validators', 'jobs')
+
 const listJobsValidator = [
   param('state')
   .optional()
@@ -14,7 +16,7 @@ const listJobsValidator = [
     .custom(isValidJobType).withMessage('Should have a valid job state'),
 
   (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking listJobsValidator parameters.', { parameters: req.params })
+    logger.debug('Checking listJobsValidator parameters.', { parameters: req.params, ...lTags() })
 
     if (areValidationErrors(req, res)) return
 
diff --git a/server/middlewares/validators/pagination.ts b/server/middlewares/validators/pagination.ts
index 1cae7848c..6b0a83d80 100644
--- a/server/middlewares/validators/pagination.ts
+++ b/server/middlewares/validators/pagination.ts
@@ -4,25 +4,30 @@ import { logger } from '../../helpers/logger'
 import { areValidationErrors } from './utils'
 import { PAGINATION } from '@server/initializers/constants'
 
-const paginationValidator = [
-  query('start')
-    .optional()
-    .isInt({ min: 0 }).withMessage('Should have a number start'),
-  query('count')
-    .optional()
-    .isInt({ min: 0, max: PAGINATION.GLOBAL.COUNT.MAX }).withMessage(`Should have a number count (max: ${PAGINATION.GLOBAL.COUNT.MAX})`),
+const paginationValidator = paginationValidatorBuilder()
 
-  (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking pagination parameters', { parameters: req.query })
+function paginationValidatorBuilder (tags: string[] = []) {
+  return [
+    query('start')
+      .optional()
+      .isInt({ min: 0 }).withMessage('Should have a number start'),
+    query('count')
+      .optional()
+      .isInt({ min: 0, max: PAGINATION.GLOBAL.COUNT.MAX }).withMessage(`Should have a number count (max: ${PAGINATION.GLOBAL.COUNT.MAX})`),
 
-    if (areValidationErrors(req, res)) return
+    (req: express.Request, res: express.Response, next: express.NextFunction) => {
+      logger.debug('Checking pagination parameters', { parameters: req.query, tags })
 
-    return next()
-  }
-]
+      if (areValidationErrors(req, res)) return
+
+      return next()
+    }
+  ]
+}
 
 // ---------------------------------------------------------------------------
 
 export {
-  paginationValidator
+  paginationValidator,
+  paginationValidatorBuilder
 }
diff --git a/server/middlewares/validators/sort.ts b/server/middlewares/validators/sort.ts
index e93ceb200..beecc155b 100644
--- a/server/middlewares/validators/sort.ts
+++ b/server/middlewares/validators/sort.ts
@@ -28,7 +28,7 @@ const SORTABLE_VIDEO_REDUNDANCIES_COLUMNS = createSortableColumns(SORTABLE_COLUM
 
 const usersSortValidator = checkSort(SORTABLE_USERS_COLUMNS)
 const accountsSortValidator = checkSort(SORTABLE_ACCOUNTS_COLUMNS)
-const jobsSortValidator = checkSort(SORTABLE_JOBS_COLUMNS)
+const jobsSortValidator = checkSort(SORTABLE_JOBS_COLUMNS, [ 'jobs' ])
 const abusesSortValidator = checkSort(SORTABLE_ABUSES_COLUMNS)
 const videosSortValidator = checkSort(SORTABLE_VIDEOS_COLUMNS)
 const videoImportsSortValidator = checkSort(SORTABLE_VIDEO_IMPORTS_COLUMNS)
diff --git a/server/middlewares/validators/utils.ts b/server/middlewares/validators/utils.ts
index 2899bed6f..4167f6d43 100644
--- a/server/middlewares/validators/utils.ts
+++ b/server/middlewares/validators/utils.ts
@@ -17,12 +17,12 @@ function areValidationErrors (req: express.Request, res: express.Response) {
   return false
 }
 
-function checkSort (sortableColumns: string[]) {
+function checkSort (sortableColumns: string[], tags: string[] = []) {
   return [
     query('sort').optional().isIn(sortableColumns).withMessage('Should have correct sortable column'),
 
     (req: express.Request, res: express.Response, next: express.NextFunction) => {
-      logger.debug('Checking sort parameters', { parameters: req.query })
+      logger.debug('Checking sort parameters', { parameters: req.query, tags })
 
       if (areValidationErrors(req, res)) return
 
diff --git a/server/middlewares/validators/videos/video-comments.ts b/server/middlewares/validators/videos/video-comments.ts
index 226c9d436..1afacfed8 100644
--- a/server/middlewares/validators/videos/video-comments.ts
+++ b/server/middlewares/validators/videos/video-comments.ts
@@ -216,7 +216,7 @@ async function isVideoCommentAccepted (req: express.Request, res: express.Respon
   if (!acceptedResult || acceptedResult.accepted !== true) {
     logger.info('Refused local comment.', { acceptedResult, acceptParameters })
     res.status(HttpStatusCode.FORBIDDEN_403)
-       .json({ error: acceptedResult.errorMessage || 'Refused local comment' })
+       .json({ error: acceptedResult?.errorMessage || 'Refused local comment' })
 
     return false
   }
diff --git a/server/middlewares/validators/videos/video-playlists.ts b/server/middlewares/validators/videos/video-playlists.ts
index 0fba4f5fd..c872d045e 100644
--- a/server/middlewares/validators/videos/video-playlists.ts
+++ b/server/middlewares/validators/videos/video-playlists.ts
@@ -29,7 +29,7 @@ import { doesVideoChannelIdExist, doesVideoExist, doesVideoPlaylistExist, VideoP
 import { CONSTRAINTS_FIELDS } from '../../../initializers/constants'
 import { VideoPlaylistElementModel } from '../../../models/video/video-playlist-element'
 import { MVideoPlaylist } from '../../../types/models/video/video-playlist'
-import { authenticatePromiseIfNeeded } from '../../oauth'
+import { authenticatePromiseIfNeeded } from '../../auth'
 import { areValidationErrors } from '../utils'
 
 const videoPlaylistsAddValidator = getCommonPlaylistEditAttributes().concat([
diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts
index 37cc07b94..4d31d3dcb 100644
--- a/server/middlewares/validators/videos/videos.ts
+++ b/server/middlewares/validators/videos/videos.ts
@@ -54,7 +54,7 @@ import { isLocalVideoAccepted } from '../../../lib/moderation'
 import { Hooks } from '../../../lib/plugins/hooks'
 import { AccountModel } from '../../../models/account/account'
 import { VideoModel } from '../../../models/video/video'
-import { authenticatePromiseIfNeeded } from '../../oauth'
+import { authenticatePromiseIfNeeded } from '../../auth'
 import { areValidationErrors } from '../utils'
 
 const videosAddValidator = getCommonVideoEditAttributes().concat([
diff --git a/server/models/account/user-notification-setting.ts b/server/models/account/user-notification-setting.ts
index ebab8b6d2..138051528 100644
--- a/server/models/account/user-notification-setting.ts
+++ b/server/models/account/user-notification-setting.ts
@@ -12,10 +12,10 @@ import {
   Table,
   UpdatedAt
 } from 'sequelize-typescript'
+import { TokensCache } from '@server/lib/auth/tokens-cache'
 import { MNotificationSettingFormattable } from '@server/types/models'
 import { UserNotificationSetting, UserNotificationSettingValue } from '../../../shared/models/users/user-notification-setting.model'
 import { isUserNotificationSettingValid } from '../../helpers/custom-validators/user-notifications'
-import { clearCacheByUserId } from '../../lib/oauth-model'
 import { throwIfNotValid } from '../utils'
 import { UserModel } from './user'
 
@@ -156,6 +156,24 @@ export class UserNotificationSettingModel extends Model {
   @Column
   abuseNewMessage: UserNotificationSettingValue
 
