104 files changed, 1817 insertions, 1198 deletions

diff --git a/server/controllers/activitypub/client.ts b/server/controllers/activitypub/client.ts
index 8e064fb5b..def320730 100644
--- a/server/controllers/activitypub/client.ts
+++ b/server/controllers/activitypub/client.ts
@@ -309,7 +309,7 @@ async function videoCommentsController (req: express.Request, res: express.Respo
   if (redirectIfNotOwned(video.url, res)) return
 
   const handler = async (start: number, count: number) => {
-    const result = await VideoCommentModel.listAndCountByVideoForAP(video, start, count)
+    const result = await VideoCommentModel.listAndCountByVideoForAP({ video, start, count })
 
     return {
       total: result.total,
diff --git a/server/controllers/api/videos/comment.ts b/server/controllers/api/videos/comment.ts
index 44d64776c..70ca21500 100644
--- a/server/controllers/api/videos/comment.ts
+++ b/server/controllers/api/videos/comment.ts
@@ -1,4 +1,6 @@
+import { MCommentFormattable } from '@server/types/models'
 import express from 'express'
+
 import { ResultList, ThreadsResultList, UserRight, VideoCommentCreate } from '../../../../shared/models'
 import { HttpStatusCode } from '../../../../shared/models/http/http-error-codes'
 import { VideoCommentThreads } from '../../../../shared/models/videos/comment/video-comment.model'
@@ -109,7 +111,7 @@ async function listVideoThreads (req: express.Request, res: express.Response) {
   const video = res.locals.onlyVideo
   const user = res.locals.oauth ? res.locals.oauth.token.User : undefined
 
-  let resultList: ThreadsResultList<VideoCommentModel>
+  let resultList: ThreadsResultList<MCommentFormattable>
 
   if (video.commentsEnabled === true) {
     const apiOptions = await Hooks.wrapObject({
@@ -144,12 +146,11 @@ async function listVideoThreadComments (req: express.Request, res: express.Respo
   const video = res.locals.onlyVideo
   const user = res.locals.oauth ? res.locals.oauth.token.User : undefined
 
-  let resultList: ResultList<VideoCommentModel>
+  let resultList: ResultList<MCommentFormattable>
 
   if (video.commentsEnabled === true) {
     const apiOptions = await Hooks.wrapObject({
       videoId: video.id,
-      isVideoOwned: video.isOwned(),
       threadId: res.locals.videoCommentThread.id,
       user
     }, 'filter:api.video-thread-comments.list.params')
diff --git a/server/controllers/api/videos/token.ts b/server/controllers/api/videos/token.ts
index 009b6dfb6..22387c3e8 100644
--- a/server/controllers/api/videos/token.ts
+++ b/server/controllers/api/videos/token.ts
@@ -22,7 +22,7 @@ export {
 function generateToken (req: express.Request, res: express.Response) {
   const video = res.locals.onlyVideo
 
-  const { token, expires } = VideoTokensManager.Instance.create(video.uuid)
+  const { token, expires } = VideoTokensManager.Instance.create({ videoUUID: video.uuid, user: res.locals.oauth.token.User })
 
   return res.json({
     files: {
diff --git a/server/controllers/feeds.ts b/server/controllers/feeds.ts
index 772fe734d..ef810a842 100644
--- a/server/controllers/feeds.ts
+++ b/server/controllers/feeds.ts
@@ -285,8 +285,8 @@ function addVideosToFeed (feed: Feed, videos: VideoModel[]) {
       content: toSafeHtml(video.description),
       author: [
         {
-          name: video.VideoChannel.Account.getDisplayName(),
-          link: video.VideoChannel.Account.Actor.url
+          name: video.VideoChannel.getDisplayName(),
+          link: video.VideoChannel.Actor.url
         }
       ],
       date: video.publishedAt,
diff --git a/server/controllers/tracker.ts b/server/controllers/tracker.ts
index 19a8b2bc9..c4f3a8889 100644
--- a/server/controllers/tracker.ts
+++ b/server/controllers/tracker.ts
@@ -1,17 +1,22 @@
 import { Server as TrackerServer } from 'bittorrent-tracker'
 import express from 'express'
 import { createServer } from 'http'
+import LRUCache from 'lru-cache'
 import proxyAddr from 'proxy-addr'
 import { WebSocketServer } from 'ws'
-import { Redis } from '@server/lib/redis'
 import { logger } from '../helpers/logger'
 import { CONFIG } from '../initializers/config'
-import { TRACKER_RATE_LIMITS } from '../initializers/constants'
+import { LRU_CACHE, TRACKER_RATE_LIMITS } from '../initializers/constants'
 import { VideoFileModel } from '../models/video/video-file'
 import { VideoStreamingPlaylistModel } from '../models/video/video-streaming-playlist'
 
 const trackerRouter = express.Router()
 
+const blockedIPs = new LRUCache<string, boolean>({
+  max: LRU_CACHE.TRACKER_IPS.MAX_SIZE,
+  ttl: TRACKER_RATE_LIMITS.BLOCK_IP_LIFETIME
+})
+
 let peersIps = {}
 let peersIpInfoHash = {}
 runPeersChecker()
@@ -55,8 +60,7 @@ const trackerServer = new TrackerServer({
 
       // Close socket connection and block IP for a few time
       if (params.type === 'ws') {
-        Redis.Instance.setTrackerBlockIP(ip)
-          .catch(err => logger.error('Cannot set tracker block ip.', { err }))
+        blockedIPs.set(ip, true)
 
         // setTimeout to wait filter response
         setTimeout(() => params.socket.close(), 0)
@@ -102,26 +106,22 @@ function createWebsocketTrackerServer (app: express.Application) {
     if (request.url === '/tracker/socket') {
       const ip = proxyAddr(request, CONFIG.TRUST_PROXY)
 
-      Redis.Instance.doesTrackerBlockIPExist(ip)
-        .then(result => {
-          if (result === true) {
-            logger.debug('Blocking IP %s from tracker.', ip)
+      if (blockedIPs.has(ip)) {
+        logger.debug('Blocking IP %s from tracker.', ip)
 
-            socket.write('HTTP/1.1 403 Forbidden\r\n\r\n')
-            socket.destroy()
-            return
-          }
+        socket.write('HTTP/1.1 403 Forbidden\r\n\r\n')
+        socket.destroy()
+        return
+      }
 
-          // FIXME: typings
-          return wss.handleUpgrade(request, socket as any, head, ws => wss.emit('connection', ws, request))
-        })
-        .catch(err => logger.error('Cannot check if tracker block ip exists.', { err }))
+      // FIXME: typings
+      return wss.handleUpgrade(request, socket as any, head, ws => wss.emit('connection', ws, request))
     }
 
     // Don't destroy socket, we have Socket.IO too
   })
 
-  return server
+  return { server, trackerServer }
 }
 
 // ---------------------------------------------------------------------------
diff --git a/server/helpers/custom-validators/misc.ts b/server/helpers/custom-validators/misc.ts
index 3dc5504e3..b3ab3ac64 100644
--- a/server/helpers/custom-validators/misc.ts
+++ b/server/helpers/custom-validators/misc.ts
@@ -103,7 +103,13 @@ function checkMimetypeRegex (fileMimeType: string, mimeTypeRegex: string) {
 // ---------------------------------------------------------------------------
 
 function toCompleteUUID (value: string) {
-  if (isShortUUID(value)) return shortToUUID(value)
+  if (isShortUUID(value)) {
+    try {
+      return shortToUUID(value)
+    } catch {
+      return null
+    }
+  }
 
   return value
 }
diff --git a/server/helpers/custom-validators/video-captions.ts b/server/helpers/custom-validators/video-captions.ts
index 59ba005fe..d5b09ea03 100644
--- a/server/helpers/custom-validators/video-captions.ts
+++ b/server/helpers/custom-validators/video-captions.ts
@@ -8,10 +8,11 @@ function isVideoCaptionLanguageValid (value: any) {
   return exists(value) && VIDEO_LANGUAGES[value] !== undefined
 }
 
-const videoCaptionTypesRegex = Object.keys(MIMETYPES.VIDEO_CAPTIONS.MIMETYPE_EXT)
-                                .concat([ 'application/octet-stream' ]) // MacOS sends application/octet-stream
-                                .map(m => `(${m})`)
-                                .join('|')
+// MacOS sends application/octet-stream
+const videoCaptionTypesRegex = [ ...Object.keys(MIMETYPES.VIDEO_CAPTIONS.MIMETYPE_EXT), 'application/octet-stream' ]
+  .map(m => `(${m})`)
+  .join('|')
+
 function isVideoCaptionFile (files: UploadFilesForCheck, field: string) {
   return isFileValid({
     files,
diff --git a/server/helpers/custom-validators/video-imports.ts b/server/helpers/custom-validators/video-imports.ts
index af93aea56..da8962cb6 100644
--- a/server/helpers/custom-validators/video-imports.ts
+++ b/server/helpers/custom-validators/video-imports.ts
@@ -22,10 +22,11 @@ function isVideoImportStateValid (value: any) {
   return exists(value) && VIDEO_IMPORT_STATES[value] !== undefined
 }
 
-const videoTorrentImportRegex = Object.keys(MIMETYPES.TORRENT.MIMETYPE_EXT)
-                                      .concat([ 'application/octet-stream' ]) // MacOS sends application/octet-stream
-                                      .map(m => `(${m})`)
-                                      .join('|')
+// MacOS sends application/octet-stream
+const videoTorrentImportRegex = [ ...Object.keys(MIMETYPES.TORRENT.MIMETYPE_EXT), 'application/octet-stream' ]
+  .map(m => `(${m})`)
+  .join('|')
+
 function isVideoImportTorrentFile (files: UploadFilesForCheck) {
   return isFileValid({
     files,
diff --git a/server/helpers/decache.ts b/server/helpers/decache.ts
index e31973b7a..08ab545e4 100644
--- a/server/helpers/decache.ts
+++ b/server/helpers/decache.ts
@@ -68,7 +68,7 @@ function searchCache (moduleName: string, callback: (current: NodeModule) => voi
 };
 
 function removeCachedPath (pluginPath: string) {
-  const pathCache = (module.constructor as any)._pathCache
+  const pathCache = (module.constructor as any)._pathCache as { [ id: string ]: string[] }
 
   Object.keys(pathCache).forEach(function (cacheKey) {
     if (cacheKey.includes(pluginPath)) {
diff --git a/server/helpers/memoize.ts b/server/helpers/memoize.ts
new file mode 100644
index 000000000..aa20e7d73
--- /dev/null
+++ b/server/helpers/memoize.ts
@@ -0,0 +1,12 @@
+import memoizee from 'memoizee'
+
+export function Memoize (config?: memoizee.Options<any>) {
+  return function (_target, _key, descriptor: PropertyDescriptor) {
+    const oldFunction = descriptor.value
+    const newFunction = memoizee(oldFunction, config)
+
+    descriptor.value = function () {
+      return newFunction.apply(this, arguments)
+    }
+  }
+}
diff --git a/server/helpers/youtube-dl/youtube-dl-cli.ts b/server/helpers/youtube-dl/youtube-dl-cli.ts
index a2f630953..765038cea 100644
--- a/server/helpers/youtube-dl/youtube-dl-cli.ts
+++ b/server/helpers/youtube-dl/youtube-dl-cli.ts
@@ -6,6 +6,7 @@ import { VideoResolution } from '@shared/models'
 import { logger, loggerTagsFactory } from '../logger'
 import { getProxy, isProxyEnabled } from '../proxy'
 import { isBinaryResponse, peertubeGot } from '../requests'
+import { OptionsOfBufferResponseBody } from 'got/dist/source'
 
 const lTags = loggerTagsFactory('youtube-dl')
 
@@ -28,7 +29,16 @@ export class YoutubeDLCLI {
 
     logger.info('Updating youtubeDL binary from %s.', url, lTags())
 