+  @AllowNull(false)
+  @Default(null)
+  @Is(
+    'UserNotificationSettingNewPeerTubeVersion',
+    value => throwIfNotValid(value, isUserNotificationSettingValid, 'newPeerTubeVersion')
+  )
+  @Column
+  newPeerTubeVersion: UserNotificationSettingValue
+
+  @AllowNull(false)
+  @Default(null)
+  @Is(
+    'UserNotificationSettingNewPeerPluginVersion',
+    value => throwIfNotValid(value, isUserNotificationSettingValid, 'newPluginVersion')
+  )
+  @Column
+  newPluginVersion: UserNotificationSettingValue
+
   @ForeignKey(() => UserModel)
   @Column
   userId: number
@@ -177,7 +195,7 @@ export class UserNotificationSettingModel extends Model {
   @AfterUpdate
   @AfterDestroy
   static removeTokenCache (instance: UserNotificationSettingModel) {
-    return clearCacheByUserId(instance.userId)
+    return TokensCache.Instance.clearCacheByUserId(instance.userId)
   }
 
   toFormattedJSON (this: MNotificationSettingFormattable): UserNotificationSetting {
@@ -195,7 +213,9 @@ export class UserNotificationSettingModel extends Model {
       newInstanceFollower: this.newInstanceFollower,
       autoInstanceFollowing: this.autoInstanceFollowing,
       abuseNewMessage: this.abuseNewMessage,
-      abuseStateChange: this.abuseStateChange
+      abuseStateChange: this.abuseStateChange,
+      newPeerTubeVersion: this.newPeerTubeVersion,
+      newPluginVersion: this.newPluginVersion
     }
   }
 }
diff --git a/server/models/account/user-notification.ts b/server/models/account/user-notification.ts
index add129644..25c523203 100644
--- a/server/models/account/user-notification.ts
+++ b/server/models/account/user-notification.ts
@@ -9,7 +9,9 @@ import { VideoAbuseModel } from '../abuse/video-abuse'
 import { VideoCommentAbuseModel } from '../abuse/video-comment-abuse'
 import { ActorModel } from '../activitypub/actor'
 import { ActorFollowModel } from '../activitypub/actor-follow'
+import { ApplicationModel } from '../application/application'
 import { AvatarModel } from '../avatar/avatar'
+import { PluginModel } from '../server/plugin'
 import { ServerModel } from '../server/server'
 import { getSort, throwIfNotValid } from '../utils'
 import { VideoModel } from '../video/video'
@@ -96,7 +98,7 @@ function buildAccountInclude (required: boolean, withActor = false) {
             attributes: [ 'id' ],
             model: VideoAbuseModel.unscoped(),
             required: false,
-            include: [ buildVideoInclude(true) ]
+            include: [ buildVideoInclude(false) ]
           },
           {
             attributes: [ 'id' ],
@@ -106,12 +108,12 @@ function buildAccountInclude (required: boolean, withActor = false) {
               {
                 attributes: [ 'id', 'originCommentId' ],
                 model: VideoCommentModel.unscoped(),
-                required: true,
+                required: false,
                 include: [
                   {
                     attributes: [ 'id', 'name', 'uuid' ],
                     model: VideoModel.unscoped(),
-                    required: true
+                    required: false
                   }
                 ]
               }
@@ -120,7 +122,7 @@ function buildAccountInclude (required: boolean, withActor = false) {
           {
             model: AccountModel,
             as: 'FlaggedAccount',
-            required: true,
+            required: false,
             include: [ buildActorWithAvatarInclude() ]
           }
         ]
@@ -141,6 +143,18 @@ function buildAccountInclude (required: boolean, withActor = false) {
       },
 
       {
+        attributes: [ 'id', 'name', 'type', 'latestVersion' ],
+        model: PluginModel.unscoped(),
+        required: false
+      },
+
+      {
+        attributes: [ 'id', 'latestPeerTubeVersion' ],
+        model: ApplicationModel.unscoped(),
+        required: false
+      },
+
+      {
         attributes: [ 'id', 'state' ],
         model: ActorFollowModel.unscoped(),
         required: false,
@@ -251,6 +265,22 @@ function buildAccountInclude (required: boolean, withActor = false) {
           [Op.ne]: null
         }
       }
+    },
+    {
+      fields: [ 'pluginId' ],
+      where: {
+        pluginId: {
+          [Op.ne]: null
+        }
+      }
+    },
+    {
+      fields: [ 'applicationId' ],
+      where: {
+        applicationId: {
+          [Op.ne]: null
+        }
+      }
     }
   ] as (ModelIndexesOptions & { where?: WhereOptions })[]
 })
@@ -370,6 +400,30 @@ export class UserNotificationModel extends Model {
   })
   ActorFollow: ActorFollowModel
 
+  @ForeignKey(() => PluginModel)
+  @Column
+  pluginId: number
+
+  @BelongsTo(() => PluginModel, {
+    foreignKey: {
+      allowNull: true
+    },
+    onDelete: 'cascade'
+  })
+  Plugin: PluginModel
+
+  @ForeignKey(() => ApplicationModel)
+  @Column
+  applicationId: number
+
+  @BelongsTo(() => ApplicationModel, {
+    foreignKey: {
+      allowNull: true
+    },
+    onDelete: 'cascade'
+  })
+  Application: ApplicationModel
+
   static listForApi (userId: number, start: number, count: number, sort: string, unread?: boolean) {
     const where = { userId }
 
@@ -524,6 +578,18 @@ export class UserNotificationModel extends Model {
       }
       : undefined
 
+    const plugin = this.Plugin
+      ? {
+        name: this.Plugin.name,
+        type: this.Plugin.type,
+        latestVersion: this.Plugin.latestVersion
+      }
+      : undefined
+
+    const peertube = this.Application
+      ? { latestVersion: this.Application.latestPeerTubeVersion }
+      : undefined
+
     return {
       id: this.id,
       type: this.type,
@@ -535,6 +601,8 @@ export class UserNotificationModel extends Model {
       videoBlacklist,
       account,
       actorFollow,
+      plugin,
+      peertube,
       createdAt: this.createdAt.toISOString(),
       updatedAt: this.updatedAt.toISOString()
     }
@@ -553,17 +621,19 @@ export class UserNotificationModel extends Model {
       ? {
         threadId: abuse.VideoCommentAbuse.VideoComment.getThreadId(),
 
-        video: {
-          id: abuse.VideoCommentAbuse.VideoComment.Video.id,
-          name: abuse.VideoCommentAbuse.VideoComment.Video.name,
-          uuid: abuse.VideoCommentAbuse.VideoComment.Video.uuid
-        }
+        video: abuse.VideoCommentAbuse.VideoComment.Video
+          ? {
+            id: abuse.VideoCommentAbuse.VideoComment.Video.id,
+            name: abuse.VideoCommentAbuse.VideoComment.Video.name,
+            uuid: abuse.VideoCommentAbuse.VideoComment.Video.uuid
+          }
+          : undefined
       }
       : undefined
 
     const videoAbuse = abuse.VideoAbuse?.Video ? this.formatVideo(abuse.VideoAbuse.Video) : undefined
 
-    const accountAbuse = (!commentAbuse && !videoAbuse) ? this.formatActor(abuse.FlaggedAccount) : undefined
+    const accountAbuse = (!commentAbuse && !videoAbuse && abuse.FlaggedAccount) ? this.formatActor(abuse.FlaggedAccount) : undefined
 
     return {
       id: abuse.id,
diff --git a/server/models/account/user.ts b/server/models/account/user.ts
index c1f22b76a..a7a65c489 100644
--- a/server/models/account/user.ts
+++ b/server/models/account/user.ts
@@ -21,6 +21,7 @@ import {
   Table,
   UpdatedAt
 } from 'sequelize-typescript'
+import { TokensCache } from '@server/lib/auth/tokens-cache'
 import {
   MMyUserFormattable,
   MUser,
@@ -58,7 +59,6 @@ import {
 } from '../../helpers/custom-validators/users'
 import { comparePassword, cryptPassword } from '../../helpers/peertube-crypto'
 import { DEFAULT_USER_THEME_NAME, NSFW_POLICY_TYPES } from '../../initializers/constants'
-import { clearCacheByUserId } from '../../lib/oauth-model'
 import { getThemeOrDefault } from '../../lib/plugins/theme-utils'
 import { ActorModel } from '../activitypub/actor'
 import { ActorFollowModel } from '../activitypub/actor-follow'
@@ -411,7 +411,7 @@ export class UserModel extends Model {
   @AfterUpdate
   @AfterDestroy
   static removeTokenCache (instance: UserModel) {
-    return clearCacheByUserId(instance.id)
+    return TokensCache.Instance.clearCacheByUserId(instance.id)
   }
 
   static countTotal () {
diff --git a/server/models/application/application.ts b/server/models/application/application.ts
index 909569de1..21f8b1cbc 100644
--- a/server/models/application/application.ts
+++ b/server/models/application/application.ts
@@ -32,6 +32,10 @@ export class ApplicationModel extends Model {
   @Column
   migrationVersion: number
 
+  @AllowNull(true)
+  @Column
+  latestPeerTubeVersion: string
+
   @HasOne(() => AccountModel, {
     foreignKey: {
       allowNull: true
diff --git a/server/models/oauth/oauth-token.ts b/server/models/oauth/oauth-token.ts
index 6bc6cf27c..27e643aa7 100644
--- a/server/models/oauth/oauth-token.ts
+++ b/server/models/oauth/oauth-token.ts
@@ -12,9 +12,10 @@ import {
   Table,
   UpdatedAt
 } from 'sequelize-typescript'
+import { TokensCache } from '@server/lib/auth/tokens-cache'
+import { MUserAccountId } from '@server/types/models'
 import { MOAuthTokenUser } from '@server/types/models/oauth/oauth-token'
 import { logger } from '../../helpers/logger'
-import { clearCacheByToken } from '../../lib/oauth-model'
 import { AccountModel } from '../account/account'
 import { UserModel } from '../account/user'
 import { ActorModel } from '../activitypub/actor'
@@ -26,9 +27,7 @@ export type OAuthTokenInfo = {
   client: {
     id: number
   }
-  user: {
-    id: number
-  }
+  user: MUserAccountId
   token: MOAuthTokenUser
 }
 
@@ -133,7 +132,7 @@ export class OAuthTokenModel extends Model {
   @AfterUpdate
   @AfterDestroy
   static removeTokenCache (token: OAuthTokenModel) {
-    return clearCacheByToken(token.accessToken)
+    return TokensCache.Instance.clearCacheByToken(token.accessToken)
   }
 
   static loadByRefreshToken (refreshToken: string) {
@@ -206,6 +205,8 @@ export class OAuthTokenModel extends Model {
   }
 
   static deleteUserToken (userId: number, t?: Transaction) {
+    TokensCache.Instance.deleteUserToken(userId)
+
     const query = {
       where: {
         userId
diff --git a/server/tests/api/activitypub/security.ts b/server/tests/api/activitypub/security.ts
index 8bde54a40..364b53e0f 100644
--- a/server/tests/api/activitypub/security.ts
+++ b/server/tests/api/activitypub/security.ts
@@ -8,6 +8,8 @@ import {
   cleanupTests,
   closeAllSequelize,
   flushAndRunMultipleServers,
+  killallServers,
+  reRunServer,
   ServerInfo,
   setActorField,
   wait
@@ -20,21 +22,32 @@ import { buildGlobalHeaders } from '../../../lib/job-queue/handlers/utils/activi
 const expect = chai.expect
 
 function setKeysOfServer (onServer: ServerInfo, ofServer: ServerInfo, publicKey: string, privateKey: string) {
+  const url = 'http://localhost:' + ofServer.port + '/accounts/peertube'
+
   return Promise.all([
-    setActorField(onServer.internalServerNumber, 'http://localhost:' + ofServer.port + '/accounts/peertube', 'publicKey', publicKey),
-    setActorField(onServer.internalServerNumber, 'http://localhost:' + ofServer.port + '/accounts/peertube', 'privateKey', privateKey)
+    setActorField(onServer.internalServerNumber, url, 'publicKey', publicKey),
+    setActorField(onServer.internalServerNumber, url, 'privateKey', privateKey)
   ])
 }
 
-function getAnnounceWithoutContext (server2: ServerInfo) {
+function setUpdatedAtOfServer (onServer: ServerInfo, ofServer: ServerInfo, updatedAt: string) {
+  const url = 'http://localhost:' + ofServer.port + '/accounts/peertube'
+
+  return Promise.all([
+    setActorField(onServer.internalServerNumber, url, 'createdAt', updatedAt),
+    setActorField(onServer.internalServerNumber, url, 'updatedAt', updatedAt)
+  ])
+}
+
+function getAnnounceWithoutContext (server: ServerInfo) {
   const json = require('./json/peertube/announce-without-context.json')
   const result: typeof json = {}
 
   for (const key of Object.keys(json)) {
     if (Array.isArray(json[key])) {
-      result[key] = json[key].map(v => v.replace(':9002', `:${server2.port}`))
+      result[key] = json[key].map(v => v.replace(':9002', `:${server.port}`))
     } else {
-      result[key] = json[key].replace(':9002', `:${server2.port}`)
+      result[key] = json[key].replace(':9002', `:${server.port}`)
     }
   }
 
@@ -64,7 +77,8 @@ describe('Test ActivityPub security', function () {
 
     url = servers[0].url + '/inbox'
 
-    await setKeysOfServer(servers[0], servers[1], keys.publicKey, keys.privateKey)
+    await setKeysOfServer(servers[0], servers[1], keys.publicKey, null)
+    await setKeysOfServer(servers[1], servers[1], keys.publicKey, keys.privateKey)
 
     const to = { url: 'http://localhost:' + servers[0].port + '/accounts/peertube' }
     const by = { url: 'http://localhost:' + servers[1].port + '/accounts/peertube', privateKey: keys.privateKey }
@@ -79,9 +93,12 @@ describe('Test ActivityPub security', function () {
         Digest: buildDigest({ hello: 'coucou' })
       }
 
-      const { response } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
-
-      expect(response.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
+      try {
+        await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
+        expect(true, 'Did not throw').to.be.false
+      } catch (err) {
+        expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
+      }
     })
 
     it('Should fail with an invalid date', async function () {
@@ -89,9 +106,12 @@ describe('Test ActivityPub security', function () {
       const headers = buildGlobalHeaders(body)
       headers['date'] = 'Wed, 21 Oct 2015 07:28:00 GMT'
 
-      const { response } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
-
-      expect(response.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
+      try {
+        await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
+        expect(true, 'Did not throw').to.be.false
+      } catch (err) {
+        expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
+      }
     })
 
     it('Should fail with bad keys', async function () {
@@ -101,9 +121,12 @@ describe('Test ActivityPub security', function () {
       const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
       const headers = buildGlobalHeaders(body)
 
-      const { response } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
-
-      expect(response.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
+      try {
+        await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
+        expect(true, 'Did not throw').to.be.false
+      } catch (err) {
+        expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
+      }
     })
 
     it('Should reject requests without appropriate signed headers', async function () {
@@ -123,8 +146,12 @@ describe('Test ActivityPub security', function () {
       for (const badHeaders of badHeadersMatrix) {
         signatureOptions.headers = badHeaders
 
-        const { response } = await makePOSTAPRequest(url, body, signatureOptions, headers)
-        expect(response.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
+        try {
+          await makePOSTAPRequest(url, body, signatureOptions, headers)
+          expect(true, 'Did not throw').to.be.false
+        } catch (err) {
+          expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
+        }
       }
     })
 
@@ -132,27 +159,32 @@ describe('Test ActivityPub security', function () {
       const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
       const headers = buildGlobalHeaders(body)
 
-      const { response } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
-
-      expect(response.statusCode).to.equal(HttpStatusCode.NO_CONTENT_204)
+      const { statusCode } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
+      expect(statusCode).to.equal(HttpStatusCode.NO_CONTENT_204)
     })
 
     it('Should refresh the actor keys', async function () {
       this.timeout(20000)
 