-    const gotOptions = { context: { bodyKBLimit: 20_000 }, responseType: 'buffer' as 'buffer' }
+    const gotOptions: OptionsOfBufferResponseBody = {
+      context: { bodyKBLimit: 20_000 },
+      responseType: 'buffer' as 'buffer'
+    }
+
+    if (process.env.YOUTUBE_DL_DOWNLOAD_BEARER_TOKEN) {
+      gotOptions.headers = {
+        authorization: 'Bearer ' + process.env.YOUTUBE_DL_DOWNLOAD_BEARER_TOKEN
+      }
+    }
 
     try {
       let gotResult = await peertubeGot(url, gotOptions)
diff --git a/server/initializers/checker-after-init.ts b/server/initializers/checker-after-init.ts
index c83fef425..dc46b5126 100644
--- a/server/initializers/checker-after-init.ts
+++ b/server/initializers/checker-after-init.ts
@@ -174,7 +174,8 @@ function checkRemoteRedundancyConfig () {
 function checkStorageConfig () {
   // Check storage directory locations
   if (isProdInstance()) {
-    const configStorage = config.get('storage')
+    const configStorage = config.get<{ [ name: string ]: string }>('storage')
+
     for (const key of Object.keys(configStorage)) {
       if (configStorage[key].startsWith('storage/')) {
         logger.warn(
diff --git a/server/initializers/checker-before-init.ts b/server/initializers/checker-before-init.ts
index 39713a266..57852241c 100644
--- a/server/initializers/checker-before-init.ts
+++ b/server/initializers/checker-before-init.ts
@@ -13,6 +13,7 @@ function checkMissedConfig () {
     'webserver.https', 'webserver.hostname', 'webserver.port',
     'secrets.peertube',
     'trust_proxy',
+    'oauth2.token_lifetime.access_token', 'oauth2.token_lifetime.refresh_token',
     'database.hostname', 'database.port', 'database.username', 'database.password', 'database.pool.max',
     'smtp.hostname', 'smtp.port', 'smtp.username', 'smtp.password', 'smtp.tls', 'smtp.from_address',
     'email.body.signature', 'email.subject.prefix',
diff --git a/server/initializers/config.ts b/server/initializers/config.ts
index c2f8b19fd..28aaf36a9 100644
--- a/server/initializers/config.ts
+++ b/server/initializers/config.ts
@@ -149,6 +149,12 @@ const CONFIG = {
     HOSTNAME: config.get<string>('webserver.hostname'),
     PORT: config.get<number>('webserver.port')
   },
+  OAUTH2: {
+    TOKEN_LIFETIME: {
+      ACCESS_TOKEN: parseDurationToMs(config.get<string>('oauth2.token_lifetime.access_token')),
+      REFRESH_TOKEN: parseDurationToMs(config.get<string>('oauth2.token_lifetime.refresh_token'))
+    }
+  },
   RATES_LIMIT: {
     API: {
       WINDOW_MS: parseDurationToMs(config.get<string>('rates_limit.api.window')),
diff --git a/server/initializers/constants.ts b/server/initializers/constants.ts
index 0e56f0c9f..0dab524d9 100644
--- a/server/initializers/constants.ts
+++ b/server/initializers/constants.ts
@@ -101,11 +101,6 @@ const SORTABLE_COLUMNS = {
   VIDEO_REDUNDANCIES: [ 'name' ]
 }
 
-const OAUTH_LIFETIME = {
-  ACCESS_TOKEN: 3600 * 24, // 1 day, for upload
-  REFRESH_TOKEN: 1209600 // 2 weeks
-}
-
 const ROUTE_CACHE_LIFETIME = {
   FEEDS: '15 minutes',
   ROBOTS: '2 hours',
@@ -781,6 +776,9 @@ const LRU_CACHE = {
   VIDEO_TOKENS: {
     MAX_SIZE: 100_000,
     TTL: parseDurationToMs('8 hours')
+  },
+  TRACKER_IPS: {
+    MAX_SIZE: 100_000
   }
 }
 
@@ -884,7 +882,7 @@ const TRACKER_RATE_LIMITS = {
   INTERVAL: 60000 * 5, // 5 minutes
   ANNOUNCES_PER_IP_PER_INFOHASH: 15, // maximum announces per torrent in the interval
   ANNOUNCES_PER_IP: 30, // maximum announces for all our torrents in the interval
-  BLOCK_IP_LIFETIME: 60000 * 3 // 3 minutes
+  BLOCK_IP_LIFETIME: parseDurationToMs('3 minutes')
 }
 
 const P2P_MEDIA_LOADER_PEER_VERSION = 2
@@ -1030,7 +1028,6 @@ export {
   JOB_ATTEMPTS,
   AP_CLEANER,
   LAST_MIGRATION_VERSION,
-  OAUTH_LIFETIME,
   CUSTOM_HTML_TAG_COMMENTS,
   STATS_TIMESERIE,
   BROADCAST_CONCURRENCY,
diff --git a/server/initializers/installer.ts b/server/initializers/installer.ts
index f5d8eedf1..f48f348a7 100644
--- a/server/initializers/installer.ts
+++ b/server/initializers/installer.ts
@@ -51,8 +51,7 @@ function removeCacheAndTmpDirectories () {
   const tasks: Promise<any>[] = []
 
   // Cache directories
-  for (const key of Object.keys(cacheDirectories)) {
-    const dir = cacheDirectories[key]
+  for (const dir of cacheDirectories) {
     tasks.push(removeDirectoryOrContent(dir))
   }
 
@@ -87,8 +86,7 @@ function createDirectoriesIfNotExist () {
   }
 
   // Cache directories
-  for (const key of Object.keys(cacheDirectories)) {
-    const dir = cacheDirectories[key]
+  for (const dir of cacheDirectories) {
     tasks.push(ensureDir(dir))
   }
 
diff --git a/server/lib/auth/external-auth.ts b/server/lib/auth/external-auth.ts
index 053112801..bc5b74257 100644
--- a/server/lib/auth/external-auth.ts
+++ b/server/lib/auth/external-auth.ts
@@ -1,26 +1,35 @@
 
-import { isUserDisplayNameValid, isUserRoleValid, isUserUsernameValid } from '@server/helpers/custom-validators/users'
+import {
+  isUserAdminFlagsValid,
+  isUserDisplayNameValid,
+  isUserRoleValid,
+  isUserUsernameValid,
+  isUserVideoQuotaDailyValid,
+  isUserVideoQuotaValid
+} from '@server/helpers/custom-validators/users'
 import { logger } from '@server/helpers/logger'
 import { generateRandomString } from '@server/helpers/utils'
 import { PLUGIN_EXTERNAL_AUTH_TOKEN_LIFETIME } from '@server/initializers/constants'
 import { PluginManager } from '@server/lib/plugins/plugin-manager'
 import { OAuthTokenModel } from '@server/models/oauth/oauth-token'
+import { MUser } from '@server/types/models'
 import {
   RegisterServerAuthenticatedResult,
   RegisterServerAuthPassOptions,
   RegisterServerExternalAuthenticatedResult
 } from '@server/types/plugins/register-server-auth.model'
-import { UserRole } from '@shared/models'
+import { UserAdminFlag, UserRole } from '@shared/models'
+import { BypassLogin } from './oauth-model'
+
+export type ExternalUser =
+  Pick<MUser, 'username' | 'email' | 'role' | 'adminFlags' | 'videoQuotaDaily' | 'videoQuota'> &
+  { displayName: string }
 
 // Token is the key, expiration date is the value
 const authBypassTokens = new Map<string, {
   expires: Date
-  user: {
-    username: string
-    email: string
-    displayName: string
-    role: UserRole
-  }
+  user: ExternalUser
+  userUpdater: RegisterServerAuthenticatedResult['userUpdater']
   authName: string
   npmName: string
 }>()
@@ -56,7 +65,8 @@ async function onExternalUserAuthenticated (options: {
     expires,
     user,
     npmName,
-    authName
+    authName,
+    userUpdater: authResult.userUpdater
   })
 
   // Cleanup expired tokens
@@ -78,7 +88,7 @@ async function getAuthNameFromRefreshGrant (refreshToken?: string) {
   return tokenModel?.authName
 }
 
-async function getBypassFromPasswordGrant (username: string, password: string) {
+async function getBypassFromPasswordGrant (username: string, password: string): Promise<BypassLogin> {
   const plugins = PluginManager.Instance.getIdAndPassAuths()
   const pluginAuths: { npmName?: string, registerAuthOptions: RegisterServerAuthPassOptions }[] = []
 
@@ -133,7 +143,8 @@ async function getBypassFromPasswordGrant (username: string, password: string) {
         bypass: true,
         pluginName: pluginAuth.npmName,
         authName: authOptions.authName,
-        user: buildUserResult(loginResult)
+        user: buildUserResult(loginResult),
+        userUpdater: loginResult.userUpdater
       }
     } catch (err) {
       logger.error('Error in auth method %s of plugin %s', authOptions.authName, pluginAuth.npmName, { err })
@@ -143,7 +154,7 @@ async function getBypassFromPasswordGrant (username: string, password: string) {
   return undefined
 }
 
-function getBypassFromExternalAuth (username: string, externalAuthToken: string) {
+function getBypassFromExternalAuth (username: string, externalAuthToken: string): BypassLogin {
   const obj = authBypassTokens.get(externalAuthToken)
   if (!obj) throw new Error('Cannot authenticate user with unknown bypass token')
 
@@ -167,33 +178,29 @@ function getBypassFromExternalAuth (username: string, externalAuthToken: string)
     bypass: true,
     pluginName: npmName,
     authName,
+    userUpdater: obj.userUpdater,
     user
   }
 }
 
 function isAuthResultValid (npmName: string, authName: string, result: RegisterServerAuthenticatedResult) {
-  if (!isUserUsernameValid(result.username)) {
-    logger.error('Auth method %s of plugin %s did not provide a valid username.', authName, npmName, { username: result.username })
+  const returnError = (field: string) => {
+    logger.error('Auth method %s of plugin %s did not provide a valid %s.', authName, npmName, field, { [field]: result[field] })
     return false
   }
 
-  if (!result.email) {
-    logger.error('Auth method %s of plugin %s did not provide a valid email.', authName, npmName, { email: result.email })
-    return false
-  }
+  if (!isUserUsernameValid(result.username)) return returnError('username')
+  if (!result.email) return returnError('email')
 
-  // role is optional
-  if (result.role && !isUserRoleValid(result.role)) {
-    logger.error('Auth method %s of plugin %s did not provide a valid role.', authName, npmName, { role: result.role })
-    return false
-  }
+  // Following fields are optional
+  if (result.role && !isUserRoleValid(result.role)) return returnError('role')
+  if (result.displayName && !isUserDisplayNameValid(result.displayName)) return returnError('displayName')
+  if (result.adminFlags && !isUserAdminFlagsValid(result.adminFlags)) return returnError('adminFlags')
+  if (result.videoQuota && !isUserVideoQuotaValid(result.videoQuota + '')) return returnError('videoQuota')
+  if (result.videoQuotaDaily && !isUserVideoQuotaDailyValid(result.videoQuotaDaily + '')) return returnError('videoQuotaDaily')
 
-  // display name is optional
-  if (result.displayName && !isUserDisplayNameValid(result.displayName)) {
-    logger.error(
-      'Auth method %s of plugin %s did not provide a valid display name.',
-      authName, npmName, { displayName: result.displayName }
-    )
+  if (result.userUpdater && typeof result.userUpdater !== 'function') {
+    logger.error('Auth method %s of plugin %s did not provide a valid user updater function.', authName, npmName)
     return false
   }
 
@@ -205,7 +212,12 @@ function buildUserResult (pluginResult: RegisterServerAuthenticatedResult) {
     username: pluginResult.username,
     email: pluginResult.email,
     role: pluginResult.role ?? UserRole.USER,
-    displayName: pluginResult.displayName || pluginResult.username
+    displayName: pluginResult.displayName || pluginResult.username,
+
+    adminFlags: pluginResult.adminFlags ?? UserAdminFlag.NONE,
+
+    videoQuota: pluginResult.videoQuota,
+    videoQuotaDaily: pluginResult.videoQuotaDaily
   }
 }
 
diff --git a/server/lib/auth/oauth-model.ts b/server/lib/auth/oauth-model.ts
index 322b69e3a..43909284f 100644
--- a/server/lib/auth/oauth-model.ts
+++ b/server/lib/auth/oauth-model.ts
@@ -1,11 +1,13 @@
 import express from 'express'
 import { AccessDeniedError } from '@node-oauth/oauth2-server'
 import { PluginManager } from '@server/lib/plugins/plugin-manager'
+import { AccountModel } from '@server/models/account/account'
+import { AuthenticatedResultUpdaterFieldName, RegisterServerAuthenticatedResult } from '@server/types'
 import { MOAuthClient } from '@server/types/models'
 import { MOAuthTokenUser } from '@server/types/models/oauth/oauth-token'
-import { MUser } from '@server/types/models/user/user'
+import { MUser, MUserDefault } from '@server/types/models/user/user'
 import { pick } from '@shared/core-utils'
-import { UserRole } from '@shared/models/users/user-role'
+import { AttributesOnly } from '@shared/typescript-utils'
 import { logger } from '../../helpers/logger'
 import { CONFIG } from '../../initializers/config'
 import { OAuthClientModel } from '../../models/oauth/oauth-client'
@@ -13,6 +15,7 @@ import { OAuthTokenModel } from '../../models/oauth/oauth-token'
 import { UserModel } from '../../models/user/user'
 import { findAvailableLocalActorName } from '../local-actor'
 import { buildUser, createUserAccountAndChannelAndPlaylist } from '../user'
+import { ExternalUser } from './external-auth'
 import { TokensCache } from './tokens-cache'
 
 type TokenInfo = {
@@ -26,12 +29,8 @@ export type BypassLogin = {
   bypass: boolean
   pluginName: string
   authName?: string
-  user: {
-    username: string
-    email: string
-    displayName: string
-    role: UserRole
-  }
+  user: ExternalUser
+  userUpdater: RegisterServerAuthenticatedResult['userUpdater']
 }
 
 async function getAccessToken (bearerToken: string) {
@@ -89,7 +88,9 @@ async function getUser (usernameOrEmail?: string, password?: string, bypassLogin
     logger.info('Bypassing oauth login by plugin %s.', bypassLogin.pluginName)
 
     let user = await UserModel.loadByEmail(bypassLogin.user.email)
+
     if (!user) user = await createUserFromExternal(bypassLogin.pluginName, bypassLogin.user)
+    else user = await updateUserFromExternal(user, bypassLogin.user, bypassLogin.userUpdater)
 