-      // Wait refresh invalidation
-      await wait(10000)
-
       // Update keys of server 2 to invalid keys
       // Server 1 should refresh the actor and fail
       await setKeysOfServer(servers[1], servers[1], invalidKeys.publicKey, invalidKeys.privateKey)
+      await setUpdatedAtOfServer(servers[0], servers[1], '2015-07-17 22:00:00+00')
+
+      // Invalid peertube actor cache
+      killallServers([ servers[1] ])
+      await reRunServer(servers[1])
 
       const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
       const headers = buildGlobalHeaders(body)
 
-      const { response } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
-
-      expect(response.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
+      try {
+        await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
+        expect(true, 'Did not throw').to.be.false
+      } catch (err) {
+        console.error(err)
+        expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
+      }
     })
   })
 
@@ -183,9 +215,12 @@ describe('Test ActivityPub security', function () {
 
       const headers = buildGlobalHeaders(signedBody)
 
-      const { response } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)
-
-      expect(response.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
+      try {
+        await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)
+        expect(true, 'Did not throw').to.be.false
+      } catch (err) {
+        expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
+      }
     })
 
     it('Should fail with an altered body', async function () {
@@ -204,9 +239,12 @@ describe('Test ActivityPub security', function () {
 
       const headers = buildGlobalHeaders(signedBody)
 
-      const { response } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)
-
-      expect(response.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
+      try {
+        await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)
+        expect(true, 'Did not throw').to.be.false
+      } catch (err) {
+        expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
+      }
     })
 
     it('Should succeed with a valid signature', async function () {
@@ -220,9 +258,8 @@ describe('Test ActivityPub security', function () {
 
       const headers = buildGlobalHeaders(signedBody)
 
-      const { response } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)
-
-      expect(response.statusCode).to.equal(HttpStatusCode.NO_CONTENT_204)
+      const { statusCode } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)
+      expect(statusCode).to.equal(HttpStatusCode.NO_CONTENT_204)
     })
 
     it('Should refresh the actor keys', async function () {
@@ -243,9 +280,12 @@ describe('Test ActivityPub security', function () {
 
       const headers = buildGlobalHeaders(signedBody)
 
-      const { response } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)
-
-      expect(response.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
+      try {
+        await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)
+        expect(true, 'Did not throw').to.be.false
+      } catch (err) {
+        expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
+      }
     })
   })
 
diff --git a/server/tests/api/check-params/user-notifications.ts b/server/tests/api/check-params/user-notifications.ts
index 05a78b0ad..26d4423f9 100644
--- a/server/tests/api/check-params/user-notifications.ts
+++ b/server/tests/api/check-params/user-notifications.ts
@@ -176,7 +176,9 @@ describe('Test user notifications API validators', function () {
       newInstanceFollower: UserNotificationSettingValue.WEB,
       autoInstanceFollowing: UserNotificationSettingValue.WEB,
       abuseNewMessage: UserNotificationSettingValue.WEB,
-      abuseStateChange: UserNotificationSettingValue.WEB
+      abuseStateChange: UserNotificationSettingValue.WEB,
+      newPeerTubeVersion: UserNotificationSettingValue.WEB,
+      newPluginVersion: UserNotificationSettingValue.WEB
     }
 
     it('Should fail with missing fields', async function () {
diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts
index 0a13f5b67..2b03fde2d 100644
--- a/server/tests/api/check-params/users.ts
+++ b/server/tests/api/check-params/users.ts
@@ -241,7 +241,7 @@ describe('Test users API validators', function () {
     })
 
     it('Should succeed with no password on a server with smtp enabled', async function () {
-      this.timeout(10000)
+      this.timeout(20000)
 
       killallServers([ server ])
 
diff --git a/server/tests/api/notifications/admin-notifications.ts b/server/tests/api/notifications/admin-notifications.ts
new file mode 100644
index 000000000..e07327d74
--- /dev/null
+++ b/server/tests/api/notifications/admin-notifications.ts
@@ -0,0 +1,165 @@
+/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
+
+import 'mocha'
+import { expect } from 'chai'
+import { MockJoinPeerTubeVersions } from '@shared/extra-utils/mock-servers/joinpeertube-versions'
+import { cleanupTests, installPlugin, setPluginLatestVersion, setPluginVersion, wait } from '../../../../shared/extra-utils'
+import { ServerInfo } from '../../../../shared/extra-utils/index'
+import { MockSmtpServer } from '../../../../shared/extra-utils/miscs/email'
+import {
+  CheckerBaseParams,
+  checkNewPeerTubeVersion,
+  checkNewPluginVersion,
+  prepareNotificationsTest
+} from '../../../../shared/extra-utils/users/user-notifications'
+import { UserNotification, UserNotificationType } from '../../../../shared/models/users'
+import { PluginType } from '@shared/models'
+
+describe('Test admin notifications', function () {
+  let server: ServerInfo
+  let userNotifications: UserNotification[] = []
+  let adminNotifications: UserNotification[] = []
+  let emails: object[] = []
+  let baseParams: CheckerBaseParams
+  let joinPeerTubeServer: MockJoinPeerTubeVersions
+
+  before(async function () {
+    this.timeout(120000)
+
+    const config = {
+      peertube: {
+        check_latest_version: {
+          enabled: true,
+          url: 'http://localhost:42102/versions.json'
+        }
+      },
+      plugins: {
+        index: {
+          enabled: true,
+          check_latest_versions_interval: '5 seconds'
+        }
+      }
+    }
+
+    const res = await prepareNotificationsTest(1, config)
+    emails = res.emails
+    server = res.servers[0]
+
+    userNotifications = res.userNotifications
+    adminNotifications = res.adminNotifications
+
+    baseParams = {
+      server: server,
+      emails,
+      socketNotifications: adminNotifications,
+      token: server.accessToken
+    }
+
+    await installPlugin({
+      url: server.url,
+      accessToken: server.accessToken,
+      npmName: 'peertube-plugin-hello-world'
+    })
+
+    await installPlugin({
+      url: server.url,
+      accessToken: server.accessToken,
+      npmName: 'peertube-theme-background-red'
+    })
+
+    joinPeerTubeServer = new MockJoinPeerTubeVersions()
+    await joinPeerTubeServer.initialize()
+  })
+
+  describe('Latest PeerTube version notification', function () {
+
+    it('Should not send a notification to admins if there is not a new version', async function () {
+      this.timeout(30000)
+
+      joinPeerTubeServer.setLatestVersion('1.4.2')
+
+      await wait(3000)
+      await checkNewPeerTubeVersion(baseParams, '1.4.2', 'absence')
+    })
+
+    it('Should send a notification to admins on new plugin version', async function () {
+      this.timeout(30000)
+
+      joinPeerTubeServer.setLatestVersion('15.4.2')
+
+      await wait(3000)
+      await checkNewPeerTubeVersion(baseParams, '15.4.2', 'presence')
+    })
+
+    it('Should not send the same notification to admins', async function () {
+      this.timeout(30000)
+
+      await wait(3000)
+      expect(adminNotifications.filter(n => n.type === UserNotificationType.NEW_PEERTUBE_VERSION)).to.have.lengthOf(1)
+    })
+
+    it('Should not have sent a notification to users', async function () {
+      this.timeout(30000)
+
+      expect(userNotifications.filter(n => n.type === UserNotificationType.NEW_PEERTUBE_VERSION)).to.have.lengthOf(0)
+    })
+
+    it('Should send a new notification after a new release', async function () {
+      this.timeout(30000)
+
+      joinPeerTubeServer.setLatestVersion('15.4.3')
+
+      await wait(3000)
+      await checkNewPeerTubeVersion(baseParams, '15.4.3', 'presence')
+      expect(adminNotifications.filter(n => n.type === UserNotificationType.NEW_PEERTUBE_VERSION)).to.have.lengthOf(2)
+    })
+  })
+
+  describe('Latest plugin version notification', function () {
+
+    it('Should not send a notification to admins if there is no new plugin version', async function () {
+      this.timeout(30000)
+
+      await wait(6000)
+      await checkNewPluginVersion(baseParams, PluginType.PLUGIN, 'hello-world', 'absence')
+    })
+
+    it('Should send a notification to admins on new plugin version', async function () {
+      this.timeout(30000)
+
+      await setPluginVersion(server.internalServerNumber, 'hello-world', '0.0.1')
+      await setPluginLatestVersion(server.internalServerNumber, 'hello-world', '0.0.1')
+      await wait(6000)
+
+      await checkNewPluginVersion(baseParams, PluginType.PLUGIN, 'hello-world', 'presence')
+    })
+
+    it('Should not send the same notification to admins', async function () {
+      this.timeout(30000)
+
+      await wait(6000)
+
+      expect(adminNotifications.filter(n => n.type === UserNotificationType.NEW_PLUGIN_VERSION)).to.have.lengthOf(1)
+    })
+
+    it('Should not have sent a notification to users', async function () {
+      expect(userNotifications.filter(n => n.type === UserNotificationType.NEW_PLUGIN_VERSION)).to.have.lengthOf(0)
+    })
+
+    it('Should send a new notification after a new plugin release', async function () {
+      this.timeout(30000)
+
+      await setPluginVersion(server.internalServerNumber, 'hello-world', '0.0.1')
+      await setPluginLatestVersion(server.internalServerNumber, 'hello-world', '0.0.1')
+      await wait(6000)
+
+      expect(adminNotifications.filter(n => n.type === UserNotificationType.NEW_PEERTUBE_VERSION)).to.have.lengthOf(2)
+    })
+  })
+
+  after(async function () {
+    MockSmtpServer.Instance.kill()
+
+    await cleanupTests([ server ])
+  })
+})
diff --git a/server/tests/api/notifications/index.ts b/server/tests/api/notifications/index.ts
index bd07a339e..8caa30a3d 100644
--- a/server/tests/api/notifications/index.ts
+++ b/server/tests/api/notifications/index.ts
@@ -1,3 +1,4 @@
+import './admin-notifications'
 import './comments-notifications'
 import './moderation-notifications'
 import './notifications-api'
diff --git a/server/tests/api/server/handle-down.ts b/server/tests/api/server/handle-down.ts
index 043754e70..f3ba11950 100644
--- a/server/tests/api/server/handle-down.ts
+++ b/server/tests/api/server/handle-down.ts
@@ -348,8 +348,8 @@ describe('Test handle downs', function () {
 
     for (let i = 0; i < 3; i++) {
       await getVideo(servers[1].url, videoIdsServer1[i])
-      await wait(1000)
       await waitJobs([ servers[1] ])
+      await wait(1500)
     }
 
     for (const id of videoIdsServer1) {
diff --git a/server/tests/api/users/users.ts b/server/tests/api/users/users.ts
index 62a59033f..cea98aac7 100644
--- a/server/tests/api/users/users.ts
+++ b/server/tests/api/users/users.ts
@@ -4,10 +4,12 @@ import 'mocha'
 import * as chai from 'chai'
 import { AbuseState, AbuseUpdate, MyUser, User, UserRole, Video, VideoPlaylistType } from '@shared/models'
 import { CustomConfig } from '@shared/models/server'
+import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes'
 import {
   addVideoCommentThread,
   blockUser,
   cleanupTests,
+  closeAllSequelize,
   createUser,
   deleteMe,
   flushAndRunServer,
@@ -24,6 +26,7 @@ import {
   getVideoChannel,
   getVideosList,
   installPlugin,
+  killallServers,
   login,
   makePutBodyRequest,
   rateVideo,
@@ -31,7 +34,9 @@ import {
   removeUser,
   removeVideo,
   reportAbuse,
+  reRunServer,
   ServerInfo,
+  setTokenField,
   testImage,
   unblockUser,
   updateAbuse,
@@ -44,10 +49,9 @@ import {
   waitJobs
 } from '../../../../shared/extra-utils'
 import { follow } from '../../../../shared/extra-utils/server/follows'
-import { logout, serverLogin, setAccessTokensToServers } from '../../../../shared/extra-utils/users/login'
+import { logout, refreshToken, setAccessTokensToServers } from '../../../../shared/extra-utils/users/login'
 import { getMyVideos } from '../../../../shared/extra-utils/videos/videos'
 import { UserAdminFlag } from '../../../../shared/models/users/user-flag.model'
-import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes'
 
 const expect = chai.expect
 
@@ -89,6 +93,7 @@ describe('Test users', function () {
       const client = { id: 'client', secret: server.client.secret }
       const res = await login(server.url, client, server.user, HttpStatusCode.BAD_REQUEST_400)
 
+      expect(res.body.code).to.equal('invalid_client')
       expect(res.body.error).to.contain('client is invalid')
     })
 
@@ -96,6 +101,7 @@ describe('Test users', function () {
       const client = { id: server.client.id, secret: 'coucou' }
       const res = await login(server.url, client, server.user, HttpStatusCode.BAD_REQUEST_400)
 
+      expect(res.body.code).to.equal('invalid_client')
       expect(res.body.error).to.contain('client is invalid')
     })
   })
@@ -106,6 +112,7 @@ describe('Test users', function () {
       const user = { username: 'captain crochet', password: server.user.password }
       const res = await login(server.url, server.client, user, HttpStatusCode.BAD_REQUEST_400)
 
+      expect(res.body.code).to.equal('invalid_grant')
       expect(res.body.error).to.contain('credentials are invalid')
     })
 
@@ -113,6 +120,7 @@ describe('Test users', function () {
       const user = { username: server.user.username, password: 'mew_three' }
       const res = await login(server.url, server.client, user, HttpStatusCode.BAD_REQUEST_400)
 
+      expect(res.body.code).to.equal('invalid_grant')
       expect(res.body.error).to.contain('credentials are invalid')
     })
 
@@ -245,12 +253,44 @@ describe('Test users', function () {
     })
 
     it('Should be able to login again', async function () {
-      server.accessToken = await serverLogin(server)
+      const res = await login(server.url, server.client, server.user)
+      server.accessToken = res.body.access_token
+      server.refreshToken = res.body.refresh_token
+    })
+
+    it('Should be able to get my user information again', async function () {
+      await getMyUserInformation(server.url, server.accessToken)
+    })
+
+    it('Should have an expired access token', async function () {
+      this.timeout(15000)
+
+      await setTokenField(server.internalServerNumber, server.accessToken, 'accessTokenExpiresAt', new Date().toISOString())
+      await setTokenField(server.internalServerNumber, server.accessToken, 'refreshTokenExpiresAt', new Date().toISOString())
+
+      killallServers([ server ])
+      await reRunServer(server)
+
+      await getMyUserInformation(server.url, server.accessToken, 401)
+    })
+
+    it('Should not be able to refresh an access token with an expired refresh token', async function () {
+      await refreshToken(server, server.refreshToken, 400)
     })
 
-    it('Should have an expired access token')
+    it('Should refresh the token', async function () {
+      this.timeout(15000)
+
+      const futureDate = new Date(new Date().getTime() + 1000 * 60).toISOString()
+      await setTokenField(server.internalServerNumber, server.accessToken, 'refreshTokenExpiresAt', futureDate)
 