     // Cannot create a user
     if (!user) throw new AccessDeniedError('Cannot create such user: an actor with that name already exists.')
@@ -219,16 +220,11 @@ export {
 
 // ---------------------------------------------------------------------------
 
-async function createUserFromExternal (pluginAuth: string, options: {
-  username: string
-  email: string
-  role: UserRole
-  displayName: string
-}) {
-  const username = await findAvailableLocalActorName(options.username)
+async function createUserFromExternal (pluginAuth: string, userOptions: ExternalUser) {
+  const username = await findAvailableLocalActorName(userOptions.username)
 
   const userToCreate = buildUser({
-    ...pick(options, [ 'email', 'role' ]),
+    ...pick(userOptions, [ 'email', 'role', 'adminFlags', 'videoQuota', 'videoQuotaDaily' ]),
 
     username,
     emailVerified: null,
@@ -238,12 +234,57 @@ async function createUserFromExternal (pluginAuth: string, options: {
 
   const { user } = await createUserAccountAndChannelAndPlaylist({
     userToCreate,
-    userDisplayName: options.displayName
+    userDisplayName: userOptions.displayName
   })
 
   return user
 }
 
+async function updateUserFromExternal (
+  user: MUserDefault,
+  userOptions: ExternalUser,
+  userUpdater: RegisterServerAuthenticatedResult['userUpdater']
+) {
+  if (!userUpdater) return user
+
+  {
+    type UserAttributeKeys = keyof AttributesOnly<UserModel>
+    const mappingKeys: { [ id in UserAttributeKeys ]?: AuthenticatedResultUpdaterFieldName } = {
+      role: 'role',
+      adminFlags: 'adminFlags',
+      videoQuota: 'videoQuota',
+      videoQuotaDaily: 'videoQuotaDaily'
+    }
+
+    for (const modelKey of Object.keys(mappingKeys)) {
+      const pluginOptionKey = mappingKeys[modelKey]
+
+      const newValue = userUpdater({ fieldName: pluginOptionKey, currentValue: user[modelKey], newValue: userOptions[pluginOptionKey] })
+      user.set(modelKey, newValue)
+    }
+  }
+
+  {
+    type AccountAttributeKeys = keyof Partial<AttributesOnly<AccountModel>>
+    const mappingKeys: { [ id in AccountAttributeKeys ]?: AuthenticatedResultUpdaterFieldName } = {
+      name: 'displayName'
+    }
+
+    for (const modelKey of Object.keys(mappingKeys)) {
+      const optionKey = mappingKeys[modelKey]
+
+      const newValue = userUpdater({ fieldName: optionKey, currentValue: user.Account[modelKey], newValue: userOptions[optionKey] })
+      user.Account.set(modelKey, newValue)
+    }
+  }
+
+  logger.debug('Updated user %s with plugin userUpdated function.', user.email, { user, userOptions })
+
+  user.Account = await user.Account.save()
+
+  return user.save()
+}
+
 function checkUserValidityOrThrow (user: MUser) {
   if (user.blocked) throw new AccessDeniedError('User is blocked.')
 }
diff --git a/server/lib/auth/oauth.ts b/server/lib/auth/oauth.ts
index bc0d4301f..2905c79a2 100644
--- a/server/lib/auth/oauth.ts
+++ b/server/lib/auth/oauth.ts
@@ -10,10 +10,11 @@ import OAuth2Server, {
 } from '@node-oauth/oauth2-server'
 import { randomBytesPromise } from '@server/helpers/core-utils'
 import { isOTPValid } from '@server/helpers/otp'
+import { CONFIG } from '@server/initializers/config'
 import { MOAuthClient } from '@server/types/models'
 import { sha1 } from '@shared/extra-utils'
 import { HttpStatusCode } from '@shared/models'
-import { OAUTH_LIFETIME, OTP } from '../../initializers/constants'
+import { OTP } from '../../initializers/constants'
 import { BypassLogin, getClient, getRefreshToken, getUser, revokeToken, saveToken } from './oauth-model'
 
 class MissingTwoFactorError extends Error {
@@ -32,8 +33,9 @@ class InvalidTwoFactorError extends Error {
  *
  */
 const oAuthServer = new OAuth2Server({
-  accessTokenLifetime: OAUTH_LIFETIME.ACCESS_TOKEN,
-  refreshTokenLifetime: OAUTH_LIFETIME.REFRESH_TOKEN,
+  // Wants seconds
+  accessTokenLifetime: CONFIG.OAUTH2.TOKEN_LIFETIME.ACCESS_TOKEN / 1000,
+  refreshTokenLifetime: CONFIG.OAUTH2.TOKEN_LIFETIME.REFRESH_TOKEN / 1000,
 
   // See https://github.com/oauthjs/node-oauth2-server/wiki/Model-specification for the model specifications
   model: require('./oauth-model')
@@ -182,10 +184,10 @@ function generateRandomToken () {
 
 function getTokenExpiresAt (type: 'access' | 'refresh') {
   const lifetime = type === 'access'
-    ? OAUTH_LIFETIME.ACCESS_TOKEN
-    : OAUTH_LIFETIME.REFRESH_TOKEN
+    ? CONFIG.OAUTH2.TOKEN_LIFETIME.ACCESS_TOKEN
+    : CONFIG.OAUTH2.TOKEN_LIFETIME.REFRESH_TOKEN
 
-  return new Date(Date.now() + lifetime * 1000)
+  return new Date(Date.now() + lifetime)
 }
 
 async function buildToken () {
diff --git a/server/lib/auth/tokens-cache.ts b/server/lib/auth/tokens-cache.ts
index 410708a35..43efc7d02 100644
--- a/server/lib/auth/tokens-cache.ts
+++ b/server/lib/auth/tokens-cache.ts
@@ -36,8 +36,8 @@ export class TokensCache {
     const token = this.userHavingToken.get(userId)
 
     if (token !== undefined) {
-      this.accessTokenCache.del(token)
-      this.userHavingToken.del(userId)
+      this.accessTokenCache.delete(token)
+      this.userHavingToken.delete(userId)
     }
   }
 
@@ -45,8 +45,8 @@ export class TokensCache {
     const tokenModel = this.accessTokenCache.get(token)
 
     if (tokenModel !== undefined) {
-      this.userHavingToken.del(tokenModel.userId)
-      this.accessTokenCache.del(token)
+      this.userHavingToken.delete(tokenModel.userId)
+      this.accessTokenCache.delete(token)
     }
   }
 }
diff --git a/server/lib/job-queue/job-queue.ts b/server/lib/job-queue/job-queue.ts
index 866aa1ed0..8597eb000 100644
--- a/server/lib/job-queue/job-queue.ts
+++ b/server/lib/job-queue/job-queue.ts
@@ -184,7 +184,7 @@ class JobQueue {
 
     this.jobRedisPrefix = 'bull-' + WEBSERVER.HOST
 
-    for (const handlerName of (Object.keys(handlers) as JobType[])) {
+    for (const handlerName of Object.keys(handlers)) {
       this.buildWorker(handlerName)
       this.buildQueue(handlerName)
       this.buildQueueScheduler(handlerName)
diff --git a/server/lib/opentelemetry/metric-helpers/bittorrent-tracker-observers-builder.ts b/server/lib/opentelemetry/metric-helpers/bittorrent-tracker-observers-builder.ts
new file mode 100644
index 000000000..ef40c0fa9
--- /dev/null
+++ b/server/lib/opentelemetry/metric-helpers/bittorrent-tracker-observers-builder.ts
@@ -0,0 +1,51 @@
+import { Meter } from '@opentelemetry/api'
+
+export class BittorrentTrackerObserversBuilder {
+
+  constructor (private readonly meter: Meter, private readonly trackerServer: any) {
+
+  }
+
+  buildObservers () {
+    const activeInfohashes = this.meter.createObservableGauge('peertube_bittorrent_tracker_active_infohashes_total', {
+      description: 'Total active infohashes in the PeerTube BitTorrent Tracker'
+    })
+    const inactiveInfohashes = this.meter.createObservableGauge('peertube_bittorrent_tracker_inactive_infohashes_total', {
+      description: 'Total inactive infohashes in the PeerTube BitTorrent Tracker'
+    })
+    const peers = this.meter.createObservableGauge('peertube_bittorrent_tracker_peers_total', {
+      description: 'Total peers in the PeerTube BitTorrent Tracker'
+    })
+
+    this.meter.addBatchObservableCallback(observableResult => {
+      const infohashes = Object.keys(this.trackerServer.torrents)
+
+      const counters = {
+        activeInfohashes: 0,
+        inactiveInfohashes: 0,
+        peers: 0,
+        uncompletedPeers: 0
+      }
+
+      for (const infohash of infohashes) {
+        const content = this.trackerServer.torrents[infohash]
+
+        const peers = content.peers
+        if (peers.keys.length !== 0) counters.activeInfohashes++
+        else counters.inactiveInfohashes++
+
+        for (const peerId of peers.keys) {
+          const peer = peers.peek(peerId)
+          if (peer == null) return
+
+          counters.peers++
+        }
+      }
+
+      observableResult.observe(activeInfohashes, counters.activeInfohashes)
+      observableResult.observe(inactiveInfohashes, counters.inactiveInfohashes)
+      observableResult.observe(peers, counters.peers)
+    }, [ activeInfohashes, inactiveInfohashes, peers ])
+  }
+
+}
diff --git a/server/lib/opentelemetry/metric-helpers/index.ts b/server/lib/opentelemetry/metric-helpers/index.ts
index 775d954ba..47b24a54f 100644
--- a/server/lib/opentelemetry/metric-helpers/index.ts
+++ b/server/lib/opentelemetry/metric-helpers/index.ts
@@ -1,3 +1,4 @@
+export * from './bittorrent-tracker-observers-builder'
 export * from './lives-observers-builder'
 export * from './job-queue-observers-builder'
 export * from './nodejs-observers-builder'
diff --git a/server/lib/opentelemetry/metrics.ts b/server/lib/opentelemetry/metrics.ts
index 226d514c0..9cc067e4a 100644
--- a/server/lib/opentelemetry/metrics.ts
+++ b/server/lib/opentelemetry/metrics.ts
@@ -7,6 +7,7 @@ import { CONFIG } from '@server/initializers/config'
 import { MVideoImmutable } from '@server/types/models'
 import { PlaybackMetricCreate } from '@shared/models'
 import {
+  BittorrentTrackerObserversBuilder,
   JobQueueObserversBuilder,
   LivesObserversBuilder,
   NodeJSObserversBuilder,
@@ -41,7 +42,7 @@ class OpenTelemetryMetrics {
     })
   }
 
-  registerMetrics () {
+  registerMetrics (options: { trackerServer: any }) {
     if (CONFIG.OPEN_TELEMETRY.METRICS.ENABLED !== true) return
 
     logger.info('Registering Open Telemetry metrics')
@@ -80,6 +81,9 @@ class OpenTelemetryMetrics {
 
     const viewersObserversBuilder = new ViewersObserversBuilder(this.meter)
     viewersObserversBuilder.buildObservers()
+
+    const bittorrentTrackerObserversBuilder = new BittorrentTrackerObserversBuilder(this.meter, options.trackerServer)
+    bittorrentTrackerObserversBuilder.buildObservers()
   }
 
   observePlaybackMetric (video: MVideoImmutable, metrics: PlaybackMetricCreate) {
diff --git a/server/lib/plugins/plugin-helpers-builder.ts b/server/lib/plugins/plugin-helpers-builder.ts
index 7b1def6e3..66383af46 100644
--- a/server/lib/plugins/plugin-helpers-builder.ts
+++ b/server/lib/plugins/plugin-helpers-builder.ts
@@ -209,6 +209,10 @@ function buildConfigHelpers () {
       return WEBSERVER.URL
     },
 