-    it('Should refresh the token')
+      killallServers([ server ])
+      await reRunServer(server)
+
+      const res = await refreshToken(server, server.refreshToken)
+      server.accessToken = res.body.access_token
+      server.refreshToken = res.body.refresh_token
+    })
 
     it('Should be able to get my user information again', async function () {
       await getMyUserInformation(server.url, server.accessToken)
@@ -976,6 +1016,7 @@ describe('Test users', function () {
   })
 
   after(async function () {
+    await closeAllSequelize([ server ])
     await cleanupTests([ server ])
   })
 })
diff --git a/server/tests/cli/index.ts b/server/tests/cli/index.ts
index 242589010..7e6eebd17 100644
--- a/server/tests/cli/index.ts
+++ b/server/tests/cli/index.ts
@@ -6,5 +6,6 @@ import './peertube'
 import './plugins'
 import './print-transcode-command'
 import './prune-storage'
+import './regenerate-thumbnails'
 import './reset-password'
 import './update-host'
diff --git a/server/tests/cli/regenerate-thumbnails.ts b/server/tests/cli/regenerate-thumbnails.ts
new file mode 100644
index 000000000..56005518a
--- /dev/null
+++ b/server/tests/cli/regenerate-thumbnails.ts
@@ -0,0 +1,110 @@
+import 'mocha'
+import { expect } from 'chai'
+import { writeFile } from 'fs-extra'
+import { basename, join } from 'path'
+import { Video } from '@shared/models'
+import {
+  buildServerDirectory,
+  cleanupTests,
+  doubleFollow,
+  execCLI,
+  flushAndRunMultipleServers,
+  getEnvCli,
+  getVideo,
+  makeRawRequest,
+  ServerInfo,
+  setAccessTokensToServers,
+  uploadVideoAndGetId,
+  waitJobs
+} from '../../../shared/extra-utils'
+import { HttpStatusCode } from '@shared/core-utils'
+
+describe('Test regenerate thumbnails script', function () {
+  let servers: ServerInfo[]
+
+  let video1: Video
+  let video2: Video
+  let remoteVideo: Video
+
+  let thumbnail1Path: string
+  let thumbnailRemotePath: string
+
+  before(async function () {
+    this.timeout(60000)
+
+    servers = await flushAndRunMultipleServers(2)
+    await setAccessTokensToServers(servers)
+
+    await doubleFollow(servers[0], servers[1])
+
+    {
+      const videoUUID1 = (await uploadVideoAndGetId({ server: servers[0], videoName: 'video 1' })).uuid
+      video1 = await (getVideo(servers[0].url, videoUUID1).then(res => res.body))
+
+      thumbnail1Path = join(buildServerDirectory(servers[0], 'thumbnails'), basename(video1.thumbnailPath))
+
+      const videoUUID2 = (await uploadVideoAndGetId({ server: servers[0], videoName: 'video 2' })).uuid
+      video2 = await (getVideo(servers[0].url, videoUUID2).then(res => res.body))
+    }
+
+    {
+      const videoUUID = (await uploadVideoAndGetId({ server: servers[1], videoName: 'video 3' })).uuid
+      await waitJobs(servers)
+
+      remoteVideo = await (getVideo(servers[0].url, videoUUID).then(res => res.body))
+
+      thumbnailRemotePath = join(buildServerDirectory(servers[0], 'thumbnails'), basename(remoteVideo.thumbnailPath))
+    }
+
+    await writeFile(thumbnail1Path, '')
+    await writeFile(thumbnailRemotePath, '')
+  })
+
+  it('Should have empty thumbnails', async function () {
+    {
+      const res = await makeRawRequest(join(servers[0].url, video1.thumbnailPath), HttpStatusCode.OK_200)
+      expect(res.body).to.have.lengthOf(0)
+    }
+
+    {
+      const res = await makeRawRequest(join(servers[0].url, video2.thumbnailPath), HttpStatusCode.OK_200)
+      expect(res.body).to.not.have.lengthOf(0)
+    }
+
+    {
+      const res = await makeRawRequest(join(servers[0].url, remoteVideo.thumbnailPath), HttpStatusCode.OK_200)
+      expect(res.body).to.have.lengthOf(0)
+    }
+  })
+
+  it('Should regenerate thumbnails from the CLI', async function () {
+    this.timeout(15000)
+
+    const env = getEnvCli(servers[0])
+    await execCLI(`${env} npm run regenerate-thumbnails`)
+  })
+
+  it('Should have regenerated thumbbnails', async function () {
+    {
+      const res1 = await makeRawRequest(join(servers[0].url, video1.thumbnailPath), HttpStatusCode.OK_200)
+      expect(res1.body).to.not.have.lengthOf(0)
+
+      const res2 = await makeRawRequest(join(servers[0].url, video1.previewPath), HttpStatusCode.OK_200)
+      expect(res2.body).to.not.have.lengthOf(0)
+    }
+
+    {
+      const res = await makeRawRequest(join(servers[0].url, video2.thumbnailPath), HttpStatusCode.OK_200)
+      expect(res.body).to.not.have.lengthOf(0)
+    }
+
+    {
+      const res = await makeRawRequest(join(servers[0].url, remoteVideo.thumbnailPath), HttpStatusCode.OK_200)
+      expect(res.body).to.have.lengthOf(0)
+    }
+  })
+
+  after(async function () {
+    await cleanupTests(servers)
+  })
+})
diff --git a/server/tests/fixtures/peertube-plugin-test/main.js b/server/tests/fixtures/peertube-plugin-test/main.js
index 305d92002..ee0bc39f3 100644
--- a/server/tests/fixtures/peertube-plugin-test/main.js
+++ b/server/tests/fixtures/peertube-plugin-test/main.js
@@ -184,6 +184,76 @@ async function register ({ registerHook, registerSetting, settingsManager, stora
       return result
     }
   })
+
+  registerHook({
+    target: 'filter:api.download.torrent.allowed.result',
+    handler: (result, params) => {
+      if (params && params.downloadName.includes('bad torrent')) {
+        return { allowed: false, errorMessage: 'Liu Bei' }
+      }
+
+      return result
+    }
+  })
+
+  registerHook({
+    target: 'filter:api.download.video.allowed.result',
+    handler: (result, params) => {
+      if (params && !params.streamingPlaylist && params.video.name.includes('bad file')) {
+        return { allowed: false, errorMessage: 'Cao Cao' }
+      }
+
+      if (params && params.streamingPlaylist && params.video.name.includes('bad playlist file')) {
+        return { allowed: false, errorMessage: 'Sun Jian' }
+      }
+
+      return result
+    }
+  })
+
+  registerHook({
+    target: 'filter:html.embed.video.allowed.result',
+    handler: (result, params) => {
+      return {
+        allowed: false,
+        html: 'Lu Bu'
+      }
+    }
+  })
+
+  registerHook({
+    target: 'filter:html.embed.video-playlist.allowed.result',
+    handler: (result, params) => {
+      return {
+        allowed: false,
+        html: 'Diao Chan'
+      }
+    }
+  })
+
+  {
+    const searchHooks = [
+      'filter:api.search.videos.local.list.params',
+      'filter:api.search.videos.local.list.result',
+      'filter:api.search.videos.index.list.params',
+      'filter:api.search.videos.index.list.result',
+      'filter:api.search.video-channels.local.list.params',
+      'filter:api.search.video-channels.local.list.result',
+      'filter:api.search.video-channels.index.list.params',
+      'filter:api.search.video-channels.index.list.result',
+    ]
+
+    for (const h of searchHooks) {
+      registerHook({
+        target: h,
+        handler: (obj) => {
+          peertubeHelpers.logger.debug('Run hook %s.', h)
+
+          return obj
+        }
+      })
+    }
+  }
 }
 
 async function unregister () {
diff --git a/server/tests/helpers/request.ts b/server/tests/helpers/request.ts
index f8b2d599b..5e77f129e 100644
--- a/server/tests/helpers/request.ts
+++ b/server/tests/helpers/request.ts
@@ -1,11 +1,11 @@
 /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
 
 import 'mocha'
-import { doRequest, doRequestAndSaveToFile } from '../../helpers/requests'
-import { get4KFileUrl, root, wait } from '../../../shared/extra-utils'
-import { join } from 'path'
-import { pathExists, remove } from 'fs-extra'
 import { expect } from 'chai'
+import { pathExists, remove } from 'fs-extra'
+import { join } from 'path'
+import { get4KFileUrl, root, wait } from '../../../shared/extra-utils'
+import { doRequest, doRequestAndSaveToFile } from '../../helpers/requests'
 
 describe('Request helpers', function () {
   const destPath1 = join(root(), 'test-output-1.txt')
@@ -13,7 +13,7 @@ describe('Request helpers', function () {
 