+    getServerListeningConfig () {
+      return { hostname: CONFIG.LISTEN.HOSTNAME, port: CONFIG.LISTEN.PORT }
+    },
+
     getServerConfig () {
       return ServerConfigManager.Instance.getServerConfig()
     }
@@ -245,7 +249,7 @@ function buildUserHelpers () {
     },
 
     getAuthUser: (res: express.Response) => {
-      const user = res.locals.oauth?.token?.User
+      const user = res.locals.oauth?.token?.User || res.locals.videoFileToken?.user
       if (!user) return undefined
 
       return UserModel.loadByIdFull(user.id)
diff --git a/server/lib/redis.ts b/server/lib/redis.ts
index c0e9aece7..451ddd0b6 100644
--- a/server/lib/redis.ts
+++ b/server/lib/redis.ts
@@ -8,7 +8,6 @@ import {
   AP_CLEANER,
   CONTACT_FORM_LIFETIME,
   RESUMABLE_UPLOAD_SESSION_LIFETIME,
-  TRACKER_RATE_LIMITS,
   TWO_FACTOR_AUTH_REQUEST_TOKEN_LIFETIME,
   USER_EMAIL_VERIFY_LIFETIME,
   USER_PASSWORD_CREATE_LIFETIME,
@@ -157,16 +156,6 @@ class Redis {
     return this.exists(this.generateIPViewKey(ip, videoUUID))
   }
 
-  /* ************ Tracker IP block ************ */
-
-  setTrackerBlockIP (ip: string) {
-    return this.setValue(this.generateTrackerBlockIPKey(ip), '1', TRACKER_RATE_LIMITS.BLOCK_IP_LIFETIME)
-  }
-
-  async doesTrackerBlockIPExist (ip: string) {
-    return this.exists(this.generateTrackerBlockIPKey(ip))
-  }
-
   /* ************ Video views stats ************ */
 
   addVideoViewStats (videoId: number) {
@@ -365,10 +354,6 @@ class Redis {
     return `views-${videoUUID}-${ip}`
   }
 
-  private generateTrackerBlockIPKey (ip: string) {
-    return `tracker-block-ip-${ip}`
-  }
-
   private generateContactFormKey (ip: string) {
     return 'contact-form-' + ip
   }
diff --git a/server/lib/sync-channel.ts b/server/lib/sync-channel.ts
index 10167ee38..3a805a943 100644
--- a/server/lib/sync-channel.ts
+++ b/server/lib/sync-channel.ts
@@ -76,7 +76,7 @@ export async function synchronizeChannel (options: {
 
     await JobQueue.Instance.createJobWithChildren(parent, children)
   } catch (err) {
-    logger.error(`Failed to import channel ${channel.name}`, { err })
+    logger.error(`Failed to import ${externalChannelUrl} in channel ${channel.name}`, { err })
     channelSync.state = VideoChannelSyncState.FAILED
     await channelSync.save()
   }
diff --git a/server/lib/video-comment.ts b/server/lib/video-comment.ts
index 02f160fe8..6eb865f7f 100644
--- a/server/lib/video-comment.ts
+++ b/server/lib/video-comment.ts
@@ -1,30 +1,41 @@
+import express from 'express'
 import { cloneDeep } from 'lodash'
 import * as Sequelize from 'sequelize'
-import express from 'express'
 import { logger } from '@server/helpers/logger'
 import { sequelizeTypescript } from '@server/initializers/database'
 import { ResultList } from '../../shared/models'
 import { VideoCommentThreadTree } from '../../shared/models/videos/comment/video-comment.model'
 import { VideoCommentModel } from '../models/video/video-comment'
-import { MAccountDefault, MComment, MCommentOwnerVideo, MCommentOwnerVideoReply, MVideoFullLight } from '../types/models'
+import {
+  MAccountDefault,
+  MComment,
+  MCommentFormattable,
+  MCommentOwnerVideo,
+  MCommentOwnerVideoReply,
+  MVideoFullLight
+} from '../types/models'
 import { sendCreateVideoComment, sendDeleteVideoComment } from './activitypub/send'
 import { getLocalVideoCommentActivityPubUrl } from './activitypub/url'
 import { Hooks } from './plugins/hooks'
 
-async function removeComment (videoCommentInstance: MCommentOwnerVideo, req: express.Request, res: express.Response) {
-  const videoCommentInstanceBefore = cloneDeep(videoCommentInstance)
+async function removeComment (commentArg: MComment, req: express.Request, res: express.Response) {
+  let videoCommentInstanceBefore: MCommentOwnerVideo
 
   await sequelizeTypescript.transaction(async t => {
-    if (videoCommentInstance.isOwned() || videoCommentInstance.Video.isOwned()) {
-      await sendDeleteVideoComment(videoCommentInstance, t)
+    const comment = await VideoCommentModel.loadByUrlAndPopulateAccountAndVideo(commentArg.url, t)
+
+    videoCommentInstanceBefore = cloneDeep(comment)
+
+    if (comment.isOwned() || comment.Video.isOwned()) {
+      await sendDeleteVideoComment(comment, t)
     }
 
-    videoCommentInstance.markAsDeleted()
+    comment.markAsDeleted()
 
-    await videoCommentInstance.save({ transaction: t })
-  })
+    await comment.save({ transaction: t })
 
-  logger.info('Video comment %d deleted.', videoCommentInstance.id)
+    logger.info('Video comment %d deleted.', comment.id)
+  })
 
   Hooks.runAction('action:api.video-comment.deleted', { comment: videoCommentInstanceBefore, req, res })
 }
@@ -64,7 +75,7 @@ async function createVideoComment (obj: {
   return savedComment
 }
 
-function buildFormattedCommentTree (resultList: ResultList<VideoCommentModel>): VideoCommentThreadTree {
+function buildFormattedCommentTree (resultList: ResultList<MCommentFormattable>): VideoCommentThreadTree {
   // Comments are sorted by id ASC
   const comments = resultList.data
 
diff --git a/server/lib/video-tokens-manager.ts b/server/lib/video-tokens-manager.ts
index c43085d16..17aa29cdd 100644
--- a/server/lib/video-tokens-manager.ts
+++ b/server/lib/video-tokens-manager.ts
@@ -1,5 +1,7 @@
 import LRUCache from 'lru-cache'
 import { LRU_CACHE } from '@server/initializers/constants'
+import { MUserAccountUrl } from '@server/types/models'
+import { pick } from '@shared/core-utils'
 import { buildUUID } from '@shared/extra-utils'
 
 // ---------------------------------------------------------------------------
@@ -10,19 +12,22 @@ class VideoTokensManager {
 
   private static instance: VideoTokensManager
 
-  private readonly lruCache = new LRUCache<string, string>({
+  private readonly lruCache = new LRUCache<string, { videoUUID: string, user: MUserAccountUrl }>({
     max: LRU_CACHE.VIDEO_TOKENS.MAX_SIZE,
     ttl: LRU_CACHE.VIDEO_TOKENS.TTL
   })
 
   private constructor () {}
 
-  create (videoUUID: string) {
+  create (options: {
+    user: MUserAccountUrl
+    videoUUID: string
+  }) {
     const token = buildUUID()
 
     const expires = new Date(new Date().getTime() + LRU_CACHE.VIDEO_TOKENS.TTL)
 
-    this.lruCache.set(token, videoUUID)
+    this.lruCache.set(token, pick(options, [ 'user', 'videoUUID' ]))
 
     return { token, expires }
   }
@@ -34,7 +39,16 @@ class VideoTokensManager {
     const value = this.lruCache.get(options.token)
     if (!value) return false
 
-    return value === options.videoUUID
+    return value.videoUUID === options.videoUUID
+  }
+
+  getUserFromToken (options: {
+    token: string
+  }) {
+    const value = this.lruCache.get(options.token)
+    if (!value) return undefined
+
+    return value.user
   }
 
   static get Instance () {
diff --git a/server/middlewares/sort.ts b/server/middlewares/sort.ts
index 458895898..77a532276 100644
--- a/server/middlewares/sort.ts
+++ b/server/middlewares/sort.ts
@@ -1,5 +1,4 @@
 import express from 'express'
-import { SortType } from '../models/utils'
 
 const setDefaultSort = setDefaultSortFactory('-createdAt')
 const setDefaultVideosSort = setDefaultSortFactory('-publishedAt')
@@ -7,27 +6,7 @@ const setDefaultVideosSort = setDefaultSortFactory('-publishedAt')
 const setDefaultVideoRedundanciesSort = setDefaultSortFactory('name')
 
 const setDefaultSearchSort = setDefaultSortFactory('-match')
-
-function setBlacklistSort (req: express.Request, res: express.Response, next: express.NextFunction) {
-  const newSort: SortType = { sortModel: undefined, sortValue: '' }
-
-  if (!req.query.sort) req.query.sort = '-createdAt'
-
-  // Set model we want to sort onto
-  if (req.query.sort === '-createdAt' || req.query.sort === 'createdAt' ||
-      req.query.sort === '-id' || req.query.sort === 'id') {
-    // If we want to sort onto the BlacklistedVideos relation, we won't specify it in the query parameter...
-    newSort.sortModel = undefined
-  } else {
-    newSort.sortModel = 'Video'
-  }
-
-  newSort.sortValue = req.query.sort
-
-  req.query.sort = newSort
-
-  return next()
-}
+const setBlacklistSort = setDefaultSortFactory('-createdAt')
 
 // ---------------------------------------------------------------------------
 
diff --git a/server/middlewares/validators/shared/videos.ts b/server/middlewares/validators/shared/videos.ts
index ebbfc0a0a..0033a32ff 100644
--- a/server/middlewares/validators/shared/videos.ts
+++ b/server/middlewares/validators/shared/videos.ts
@@ -180,18 +180,16 @@ async function checkCanAccessVideoStaticFiles (options: {
     return checkCanSeeVideo(options)
   }
 
-  if (!video.hasPrivateStaticPath()) return true
-
   const videoFileToken = req.query.videoFileToken
-  if (!videoFileToken) {
-    res.sendStatus(HttpStatusCode.FORBIDDEN_403)
-    return false
-  }
+  if (videoFileToken && VideoTokensManager.Instance.hasToken({ token: videoFileToken, videoUUID: video.uuid })) {
+    const user = VideoTokensManager.Instance.getUserFromToken({ token: videoFileToken })
 
-  if (VideoTokensManager.Instance.hasToken({ token: videoFileToken, videoUUID: video.uuid })) {
+    res.locals.videoFileToken = { user }
     return true
   }
 
+  if (!video.hasPrivateStaticPath()) return true
+
   res.sendStatus(HttpStatusCode.FORBIDDEN_403)
   return false
 }
diff --git a/server/models/abuse/abuse-message.ts b/server/models/abuse/abuse-message.ts
index 20008768b..14a5bffa2 100644
--- a/server/models/abuse/abuse-message.ts
+++ b/server/models/abuse/abuse-message.ts
@@ -5,7 +5,7 @@ import { MAbuseMessage, MAbuseMessageFormattable } from '@server/types/models'
 import { AbuseMessage } from '@shared/models'
 import { AttributesOnly } from '@shared/typescript-utils'
 import { AccountModel, ScopeNames as AccountScopeNames } from '../account/account'
-import { getSort, throwIfNotValid } from '../utils'
+import { getSort, throwIfNotValid } from '../shared'
 import { AbuseModel } from './abuse'
 
 @Table({
diff --git a/server/models/abuse/abuse.ts b/server/models/abuse/abuse.ts
index 4c6a96a86..4ce40bf2f 100644
--- a/server/models/abuse/abuse.ts
+++ b/server/models/abuse/abuse.ts
@@ -34,13 +34,13 @@ import { AttributesOnly } from '@shared/typescript-utils'
 import { ABUSE_STATES, CONSTRAINTS_FIELDS } from '../../initializers/constants'
 import { MAbuseAdminFormattable, MAbuseAP, MAbuseFull, MAbuseReporter, MAbuseUserFormattable, MUserAccountId } from '../../types/models'
 import { AccountModel, ScopeNames as AccountScopeNames, SummaryOptions as AccountSummaryOptions } from '../account/account'
-import { getSort, throwIfNotValid } from '../utils'
+import { getSort, throwIfNotValid } from '../shared'
 import { ThumbnailModel } from '../video/thumbnail'
 import { ScopeNames as VideoScopeNames, VideoModel } from '../video/video'
 import { VideoBlacklistModel } from '../video/video-blacklist'
 import { ScopeNames as VideoChannelScopeNames, SummaryOptions as ChannelSummaryOptions, VideoChannelModel } from '../video/video-channel'
 import { ScopeNames as CommentScopeNames, VideoCommentModel } from '../video/video-comment'
-import { buildAbuseListQuery, BuildAbusesQueryOptions } from './abuse-query-builder'
+import { buildAbuseListQuery, BuildAbusesQueryOptions } from './sql/abuse-query-builder'
 import { VideoAbuseModel } from './video-abuse'
 import { VideoCommentAbuseModel } from './video-comment-abuse'
 
diff --git a/server/models/abuse/abuse-query-builder.ts b/server/models/abuse/sql/abuse-query-builder.ts
index 74f4542e5..282d4541a 100644
--- a/server/models/abuse/abuse-query-builder.ts
+++ b/server/models/abuse/sql/abuse-query-builder.ts
@@ -2,7 +2,7 @@
 import { exists } from '@server/helpers/custom-validators/misc'
 import { forceNumber } from '@shared/core-utils'
 import { AbuseFilter, AbuseState, AbuseVideoIs } from '@shared/models'
-import { buildBlockedAccountSQL, buildDirectionAndField } from '../utils'
+import { buildBlockedAccountSQL, buildSortDirectionAndField } from '../../shared'
 
 export type BuildAbusesQueryOptions = {
   start: number
@@ -157,7 +157,7 @@ function buildAbuseListQuery (options: BuildAbusesQueryOptions, type: 'count' |
 }
 
 function buildAbuseOrder (value: string) {
-  const { direction, field } = buildDirectionAndField(value)
+  const { direction, field } = buildSortDirectionAndField(value)
 
   return `ORDER BY "abuse"."${field}" ${direction}`
 }
diff --git a/server/models/account/account-blocklist.ts b/server/models/account/account-blocklist.ts
index 377249b38..f6212ff6e 100644
--- a/server/models/account/account-blocklist.ts
+++ b/server/models/account/account-blocklist.ts
@@ -6,7 +6,7 @@ import { AttributesOnly } from '@shared/typescript-utils'
 import { AccountBlock } from '../../../shared/models'
 import { ActorModel } from '../actor/actor'
 import { ServerModel } from '../server/server'
-import { createSafeIn, getSort, searchAttribute } from '../utils'
+import { createSafeIn, getSort, searchAttribute } from '../shared'
 import { AccountModel } from './account'
 
 @Table({
diff --git a/server/models/account/account-video-rate.ts b/server/models/account/account-video-rate.ts
index 7afc907da..9e7ef4394 100644
--- a/server/models/account/account-video-rate.ts
+++ b/server/models/account/account-video-rate.ts
@@ -11,7 +11,7 @@ import { AttributesOnly } from '@shared/typescript-utils'
 import { isActivityPubUrlValid } from '../../helpers/custom-validators/activitypub/misc'
 import { CONSTRAINTS_FIELDS, VIDEO_RATE_TYPES } from '../../initializers/constants'
 import { ActorModel } from '../actor/actor'
-import { getSort, throwIfNotValid } from '../utils'
+import { getSort, throwIfNotValid } from '../shared'
 import { VideoModel } from '../video/video'
 import { ScopeNames as VideoChannelScopeNames, SummaryOptions, VideoChannelModel } from '../video/video-channel'
 import { AccountModel } from './account'
diff --git a/server/models/account/account.ts b/server/models/account/account.ts
index 8a7dfba94..dc989417b 100644
--- a/server/models/account/account.ts
+++ b/server/models/account/account.ts
@@ -16,7 +16,7 @@ import {
   Table,
   UpdatedAt
 } from 'sequelize-typescript'
-import { ModelCache } from '@server/models/model-cache'
+import { ModelCache } from '@server/models/shared/model-cache'
 import { AttributesOnly } from '@shared/typescript-utils'
 import { Account, AccountSummary } from '../../../shared/models/actors'
 import { isAccountDescriptionValid } from '../../helpers/custom-validators/accounts'
@@ -38,7 +38,7 @@ import { ApplicationModel } from '../application/application'
 import { ServerModel } from '../server/server'
 import { ServerBlocklistModel } from '../server/server-blocklist'
 import { UserModel } from '../user/user'
-import { getSort, throwIfNotValid } from '../utils'
+import { buildSQLAttributes, getSort, throwIfNotValid } from '../shared'
 import { VideoModel } from '../video/video'
 import { VideoChannelModel } from '../video/video-channel'
 import { VideoCommentModel } from '../video/video-comment'
@@ -251,6 +251,18 @@ export class AccountModel extends Model<Partial<AttributesOnly<AccountModel>>> {
     return undefined
   }
 
+  // ---------------------------------------------------------------------------
+
+  static getSQLAttributes (tableName: string, aliasPrefix = '') {
+    return buildSQLAttributes({
+      model: this,
+      tableName,
+      aliasPrefix
+    })
+  }
+
+  // ---------------------------------------------------------------------------
+
   static load (id: number, transaction?: Transaction): Promise<MAccountDefault> {
     return AccountModel.findByPk(id, { transaction })
   }
diff --git a/server/models/actor/actor-follow.ts b/server/models/actor/actor-follow.ts
index 9615229dd..32e5d78b0 100644
--- a/server/models/actor/actor-follow.ts
+++ b/server/models/actor/actor-follow.ts
@@ -38,7 +38,7 @@ import { ACTOR_FOLLOW_SCORE, CONSTRAINTS_FIELDS, FOLLOW_STATES, SERVER_ACTOR_NAM
 import { AccountModel } from '../account/account'
 import { ServerModel } from '../server/server'
 import { doesExist } from '../shared/query'
-import { createSafeIn, getSort, searchAttribute, throwIfNotValid } from '../utils'
+import { buildSQLAttributes, createSafeIn, getSort, searchAttribute, throwIfNotValid } from '../shared'
 import { VideoChannelModel } from '../video/video-channel'
 import { ActorModel, unusedActorAttributesForAPI } from './actor'
 import { InstanceListFollowersQueryBuilder, ListFollowersOptions } from './sql/instance-list-followers-query-builder'
@@ -140,6 +140,18 @@ export class ActorFollowModel extends Model<Partial<AttributesOnly<ActorFollowMo
     })
   }
 
+  // ---------------------------------------------------------------------------
+
+  static getSQLAttributes (tableName: string, aliasPrefix = '') {
+    return buildSQLAttributes({
+      model: this,
+      tableName,
+      aliasPrefix
+    })
+  }
+
+  // ---------------------------------------------------------------------------
+
   /*
    * @deprecated Use `findOrCreateCustom` instead
   */
@@ -213,7 +225,7 @@ export class ActorFollowModel extends Model<Partial<AttributesOnly<ActorFollowMo
       `WHERE "actorId" = $followerActorId AND "targetActorId" = $actorId AND "state" = 'accepted' ` +
       `LIMIT 1`
 
-    return doesExist(query, { actorId, followerActorId })
+    return doesExist(this.sequelize, query, { actorId, followerActorId })
   }
 
   static loadByActorAndTarget (actorId: number, targetActorId: number, t?: Transaction): Promise<MActorFollowActorsDefault> {
diff --git a/server/models/actor/actor-image.ts b/server/models/actor/actor-image.ts
index f2b3b2f4b..9c34a0101 100644
--- a/server/models/actor/actor-image.ts
+++ b/server/models/actor/actor-image.ts
@@ -22,7 +22,7 @@ import { isActivityPubUrlValid } from '../../helpers/custom-validators/activityp
 import { logger } from '../../helpers/logger'
 import { CONFIG } from '../../initializers/config'
 import { LAZY_STATIC_PATHS, MIMETYPES, WEBSERVER } from '../../initializers/constants'
-import { throwIfNotValid } from '../utils'
+import { buildSQLAttributes, throwIfNotValid } from '../shared'
 import { ActorModel } from './actor'
 
 @Table({
@@ -94,6 +94,18 @@ export class ActorImageModel extends Model<Partial<AttributesOnly<ActorImageMode
       .catch(err => logger.error('Cannot remove actor image file %s.', instance.filename, { err }))
   }
 
+  // ---------------------------------------------------------------------------
+
+  static getSQLAttributes (tableName: string, aliasPrefix = '') {
+    return buildSQLAttributes({
+      model: this,
+      tableName,
+      aliasPrefix
+    })
+  }
+
+  // ---------------------------------------------------------------------------
+
   static loadByName (filename: string) {
     const query = {
       where: {
diff --git a/server/models/actor/actor.ts b/server/models/actor/actor.ts
index d7afa727d..1432e8757 100644
--- a/server/models/actor/actor.ts
+++ b/server/models/actor/actor.ts
@@ -17,7 +17,7 @@ import {
 } from 'sequelize-typescript'
 import { activityPubContextify } from '@server/lib/activitypub/context'
 import { getBiggestActorImage } from '@server/lib/actor-image'
-import { ModelCache } from '@server/models/model-cache'
+import { ModelCache } from '@server/models/shared/model-cache'
 import { forceNumber, getLowercaseExtension } from '@shared/core-utils'
 import { ActivityIconObject, ActivityPubActorType, ActorImageType } from '@shared/models'
 import { AttributesOnly } from '@shared/typescript-utils'
@@ -55,7 +55,7 @@ import {
 import { AccountModel } from '../account/account'
 import { getServerActor } from '../application/application'
 import { ServerModel } from '../server/server'
-import { isOutdated, throwIfNotValid } from '../utils'
+import { buildSQLAttributes, isOutdated, throwIfNotValid } from '../shared'
 import { VideoModel } from '../video/video'
 import { VideoChannelModel } from '../video/video-channel'
 import { ActorFollowModel } from './actor-follow'
@@ -65,7 +65,7 @@ enum ScopeNames {
   FULL = 'FULL'
 }
 
-export const unusedActorAttributesForAPI = [
+export const unusedActorAttributesForAPI: (keyof AttributesOnly<ActorModel>)[] = [
   'publicKey',
   'privateKey',
   'inboxUrl',
@@ -306,6 +306,27 @@ export class ActorModel extends Model<Partial<AttributesOnly<ActorModel>>> {
   })
   VideoChannel: VideoChannelModel
 
+  // ---------------------------------------------------------------------------
+
+  static getSQLAttributes (tableName: string, aliasPrefix = '') {
+    return buildSQLAttributes({
+      model: this,
+      tableName,
+      aliasPrefix
+    })
+  }
+
+  static getSQLAPIAttributes (tableName: string, aliasPrefix = '') {
+    return buildSQLAttributes({
+      model: this,
+      tableName,
+      aliasPrefix,
+      excludeAttributes: unusedActorAttributesForAPI
+    })
+  }
+
+  // ---------------------------------------------------------------------------
+
   static async load (id: number): Promise<MActor> {
     const actorServer = await getServerActor()
     if (id === actorServer.id) return actorServer
diff --git a/server/models/actor/sql/instance-list-followers-query-builder.ts b/server/models/actor/sql/instance-list-followers-query-builder.ts
index 4a17a8f11..34ce29b5d 100644
--- a/server/models/actor/sql/instance-list-followers-query-builder.ts
+++ b/server/models/actor/sql/instance-list-followers-query-builder.ts
@@ -1,8 +1,8 @@
 import { Sequelize } from 'sequelize'
 import { ModelBuilder } from '@server/models/shared'
-import { parseRowCountResult } from '@server/models/utils'
 import { MActorFollowActorsDefault } from '@server/types/models'
 import { ActivityPubActorType, FollowState } from '@shared/models'
+import { parseRowCountResult } from '../../shared'
 import { InstanceListFollowsQueryBuilder } from './shared/instance-list-follows-query-builder'
 
 export interface ListFollowersOptions {
diff --git a/server/models/actor/sql/instance-list-following-query-builder.ts b/server/models/actor/sql/instance-list-following-query-builder.ts
index 880170b85..77b4e3dce 100644
--- a/server/models/actor/sql/instance-list-following-query-builder.ts
+++ b/server/models/actor/sql/instance-list-following-query-builder.ts
@@ -1,8 +1,8 @@
 import { Sequelize } from 'sequelize'
 import { ModelBuilder } from '@server/models/shared'
-import { parseRowCountResult } from '@server/models/utils'
 import { MActorFollowActorsDefault } from '@server/types/models'
 import { ActivityPubActorType, FollowState } from '@shared/models'
+import { parseRowCountResult } from '../../shared'
 import { InstanceListFollowsQueryBuilder } from './shared/instance-list-follows-query-builder'
 
 export interface ListFollowingOptions {
diff --git a/server/models/actor/sql/shared/actor-follow-table-attributes.ts b/server/models/actor/sql/shared/actor-follow-table-attributes.ts
index 156b37d44..7dd908ece 100644
--- a/server/models/actor/sql/shared/actor-follow-table-attributes.ts
+++ b/server/models/actor/sql/shared/actor-follow-table-attributes.ts
@@ -1,62 +1,31 @@
+import { logger } from '@server/helpers/logger'
+import { Memoize } from '@server/helpers/memoize'
+import { ServerModel } from '@server/models/server/server'
+import { ActorModel } from '../../actor'
+import { ActorFollowModel } from '../../actor-follow'
+import { ActorImageModel } from '../../actor-image'
+
 export class ActorFollowTableAttributes {
 