   it('Should throw an error when the bytes limit is exceeded for request', async function () {
     try {
-      await doRequest({ uri: get4KFileUrl() }, 3)
+      await doRequest(get4KFileUrl(), { bodyKBLimit: 3 })
     } catch {
       return
     }
@@ -23,7 +23,7 @@ describe('Request helpers', function () {
 
   it('Should throw an error when the bytes limit is exceeded for request and save file', async function () {
     try {
-      await doRequestAndSaveToFile({ uri: get4KFileUrl() }, destPath1, 3)
+      await doRequestAndSaveToFile(get4KFileUrl(), destPath1, { bodyKBLimit: 3 })
     } catch {
 
       await wait(500)
@@ -35,8 +35,8 @@ describe('Request helpers', function () {
   })
 
   it('Should succeed if the file is below the limit', async function () {
-    await doRequest({ uri: get4KFileUrl() }, 5)
-    await doRequestAndSaveToFile({ uri: get4KFileUrl() }, destPath2, 5)
+    await doRequest(get4KFileUrl(), { bodyKBLimit: 5 })
+    await doRequestAndSaveToFile(get4KFileUrl(), destPath2, { bodyKBLimit: 5 })
 
     expect(await pathExists(destPath2)).to.be.true
   })
diff --git a/server/tests/plugins/external-auth.ts b/server/tests/plugins/external-auth.ts
index a1b5e8f5d..5addb45c7 100644
--- a/server/tests/plugins/external-auth.ts
+++ b/server/tests/plugins/external-auth.ts
@@ -137,7 +137,7 @@ describe('Test external auth plugins', function () {
 
     await loginUsingExternalToken(server, 'cyan', externalAuthToken, HttpStatusCode.BAD_REQUEST_400)
 
-    await waitUntilLog(server, 'expired external auth token')
+    await waitUntilLog(server, 'expired external auth token', 2)
   })
 
   it('Should auto login Cyan, create the user and use the token', async function () {
diff --git a/server/tests/plugins/filter-hooks.ts b/server/tests/plugins/filter-hooks.ts
index d88170201..ac958c5f5 100644
--- a/server/tests/plugins/filter-hooks.ts
+++ b/server/tests/plugins/filter-hooks.ts
@@ -2,11 +2,15 @@
 
 import 'mocha'
 import * as chai from 'chai'
+import { advancedVideoChannelSearch } from '@shared/extra-utils/search/video-channels'
 import { ServerConfig } from '@shared/models'
+import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes'
 import {
   addVideoCommentReply,
   addVideoCommentThread,
+  advancedVideosSearch,
   createLive,
+  createVideoPlaylist,
   doubleFollow,
   getAccountVideos,
   getConfig,
@@ -15,24 +19,33 @@ import {
   getVideo,
   getVideoChannelVideos,
   getVideoCommentThreads,
+  getVideoPlaylist,
   getVideosList,
   getVideosListPagination,
   getVideoThreadComments,
   getVideoWithToken,
   installPlugin,
+  makeRawRequest,
   registerUser,
   setAccessTokensToServers,
   setDefaultVideoChannel,
   updateCustomSubConfig,
   updateVideo,
   uploadVideo,
+  uploadVideoAndGetId,
   waitJobs
 } from '../../../shared/extra-utils'
-import { cleanupTests, flushAndRunMultipleServers, ServerInfo } from '../../../shared/extra-utils/server/servers'
+import { cleanupTests, flushAndRunMultipleServers, ServerInfo, waitUntilLog } from '../../../shared/extra-utils/server/servers'
 import { getGoodVideoUrl, getMyVideoImports, importVideo } from '../../../shared/extra-utils/videos/video-imports'
-import { VideoDetails, VideoImport, VideoImportState, VideoPrivacy } from '../../../shared/models/videos'
+import {
+  VideoDetails,
+  VideoImport,
+  VideoImportState,
+  VideoPlaylist,
+  VideoPlaylistPrivacy,
+  VideoPrivacy
+} from '../../../shared/models/videos'
 import { VideoCommentThreadTree } from '../../../shared/models/videos/video-comment.model'
-import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes'
 
 const expect = chai.expect
 
@@ -355,6 +368,165 @@ describe('Test plugin filter hooks', function () {
     })
   })
 
+  describe('Download hooks', function () {
+    const downloadVideos: VideoDetails[] = []
+
+    before(async function () {
+      this.timeout(60000)
+
+      await updateCustomSubConfig(servers[0].url, servers[0].accessToken, {
+        transcoding: {
+          webtorrent: {
+            enabled: true
+          },
+          hls: {
+            enabled: true
+          }
+        }
+      })
+
+      const uuids: string[] = []
+
+      for (const name of [ 'bad torrent', 'bad file', 'bad playlist file' ]) {
+        const uuid = (await uploadVideoAndGetId({ server: servers[0], videoName: name })).uuid
+        uuids.push(uuid)
+      }
+
+      await waitJobs(servers)
+
+      for (const uuid of uuids) {
+        const res = await getVideo(servers[0].url, uuid)
+        downloadVideos.push(res.body)
+      }
+    })
+
+    it('Should run filter:api.download.torrent.allowed.result', async function () {
+      const res = await makeRawRequest(downloadVideos[0].files[0].torrentDownloadUrl, 403)
+      expect(res.body.error).to.equal('Liu Bei')
+
+      await makeRawRequest(downloadVideos[1].files[0].torrentDownloadUrl, 200)
+      await makeRawRequest(downloadVideos[2].files[0].torrentDownloadUrl, 200)
+    })
+
+    it('Should run filter:api.download.video.allowed.result', async function () {
+      {
+        const res = await makeRawRequest(downloadVideos[1].files[0].fileDownloadUrl, 403)
+        expect(res.body.error).to.equal('Cao Cao')
+
+        await makeRawRequest(downloadVideos[0].files[0].fileDownloadUrl, 200)
+        await makeRawRequest(downloadVideos[2].files[0].fileDownloadUrl, 200)
+      }
+
+      {
+        const res = await makeRawRequest(downloadVideos[2].streamingPlaylists[0].files[0].fileDownloadUrl, 403)
+        expect(res.body.error).to.equal('Sun Jian')
+
+        await makeRawRequest(downloadVideos[2].files[0].fileDownloadUrl, 200)
+
+        await makeRawRequest(downloadVideos[0].streamingPlaylists[0].files[0].fileDownloadUrl, 200)
+        await makeRawRequest(downloadVideos[1].streamingPlaylists[0].files[0].fileDownloadUrl, 200)
+      }
+    })
+  })
+
+  describe('Embed filters', function () {
+    const embedVideos: VideoDetails[] = []
+    const embedPlaylists: VideoPlaylist[] = []
+
+    before(async function () {
+      this.timeout(60000)
+
+      await updateCustomSubConfig(servers[0].url, servers[0].accessToken, {
+        transcoding: {
+          enabled: false
+        }
+      })
+
+      for (const name of [ 'bad embed', 'good embed' ]) {
+        {
+          const uuid = (await uploadVideoAndGetId({ server: servers[0], videoName: name })).uuid
+          const res = await getVideo(servers[0].url, uuid)
+          embedVideos.push(res.body)
+        }
+
+        {
+          const playlistAttrs = { displayName: name, videoChannelId: servers[0].videoChannel.id, privacy: VideoPlaylistPrivacy.PUBLIC }
+          const res = await createVideoPlaylist({ url: servers[0].url, token: servers[0].accessToken, playlistAttrs })
+
+          const resPlaylist = await getVideoPlaylist(servers[0].url, res.body.videoPlaylist.id)
+          embedPlaylists.push(resPlaylist.body)
+        }
+      }
+    })
+
+    it('Should run filter:html.embed.video.allowed.result', async function () {
+      const res = await makeRawRequest(servers[0].url + embedVideos[0].embedPath, 200)
+      expect(res.text).to.equal('Lu Bu')
+    })
+
+    it('Should run filter:html.embed.video-playlist.allowed.result', async function () {
+      const res = await makeRawRequest(servers[0].url + embedPlaylists[0].embedPath, 200)
+      expect(res.text).to.equal('Diao Chan')
+    })
+  })
+
+  describe('Search filters', function () {
+
+    before(async function () {
+      await updateCustomSubConfig(servers[0].url, servers[0].accessToken, {
+        search: {
+          searchIndex: {
+            enabled: true,
+            isDefaultSearch: false,
+            disableLocalSearch: false
+          }
+        }
+      })
+    })
+
+    it('Should run filter:api.search.videos.local.list.{params,result}', async function () {
+      await advancedVideosSearch(servers[0].url, {
+        search: 'Sun Quan'
+      })
+
+      await waitUntilLog(servers[0], 'Run hook filter:api.search.videos.local.list.params', 1)
+      await waitUntilLog(servers[0], 'Run hook filter:api.search.videos.local.list.result', 1)
+    })
+
+    it('Should run filter:api.search.videos.index.list.{params,result}', async function () {
+      await advancedVideosSearch(servers[0].url, {
+        search: 'Sun Quan',
+        searchTarget: 'search-index'
+      })
+
+      await waitUntilLog(servers[0], 'Run hook filter:api.search.videos.local.list.params', 1)
+      await waitUntilLog(servers[0], 'Run hook filter:api.search.videos.local.list.result', 1)
+      await waitUntilLog(servers[0], 'Run hook filter:api.search.videos.index.list.params', 1)
+      await waitUntilLog(servers[0], 'Run hook filter:api.search.videos.index.list.result', 1)
+    })
+
+    it('Should run filter:api.search.video-channels.local.list.{params,result}', async function () {
+      await advancedVideoChannelSearch(servers[0].url, {
+        search: 'Sun Ce'
+      })
+
+      await waitUntilLog(servers[0], 'Run hook filter:api.search.video-channels.local.list.params', 1)
+      await waitUntilLog(servers[0], 'Run hook filter:api.search.video-channels.local.list.result', 1)
+    })
+
+    it('Should run filter:api.search.video-channels.index.list.{params,result}', async function () {
+      await advancedVideoChannelSearch(servers[0].url, {
+        search: 'Sun Ce',
+        searchTarget: 'search-index'
+      })
+
+      await waitUntilLog(servers[0], 'Run hook filter:api.search.video-channels.local.list.params', 1)
+      await waitUntilLog(servers[0], 'Run hook filter:api.search.video-channels.local.list.result', 1)
+      await waitUntilLog(servers[0], 'Run hook filter:api.search.video-channels.index.list.params', 1)
+      await waitUntilLog(servers[0], 'Run hook filter:api.search.video-channels.index.list.result', 1)
+    })
+  })
+
   after(async function () {
     await cleanupTests(servers)
   })
diff --git a/server/tools/peertube-import-videos.ts b/server/tools/peertube-import-videos.ts
index 9be0834ba..915995031 100644
--- a/server/tools/peertube-import-videos.ts
+++ b/server/tools/peertube-import-videos.ts
@@ -202,10 +202,7 @@ async function uploadVideoOnPeerTube (parameters: {
   if (videoInfo.thumbnail) {
     thumbnailfile = join(cwd, sha256(videoInfo.thumbnail) + '.jpg')
 
-    await doRequestAndSaveToFile({
-      method: 'GET',
-      uri: videoInfo.thumbnail
-    }, thumbnailfile)
+    await doRequestAndSaveToFile(videoInfo.thumbnail, thumbnailfile)
   }
 
   const originallyPublishedAt = buildOriginallyPublishedAt(videoInfo)
diff --git a/server/types/models/application/application.ts b/server/types/models/application/application.ts
new file mode 100644
index 000000000..9afb9ad70
--- /dev/null
+++ b/server/types/models/application/application.ts
@@ -0,0 +1,5 @@
+import { ApplicationModel } from '@server/models/application/application'
+
+// ############################################################################
+
+export type MApplication = Omit<ApplicationModel, 'Account'>
diff --git a/server/types/models/application/index.ts b/server/types/models/application/index.ts
new file mode 100644
index 000000000..26e4b031f
--- /dev/null
+++ b/server/types/models/application/index.ts
@@ -0,0 +1 @@
+export * from './application'
diff --git a/server/types/models/index.ts b/server/types/models/index.ts
index affa17425..b4fdb1ff3 100644
--- a/server/types/models/index.ts
+++ b/server/types/models/index.ts
@@ -1,4 +1,5 @@
 export * from './account'
+export * from './application'
 export * from './moderation'
 export * from './oauth'
 export * from './server'
diff --git a/server/types/models/user/user-notification.ts b/server/types/models/user/user-notification.ts
index 58764a748..6988086f1 100644
--- a/server/types/models/user/user-notification.ts
+++ b/server/types/models/user/user-notification.ts
@@ -1,5 +1,7 @@
 import { VideoAbuseModel } from '@server/models/abuse/video-abuse'
 import { VideoCommentAbuseModel } from '@server/models/abuse/video-comment-abuse'
+import { ApplicationModel } from '@server/models/application/application'
+import { PluginModel } from '@server/models/server/plugin'
 import { PickWith, PickWithOpt } from '@shared/core-utils'
 import { AbuseModel } from '../../../models/abuse/abuse'
 import { AccountModel } from '../../../models/account/account'
@@ -85,13 +87,19 @@ export module UserNotificationIncludes {
     Pick<ActorFollowModel, 'id' | 'state'> &
     PickWith<ActorFollowModel, 'ActorFollower', ActorFollower> &
     PickWith<ActorFollowModel, 'ActorFollowing', ActorFollowing>
+
+  export type PluginInclude =
+    Pick<PluginModel, 'id' | 'name' | 'type' | 'latestVersion'>
+
+  export type ApplicationInclude =
+    Pick<ApplicationModel, 'latestPeerTubeVersion'>
 }
 
 // ############################################################################
 
 export type MUserNotification =
   Omit<UserNotificationModel, 'User' | 'Video' | 'Comment' | 'Abuse' | 'VideoBlacklist' |
-  'VideoImport' | 'Account' | 'ActorFollow'>
+  'VideoImport' | 'Account' | 'ActorFollow' | 'Plugin' | 'Application'>
 
 // ############################################################################
 
@@ -103,4 +111,6 @@ export type UserNotificationModelForApi =
   Use<'VideoBlacklist', UserNotificationIncludes.VideoBlacklistInclude> &
   Use<'VideoImport', UserNotificationIncludes.VideoImportInclude> &
   Use<'ActorFollow', UserNotificationIncludes.ActorFollowInclude> &
+  Use<'Plugin', UserNotificationIncludes.PluginInclude> &
+  Use<'Application', UserNotificationIncludes.ApplicationInclude> &
   Use<'Account', UserNotificationIncludes.AccountIncludeActor>
diff --git a/server/typings/express/index.d.ts b/server/typings/express/index.d.ts
index 66acfb3f5..b0004dc7b 100644
--- a/server/typings/express/index.d.ts
+++ b/server/typings/express/index.d.ts
@@ -17,7 +17,6 @@ import { MPlugin, MServer, MServerBlocklist } from '@server/types/models/server'
 import { MVideoImportDefault } from '@server/types/models/video/video-import'
 import { MVideoPlaylistElement, MVideoPlaylistElementVideoUrlPlaylistPrivacy } from '@server/types/models/video/video-playlist-element'
 import { MAccountVideoRateAccountVideo } from '@server/types/models/video/video-rate'
-import { UserRole } from '@shared/models'
 import { RegisteredPlugin } from '../../lib/plugins/plugin-manager'
 import {
   MAccountDefault,
@@ -49,22 +48,6 @@ declare module 'express' {
 }
 
 interface PeerTubeLocals {
-  bypassLogin?: {
-    bypass: boolean
-    pluginName: string
-    authName?: string
-    user: {
-      username: string
-      email: string
-      displayName: string
-      role: UserRole
-    }
-  }
-
-  refreshTokenAuthName?: string
-
-  explicitLogout?: boolean
-
   videoAll?: MVideoFullLight
   onlyImmutableVideo?: MVideoImmutable
   onlyVideo?: MVideoThumbnail