+  @Memoize()
   getFollowAttributes () {
-    return [
-      '"ActorFollowModel"."id"',
-      '"ActorFollowModel"."state"',
-      '"ActorFollowModel"."score"',
-      '"ActorFollowModel"."url"',
-      '"ActorFollowModel"."actorId"',
-      '"ActorFollowModel"."targetActorId"',
-      '"ActorFollowModel"."createdAt"',
-      '"ActorFollowModel"."updatedAt"'
-    ].join(', ')
+    logger.error('coucou')
+
+    return ActorFollowModel.getSQLAttributes('ActorFollowModel').join(', ')
   }
 
+  @Memoize()
   getActorAttributes (actorTableName: string) {
-    return [
-      `"${actorTableName}"."id" AS "${actorTableName}.id"`,
-      `"${actorTableName}"."type" AS "${actorTableName}.type"`,
-      `"${actorTableName}"."preferredUsername" AS "${actorTableName}.preferredUsername"`,
-      `"${actorTableName}"."url" AS "${actorTableName}.url"`,
-      `"${actorTableName}"."publicKey" AS "${actorTableName}.publicKey"`,
-      `"${actorTableName}"."privateKey" AS "${actorTableName}.privateKey"`,
-      `"${actorTableName}"."followersCount" AS "${actorTableName}.followersCount"`,
-      `"${actorTableName}"."followingCount" AS "${actorTableName}.followingCount"`,
-      `"${actorTableName}"."inboxUrl" AS "${actorTableName}.inboxUrl"`,
-      `"${actorTableName}"."outboxUrl" AS "${actorTableName}.outboxUrl"`,
-      `"${actorTableName}"."sharedInboxUrl" AS "${actorTableName}.sharedInboxUrl"`,
-      `"${actorTableName}"."followersUrl" AS "${actorTableName}.followersUrl"`,
-      `"${actorTableName}"."followingUrl" AS "${actorTableName}.followingUrl"`,
-      `"${actorTableName}"."remoteCreatedAt" AS "${actorTableName}.remoteCreatedAt"`,
-      `"${actorTableName}"."serverId" AS "${actorTableName}.serverId"`,
-      `"${actorTableName}"."createdAt" AS "${actorTableName}.createdAt"`,
-      `"${actorTableName}"."updatedAt" AS "${actorTableName}.updatedAt"`
-    ].join(', ')
+    return ActorModel.getSQLAttributes(actorTableName, `${actorTableName}.`).join(', ')
   }
 
+  @Memoize()
   getServerAttributes (actorTableName: string) {
-    return [
-      `"${actorTableName}->Server"."id" AS "${actorTableName}.Server.id"`,
-      `"${actorTableName}->Server"."host" AS "${actorTableName}.Server.host"`,
-      `"${actorTableName}->Server"."redundancyAllowed" AS "${actorTableName}.Server.redundancyAllowed"`,
-      `"${actorTableName}->Server"."createdAt" AS "${actorTableName}.Server.createdAt"`,
-      `"${actorTableName}->Server"."updatedAt" AS "${actorTableName}.Server.updatedAt"`
-    ].join(', ')
+    return ServerModel.getSQLAttributes(`${actorTableName}->Server`, `${actorTableName}.Server.`).join(', ')
   }
 
+  @Memoize()
   getAvatarAttributes (actorTableName: string) {
-    return [
-      `"${actorTableName}->Avatars"."id" AS "${actorTableName}.Avatars.id"`,
-      `"${actorTableName}->Avatars"."filename" AS "${actorTableName}.Avatars.filename"`,
-      `"${actorTableName}->Avatars"."height" AS "${actorTableName}.Avatars.height"`,
-      `"${actorTableName}->Avatars"."width" AS "${actorTableName}.Avatars.width"`,
-      `"${actorTableName}->Avatars"."fileUrl" AS "${actorTableName}.Avatars.fileUrl"`,
-      `"${actorTableName}->Avatars"."onDisk" AS "${actorTableName}.Avatars.onDisk"`,
-      `"${actorTableName}->Avatars"."type" AS "${actorTableName}.Avatars.type"`,
-      `"${actorTableName}->Avatars"."actorId" AS "${actorTableName}.Avatars.actorId"`,
-      `"${actorTableName}->Avatars"."createdAt" AS "${actorTableName}.Avatars.createdAt"`,
-      `"${actorTableName}->Avatars"."updatedAt" AS "${actorTableName}.Avatars.updatedAt"`
-    ].join(', ')
+    return ActorImageModel.getSQLAttributes(`${actorTableName}->Avatars`, `${actorTableName}.Avatars.`).join(', ')
   }
 }
diff --git a/server/models/actor/sql/shared/instance-list-follows-query-builder.ts b/server/models/actor/sql/shared/instance-list-follows-query-builder.ts
index 1d70fbe70..d9593e48b 100644
--- a/server/models/actor/sql/shared/instance-list-follows-query-builder.ts
+++ b/server/models/actor/sql/shared/instance-list-follows-query-builder.ts
@@ -1,7 +1,7 @@
 import { Sequelize } from 'sequelize'
 import { AbstractRunQuery } from '@server/models/shared'
-import { getInstanceFollowsSort } from '@server/models/utils'
 import { ActorImageType } from '@shared/models'
+import { getInstanceFollowsSort } from '../../../shared'
 import { ActorFollowTableAttributes } from './actor-follow-table-attributes'
 
 type BaseOptions = {
diff --git a/server/models/redundancy/video-redundancy.ts b/server/models/redundancy/video-redundancy.ts
index 15909d5f3..c2a72b71f 100644
--- a/server/models/redundancy/video-redundancy.ts
+++ b/server/models/redundancy/video-redundancy.ts
@@ -34,7 +34,7 @@ import { CONFIG } from '../../initializers/config'
 import { CONSTRAINTS_FIELDS, MIMETYPES } from '../../initializers/constants'
 import { ActorModel } from '../actor/actor'
 import { ServerModel } from '../server/server'
-import { getSort, getVideoSort, parseAggregateResult, throwIfNotValid } from '../utils'
+import { getSort, getVideoSort, parseAggregateResult, throwIfNotValid } from '../shared'
 import { ScheduleVideoUpdateModel } from '../video/schedule-video-update'
 import { VideoModel } from '../video/video'
 import { VideoChannelModel } from '../video/video-channel'
diff --git a/server/models/server/plugin.ts b/server/models/server/plugin.ts
index 71c205ffa..9948c9f7a 100644
--- a/server/models/server/plugin.ts
+++ b/server/models/server/plugin.ts
@@ -11,7 +11,7 @@ import {
   isPluginStableVersionValid,
   isPluginTypeValid
 } from '../../helpers/custom-validators/plugins'
-import { getSort, throwIfNotValid } from '../utils'
+import { getSort, throwIfNotValid } from '../shared'
 
 @DefaultScope(() => ({
   attributes: {
diff --git a/server/models/server/server-blocklist.ts b/server/models/server/server-blocklist.ts
index 9752dfbc3..3d755fe4a 100644
--- a/server/models/server/server-blocklist.ts
+++ b/server/models/server/server-blocklist.ts
@@ -4,7 +4,7 @@ import { MServerBlocklist, MServerBlocklistAccountServer, MServerBlocklistFormat
 import { ServerBlock } from '@shared/models'
 import { AttributesOnly } from '@shared/typescript-utils'
 import { AccountModel } from '../account/account'
-import { createSafeIn, getSort, searchAttribute } from '../utils'
+import { createSafeIn, getSort, searchAttribute } from '../shared'
 import { ServerModel } from './server'
 
 enum ScopeNames {
diff --git a/server/models/server/server.ts b/server/models/server/server.ts
index ef42de090..a5e05f460 100644
--- a/server/models/server/server.ts
+++ b/server/models/server/server.ts
@@ -4,7 +4,7 @@ import { MServer, MServerFormattable } from '@server/types/models/server'
 import { AttributesOnly } from '@shared/typescript-utils'
 import { isHostValid } from '../../helpers/custom-validators/servers'
 import { ActorModel } from '../actor/actor'
-import { throwIfNotValid } from '../utils'
+import { buildSQLAttributes, throwIfNotValid } from '../shared'
 import { ServerBlocklistModel } from './server-blocklist'
 
 @Table({
@@ -52,6 +52,18 @@ export class ServerModel extends Model<Partial<AttributesOnly<ServerModel>>> {
   })
   BlockedBy: ServerBlocklistModel[]
 
+  // ---------------------------------------------------------------------------
+
+  static getSQLAttributes (tableName: string, aliasPrefix = '') {
+    return buildSQLAttributes({
+      model: this,
+      tableName,
+      aliasPrefix
+    })
+  }
+
+  // ---------------------------------------------------------------------------
+
   static load (id: number, transaction?: Transaction): Promise<MServer> {
     const query = {
       where: {
diff --git a/server/models/shared/index.ts b/server/models/shared/index.ts
index 04528929c..5a7621e4d 100644
--- a/server/models/shared/index.ts
+++ b/server/models/shared/index.ts
@@ -1,4 +1,8 @@
 export * from './abstract-run-query'
 export * from './model-builder'
+export * from './model-cache'
 export * from './query'
+export * from './sequelize-helpers'
+export * from './sort'
+export * from './sql'
 export * from './update'
diff --git a/server/models/shared/model-builder.ts b/server/models/shared/model-builder.ts
index c015ca4f5..07f7c4038 100644
--- a/server/models/shared/model-builder.ts
+++ b/server/models/shared/model-builder.ts
@@ -1,7 +1,24 @@
 import { isPlainObject } from 'lodash'
-import { Model as SequelizeModel, Sequelize } from 'sequelize'
+import { Model as SequelizeModel, ModelStatic, Sequelize } from 'sequelize'
 import { logger } from '@server/helpers/logger'
 
+/**
+ *
+ * Build Sequelize models from sequelize raw query (that must use { nest: true } options)
+ *
+ * In order to sequelize to correctly build the JSON this class will ingest,
+ * the columns selected in the raw query should be in the following form:
+ *   * All tables must be Pascal Cased (for example "VideoChannel")
+ *   * Root table must end with `Model` (for example "VideoCommentModel")
+ *   * Joined tables must contain the origin table name + '->JoinedTable'. For example:
+ *     * "Actor" is joined to "Account": "Actor" table must be renamed "Account->Actor"
+ *     * "Account->Actor" is joined to "Server": "Server" table must be renamed to "Account->Actor->Server"
+ *   * Selected columns must be renamed to contain the JSON path:
+ *     * "videoComment"."id": "VideoCommentModel"."id"
+ *     * "Account"."Actor"."Server"."id": "Account.Actor.Server.id"
+ *   * All tables must contain the row id
+ */
+
 export class ModelBuilder <T extends SequelizeModel> {
   private readonly modelRegistry = new Map<string, T>()
 
@@ -72,18 +89,18 @@ export class ModelBuilder <T extends SequelizeModel> {
         'Cannot build model %s that does not exist', this.buildSequelizeModelName(modelName),
         { existing: this.sequelize.modelManager.all.map(m => m.name) }
       )
-      return undefined
+      return { created: false, model: null }
     }
 
-    // FIXME: typings
-    const model = new (Model as any)(json)
+    const model = Model.build(json, { raw: true, isNewRecord: false })
+
     this.modelRegistry.set(registryKey, model)
 
     return { created: true, model }
   }
 
   private findModelBuilder (modelName: string) {
-    return this.sequelize.modelManager.getModel(this.buildSequelizeModelName(modelName))
+    return this.sequelize.modelManager.getModel(this.buildSequelizeModelName(modelName)) as ModelStatic<T>
   }
 
   private buildSequelizeModelName (modelName: string) {
diff --git a/server/models/model-cache.ts b/server/models/shared/model-cache.ts
index 3651267e7..3651267e7 100644
--- a/server/models/model-cache.ts
+++ b/server/models/shared/model-cache.ts
diff --git a/server/models/shared/query.ts b/server/models/shared/query.ts
index 036cc13c6..934acc21f 100644
--- a/server/models/shared/query.ts
+++ b/server/models/shared/query.ts
@@ -1,17 +1,82 @@
-import { BindOrReplacements, QueryTypes } from 'sequelize'
-import { sequelizeTypescript } from '@server/initializers/database'
+import { BindOrReplacements, Op, QueryTypes, Sequelize } from 'sequelize'
+import validator from 'validator'
+import { forceNumber } from '@shared/core-utils'
 
-function doesExist (query: string, bind?: BindOrReplacements) {
+function doesExist (sequelize: Sequelize, query: string, bind?: BindOrReplacements) {
   const options = {
     type: QueryTypes.SELECT as QueryTypes.SELECT,
     bind,
     raw: true
   }
 
-  return sequelizeTypescript.query(query, options)
+  return sequelize.query(query, options)
             .then(results => results.length === 1)
 }
 
+function createSimilarityAttribute (col: string, value: string) {
+  return Sequelize.fn(
+    'similarity',
+
+    searchTrigramNormalizeCol(col),
+
+    searchTrigramNormalizeValue(value)
+  )
+}
+
+function buildWhereIdOrUUID (id: number | string) {
+  return validator.isInt('' + id) ? { id } : { uuid: id }
+}
+
+function parseAggregateResult (result: any) {
+  if (!result) return 0
+
+  const total = forceNumber(result)
+  if (isNaN(total)) return 0
+
+  return total
+}
+
+function parseRowCountResult (result: any) {
+  if (result.length !== 0) return result[0].total
+
+  return 0
+}
+
+function createSafeIn (sequelize: Sequelize, toEscape: (string | number)[], additionalUnescaped: string[] = []) {
+  return toEscape.map(t => {
+    return t === null
+      ? null
+      : sequelize.escape('' + t)
+  }).concat(additionalUnescaped).join(', ')
+}
+
+function searchAttribute (sourceField?: string, targetField?: string) {
+  if (!sourceField) return {}
+
+  return {
+    [targetField]: {
+      // FIXME: ts error
+      [Op.iLike as any]: `%${sourceField}%`
+    }
+  }
+}
+
 export {
-  doesExist
+  doesExist,
+  createSimilarityAttribute,
+  buildWhereIdOrUUID,
+  parseAggregateResult,
+  parseRowCountResult,
+  createSafeIn,
+  searchAttribute
+}
+
+// ---------------------------------------------------------------------------
+
+function searchTrigramNormalizeValue (value: string) {
+  return Sequelize.fn('lower', Sequelize.fn('immutable_unaccent', value))
+}
+
+function searchTrigramNormalizeCol (col: string) {
+  return Sequelize.fn('lower', Sequelize.fn('immutable_unaccent', Sequelize.col(col)))
 }
diff --git a/server/models/shared/sequelize-helpers.ts b/server/models/shared/sequelize-helpers.ts
new file mode 100644
index 000000000..7af8471dc
--- /dev/null
+++ b/server/models/shared/sequelize-helpers.ts
@@ -0,0 +1,39 @@
+import { Sequelize } from 'sequelize'
+
+function isOutdated (model: { createdAt: Date, updatedAt: Date }, refreshInterval: number) {
+  if (!model.createdAt || !model.updatedAt) {
+    throw new Error('Miss createdAt & updatedAt attributes to model')
+  }
+
+  const now = Date.now()
+  const createdAtTime = model.createdAt.getTime()
+  const updatedAtTime = model.updatedAt.getTime()
+
+  return (now - createdAtTime) > refreshInterval && (now - updatedAtTime) > refreshInterval
+}
+
+function throwIfNotValid (value: any, validator: (value: any) => boolean, fieldName = 'value', nullable = false) {
+  if (nullable && (value === null || value === undefined)) return
+
+  if (validator(value) === false) {
+    throw new Error(`"${value}" is not a valid ${fieldName}.`)
+  }
+}
+
+function buildTrigramSearchIndex (indexName: string, attribute: string) {
+  return {
+    name: indexName,
+    // FIXME: gin_trgm_ops is not taken into account in Sequelize 6, so adding it ourselves in the literal function
+    fields: [ Sequelize.literal('lower(immutable_unaccent(' + attribute + ')) gin_trgm_ops') as any ],
+    using: 'gin',
+    operator: 'gin_trgm_ops'
+  }
+}
+
+// ---------------------------------------------------------------------------
+
+export {
+  throwIfNotValid,
+  buildTrigramSearchIndex,
+  isOutdated
+}
diff --git a/server/models/shared/sort.ts b/server/models/shared/sort.ts
new file mode 100644
index 000000000..77e84dcf4
--- /dev/null
+++ b/server/models/shared/sort.ts
@@ -0,0 +1,160 @@
+import { literal, OrderItem, Sequelize } from 'sequelize'
+
+// Translate for example "-name" to [ [ 'name', 'DESC' ], [ 'id', 'ASC' ] ]
+function getSort (value: string, lastSort: OrderItem = [ 'id', 'ASC' ]): OrderItem[] {
+  const { direction, field } = buildSortDirectionAndField(value)
+
+  let finalField: string | ReturnType<typeof Sequelize.col>
+
+  if (field.toLowerCase() === 'match') { // Search
+    finalField = Sequelize.col('similarity')
+  } else {
+    finalField = field
+  }
+
+  return [ [ finalField, direction ], lastSort ]
+}
+
+function getAdminUsersSort (value: string): OrderItem[] {
+  const { direction, field } = buildSortDirectionAndField(value)
+
+  let finalField: string | ReturnType<typeof Sequelize.col>
+
+  if (field === 'videoQuotaUsed') { // Users list
+    finalField = Sequelize.col('videoQuotaUsed')
+  } else {
+    finalField = field
+  }
+
+  const nullPolicy = direction === 'ASC'
+    ? 'NULLS FIRST'
+    : 'NULLS LAST'
+
+  // FIXME: typings
+  return [ [ finalField as any, direction, nullPolicy ], [ 'id', 'ASC' ] ]
+}
+
+function getPlaylistSort (value: string, lastSort: OrderItem = [ 'id', 'ASC' ]): OrderItem[] {
+  const { direction, field } = buildSortDirectionAndField(value)
+
+  if (field.toLowerCase() === 'name') {
+    return [ [ 'displayName', direction ], lastSort ]
+  }
+
+  return getSort(value, lastSort)
+}
+
+function getCommentSort (value: string, lastSort: OrderItem = [ 'id', 'ASC' ]): OrderItem[] {
+  const { direction, field } = buildSortDirectionAndField(value)
+
+  if (field === 'totalReplies') {
+    return [
+      [ Sequelize.literal('"totalReplies"'), direction ],
+      lastSort
+    ]
+  }
+
+  return getSort(value, lastSort)
+}
+
+function getVideoSort (value: string, lastSort: OrderItem = [ 'id', 'ASC' ]): OrderItem[] {
+  const { direction, field } = buildSortDirectionAndField(value)
+
+  if (field.toLowerCase() === 'trending') { // Sort by aggregation
+    return [
+      [ Sequelize.fn('COALESCE', Sequelize.fn('SUM', Sequelize.col('VideoViews.views')), '0'), direction ],
+
+      [ Sequelize.col('VideoModel.views'), direction ],
+
+      lastSort
+    ]
+  } else if (field === 'publishedAt') {
+    return [
+      [ 'ScheduleVideoUpdate', 'updateAt', direction + ' NULLS LAST' ],
+
+      [ Sequelize.col('VideoModel.publishedAt'), direction ],
+
+      lastSort
+    ]
+  }
+
+  let finalField: string | ReturnType<typeof Sequelize.col>
+
+  // Alias
+  if (field.toLowerCase() === 'match') { // Search
+    finalField = Sequelize.col('similarity')
+  } else {
+    finalField = field
+  }
+
+  const firstSort: OrderItem = typeof finalField === 'string'
+    ? finalField.split('.').concat([ direction ]) as OrderItem
+    : [ finalField, direction ]
+
+  return [ firstSort, lastSort ]
+}
+
+function getBlacklistSort (value: string, lastSort: OrderItem = [ 'id', 'ASC' ]): OrderItem[] {
+  const { direction, field } = buildSortDirectionAndField(value)
+
+  const videoFields = new Set([ 'name', 'duration', 'views', 'likes', 'dislikes', 'uuid' ])
+
+  if (videoFields.has(field)) {
+    return [
+      [ literal(`"Video.${field}" ${direction}`) ],
+      lastSort
+    ] as OrderItem[]
+  }
+
+  return getSort(value, lastSort)
+}
+
+function getInstanceFollowsSort (value: string, lastSort: OrderItem = [ 'id', 'ASC' ]): OrderItem[] {
+  const { direction, field } = buildSortDirectionAndField(value)
+
+  if (field === 'redundancyAllowed') {
+    return [
+      [ 'ActorFollowing.Server.redundancyAllowed', direction ],
+      lastSort
+    ]
+  }
+
+  return getSort(value, lastSort)
+}
+
+function getChannelSyncSort (value: string): OrderItem[] {
+  const { direction, field } = buildSortDirectionAndField(value)
+  if (field.toLowerCase() === 'videochannel') {
+    return [
+      [ literal('"VideoChannel.name"'), direction ]
+    ]
+  }
+  return [ [ field, direction ] ]
+}
+
+function buildSortDirectionAndField (value: string) {
+  let field: string
+  let direction: 'ASC' | 'DESC'
+
+  if (value.substring(0, 1) === '-') {
+    direction = 'DESC'
+    field = value.substring(1)
+  } else {
+    direction = 'ASC'
+    field = value
+  }
+
+  return { direction, field }
+}
+
+export {
+  buildSortDirectionAndField,
+  getPlaylistSort,
+  getSort,
+  getCommentSort,
+  getAdminUsersSort,
+  getVideoSort,
+  getBlacklistSort,
+  getChannelSyncSort,
+  getInstanceFollowsSort
+}
diff --git a/server/models/shared/sql.ts b/server/models/shared/sql.ts
new file mode 100644
index 000000000..5aaeb49f0
--- /dev/null
+++ b/server/models/shared/sql.ts
@@ -0,0 +1,68 @@
+import { literal, Model, ModelStatic } from 'sequelize'
+import { forceNumber } from '@shared/core-utils'
+import { AttributesOnly } from '@shared/typescript-utils'
+
+function buildLocalAccountIdsIn () {
+  return literal(
+    '(SELECT "account"."id" FROM "account" INNER JOIN "actor" ON "actor"."id" = "account"."actorId" AND "actor"."serverId" IS NULL)'
+  )
+}
+
+function buildLocalActorIdsIn () {
+  return literal(
+    '(SELECT "actor"."id" FROM "actor" WHERE "actor"."serverId" IS NULL)'
+  )
+}
+
+function buildBlockedAccountSQL (blockerIds: number[]) {
+  const blockerIdsString = blockerIds.join(', ')
+
+  return 'SELECT "targetAccountId" AS "id" FROM "accountBlocklist" WHERE "accountId" IN (' + blockerIdsString + ')' +
+    ' UNION ' +
+    'SELECT "account"."id" AS "id" FROM account INNER JOIN "actor" ON account."actorId" = actor.id ' +
+    'INNER JOIN "serverBlocklist" ON "actor"."serverId" = "serverBlocklist"."targetServerId" ' +
+    'WHERE "serverBlocklist"."accountId" IN (' + blockerIdsString + ')'
+}
+
+function buildServerIdsFollowedBy (actorId: any) {
+  const actorIdNumber = forceNumber(actorId)
+
+  return '(' +
+    'SELECT "actor"."serverId" FROM "actorFollow" ' +
+    'INNER JOIN "actor" ON actor.id = "actorFollow"."targetActorId" ' +
+    'WHERE "actorFollow"."actorId" = ' + actorIdNumber +
+    ')'
+}
+
+function buildSQLAttributes<M extends Model> (options: {
+  model: ModelStatic<M>
+  tableName: string
+
+  excludeAttributes?: Exclude<keyof AttributesOnly<M>, symbol>[]
+  aliasPrefix?: string
+}) {
+  const { model, tableName, aliasPrefix, excludeAttributes } = options
+
+  const attributes = Object.keys(model.getAttributes()) as Exclude<keyof AttributesOnly<M>, symbol>[]
+
+  return attributes
+    .filter(a => {
+      if (!excludeAttributes) return true
+      if (excludeAttributes.includes(a)) return false
+
+      return true
+    })
+    .map(a => {
+      return `"${tableName}"."${a}" AS "${aliasPrefix || ''}${a}"`
+    })
+}
+
+// ---------------------------------------------------------------------------
+
+export {
+  buildSQLAttributes,
+  buildBlockedAccountSQL,
+  buildServerIdsFollowedBy,
+  buildLocalAccountIdsIn,
+  buildLocalActorIdsIn
+}
diff --git a/server/models/shared/update.ts b/server/models/shared/update.ts
index d338211e3..d02c4535d 100644
--- a/server/models/shared/update.ts
+++ b/server/models/shared/update.ts
@@ -1,9 +1,15 @@
-import { QueryTypes, Transaction } from 'sequelize'
-import { sequelizeTypescript } from '@server/initializers/database'
+import { QueryTypes, Sequelize, Transaction } from 'sequelize'
 
 // Sequelize always skip the update if we only update updatedAt field
-function setAsUpdated (table: string, id: number, transaction?: Transaction) {
-  return sequelizeTypescript.query(
+function setAsUpdated (options: {
+  sequelize: Sequelize
+  table: string
+  id: number
+  transaction?: Transaction
+}) {
+  const { sequelize, table, id, transaction } = options
+
+  return sequelize.query(
     `UPDATE "${table}" SET "updatedAt" = :updatedAt WHERE id = :id`,
     {
       replacements: { table, id, updatedAt: new Date() },
diff --git a/server/models/user/sql/user-notitication-list-query-builder.ts b/server/models/user/sql/user-notitication-list-query-builder.ts
index 31b4932bf..d11546df0 100644
--- a/server/models/user/sql/user-notitication-list-query-builder.ts
+++ b/server/models/user/sql/user-notitication-list-query-builder.ts
@@ -1,8 +1,8 @@
 import { Sequelize } from 'sequelize'
 import { AbstractRunQuery, ModelBuilder } from '@server/models/shared'
-import { getSort } from '@server/models/utils'
 import { UserNotificationModelForApi } from '@server/types/models'
 import { ActorImageType } from '@shared/models'
+import { getSort } from '../../shared'
 
 export interface ListNotificationsOptions {
   userId: number
diff --git a/server/models/user/user-notification-setting.ts b/server/models/user/user-notification-setting.ts
index 66e1d85b3..394494c0c 100644
--- a/server/models/user/user-notification-setting.ts
+++ b/server/models/user/user-notification-setting.ts
@@ -17,7 +17,7 @@ import { MNotificationSettingFormattable } from '@server/types/models'
 import { AttributesOnly } from '@shared/typescript-utils'
 import { UserNotificationSetting, UserNotificationSettingValue } from '../../../shared/models/users/user-notification-setting.model'
 import { isUserNotificationSettingValid } from '../../helpers/custom-validators/user-notifications'
-import { throwIfNotValid } from '../utils'
+import { throwIfNotValid } from '../shared'
 import { UserModel } from './user'
 
 @Table({
diff --git a/server/models/user/user-notification.ts b/server/models/user/user-notification.ts
index d37fa5dc7..6e134158f 100644
--- a/server/models/user/user-notification.ts
+++ b/server/models/user/user-notification.ts
@@ -13,7 +13,7 @@ import { AccountModel } from '../account/account'
 import { ActorFollowModel } from '../actor/actor-follow'
 import { ApplicationModel } from '../application/application'
 import { PluginModel } from '../server/plugin'
-import { throwIfNotValid } from '../utils'
+import { throwIfNotValid } from '../shared'
 import { VideoModel } from '../video/video'
 import { VideoBlacklistModel } from '../video/video-blacklist'
 import { VideoCommentModel } from '../video/video-comment'
diff --git a/server/models/user/user.ts b/server/models/user/user.ts
index 672728a2a..0932a367a 100644
--- a/server/models/user/user.ts
+++ b/server/models/user/user.ts
@@ -30,6 +30,7 @@ import {
   MUserNotifSettingChannelDefault,
   MUserWithNotificationSetting
 } from '@server/types/models'
+import { forceNumber } from '@shared/core-utils'
 import { AttributesOnly } from '@shared/typescript-utils'
 import { hasUserRight, USER_ROLE_LABELS } from '../../../shared/core-utils/users'
 import { AbuseState, MyUser, UserRight, VideoPlaylistType } from '../../../shared/models'
@@ -63,14 +64,13 @@ import { ActorModel } from '../actor/actor'
 import { ActorFollowModel } from '../actor/actor-follow'
 import { ActorImageModel } from '../actor/actor-image'
 import { OAuthTokenModel } from '../oauth/oauth-token'
-import { getAdminUsersSort, throwIfNotValid } from '../utils'
+import { getAdminUsersSort, throwIfNotValid } from '../shared'
 import { VideoModel } from '../video/video'
 import { VideoChannelModel } from '../video/video-channel'
 import { VideoImportModel } from '../video/video-import'
 import { VideoLiveModel } from '../video/video-live'
 import { VideoPlaylistModel } from '../video/video-playlist'
 import { UserNotificationSettingModel } from './user-notification-setting'
-import { forceNumber } from '@shared/core-utils'
 
 enum ScopeNames {
   FOR_ME_API = 'FOR_ME_API',
diff --git a/server/models/utils.ts b/server/models/utils.ts
deleted file mode 100644
index 3476799ce..000000000
--- a/server/models/utils.ts
+++ /dev/null
@@ -1,317 +0,0 @@
-import { literal, Op, OrderItem, Sequelize } from 'sequelize'
-import validator from 'validator'
-import { forceNumber } from '@shared/core-utils'
-
-type SortType = { sortModel: string, sortValue: string }
-
-// Translate for example "-name" to [ [ 'name', 'DESC' ], [ 'id', 'ASC' ] ]
-function getSort (value: string, lastSort: OrderItem = [ 'id', 'ASC' ]): OrderItem[] {
-  const { direction, field } = buildDirectionAndField(value)
-
-  let finalField: string | ReturnType<typeof Sequelize.col>
-
-  if (field.toLowerCase() === 'match') { // Search
-    finalField = Sequelize.col('similarity')
-  } else {
-    finalField = field
-  }
-
-  return [ [ finalField, direction ], lastSort ]
-}
-
-function getAdminUsersSort (value: string): OrderItem[] {
-  const { direction, field } = buildDirectionAndField(value)
-
-  let finalField: string | ReturnType<typeof Sequelize.col>
-
-  if (field === 'videoQuotaUsed') { // Users list
-    finalField = Sequelize.col('videoQuotaUsed')
-  } else {
-    finalField = field
-  }
-
-  const nullPolicy = direction === 'ASC'
-    ? 'NULLS FIRST'
-    : 'NULLS LAST'
-
-  // FIXME: typings
-  return [ [ finalField as any, direction, nullPolicy ], [ 'id', 'ASC' ] ]
-}
-
-function getPlaylistSort (value: string, lastSort: OrderItem = [ 'id', 'ASC' ]): OrderItem[] {
-  const { direction, field } = buildDirectionAndField(value)
-
-  if (field.toLowerCase() === 'name') {
-    return [ [ 'displayName', direction ], lastSort ]
-  }
-
-  return getSort(value, lastSort)
-}
-
-function getCommentSort (value: string, lastSort: OrderItem = [ 'id', 'ASC' ]): OrderItem[] {
-  const { direction, field } = buildDirectionAndField(value)
-
-  if (field === 'totalReplies') {
-    return [
-      [ Sequelize.literal('"totalReplies"'), direction ],
-      lastSort
-    ]
-  }
-
-  return getSort(value, lastSort)
-}
-
-function getVideoSort (value: string, lastSort: OrderItem = [ 'id', 'ASC' ]): OrderItem[] {
-  const { direction, field } = buildDirectionAndField(value)
-
-  if (field.toLowerCase() === 'trending') { // Sort by aggregation
-    return [
-      [ Sequelize.fn('COALESCE', Sequelize.fn('SUM', Sequelize.col('VideoViews.views')), '0'), direction ],
-
-      [ Sequelize.col('VideoModel.views'), direction ],
-
-      lastSort
-    ]
-  } else if (field === 'publishedAt') {
-    return [
-      [ 'ScheduleVideoUpdate', 'updateAt', direction + ' NULLS LAST' ],
-
-      [ Sequelize.col('VideoModel.publishedAt'), direction ],
-
-      lastSort
-    ]
-  }
-
-  let finalField: string | ReturnType<typeof Sequelize.col>
-
-  // Alias
-  if (field.toLowerCase() === 'match') { // Search
-    finalField = Sequelize.col('similarity')
-  } else {
-    finalField = field
-  }
-
-  const firstSort: OrderItem = typeof finalField === 'string'
-    ? finalField.split('.').concat([ direction ]) as OrderItem
-    : [ finalField, direction ]
-
-  return [ firstSort, lastSort ]
-}
-
-function getBlacklistSort (model: any, value: string, lastSort: OrderItem = [ 'id', 'ASC' ]): OrderItem[] {
-  const [ firstSort ] = getSort(value)
-
-  if (model) return [ [ literal(`"${model}.${firstSort[0]}" ${firstSort[1]}`) ], lastSort ] as OrderItem[]
-  return [ firstSort, lastSort ]
-}
-
-function getInstanceFollowsSort (value: string, lastSort: OrderItem = [ 'id', 'ASC' ]): OrderItem[] {
-  const { direction, field } = buildDirectionAndField(value)
-
-  if (field === 'redundancyAllowed') {
-    return [
-      [ 'ActorFollowing.Server.redundancyAllowed', direction ],
-      lastSort
-    ]
-  }
-
-  return getSort(value, lastSort)
-}
-
-function getChannelSyncSort (value: string): OrderItem[] {
-  const { direction, field } = buildDirectionAndField(value)
-  if (field.toLowerCase() === 'videochannel') {
-    return [
-      [ literal('"VideoChannel.name"'), direction ]
-    ]
-  }
-  return [ [ field, direction ] ]
-}
-
-function isOutdated (model: { createdAt: Date, updatedAt: Date }, refreshInterval: number) {
-  if (!model.createdAt || !model.updatedAt) {
-    throw new Error('Miss createdAt & updatedAt attributes to model')
-  }
-
-  const now = Date.now()
-  const createdAtTime = model.createdAt.getTime()
-  const updatedAtTime = model.updatedAt.getTime()
-
-  return (now - createdAtTime) > refreshInterval && (now - updatedAtTime) > refreshInterval
-}
-
-function throwIfNotValid (value: any, validator: (value: any) => boolean, fieldName = 'value', nullable = false) {
-  if (nullable && (value === null || value === undefined)) return
-
-  if (validator(value) === false) {
-    throw new Error(`"${value}" is not a valid ${fieldName}.`)
-  }
-}
-
-function buildTrigramSearchIndex (indexName: string, attribute: string) {
-  return {
-    name: indexName,
-    // FIXME: gin_trgm_ops is not taken into account in Sequelize 6, so adding it ourselves in the literal function
-    fields: [ Sequelize.literal('lower(immutable_unaccent(' + attribute + ')) gin_trgm_ops') as any ],
-    using: 'gin',
-    operator: 'gin_trgm_ops'
-  }
-}
-
-function createSimilarityAttribute (col: string, value: string) {
-  return Sequelize.fn(
-    'similarity',
-
-    searchTrigramNormalizeCol(col),
-
-    searchTrigramNormalizeValue(value)
-  )
-}
-
-function buildBlockedAccountSQL (blockerIds: number[]) {
-  const blockerIdsString = blockerIds.join(', ')
-
-  return 'SELECT "targetAccountId" AS "id" FROM "accountBlocklist" WHERE "accountId" IN (' + blockerIdsString + ')' +
-    ' UNION ' +
-    'SELECT "account"."id" AS "id" FROM account INNER JOIN "actor" ON account."actorId" = actor.id ' +
-    'INNER JOIN "serverBlocklist" ON "actor"."serverId" = "serverBlocklist"."targetServerId" ' +
-    'WHERE "serverBlocklist"."accountId" IN (' + blockerIdsString + ')'
-}
-
-function buildBlockedAccountSQLOptimized (columnNameJoin: string, blockerIds: number[]) {
-  const blockerIdsString = blockerIds.join(', ')
-
-  return [
-    literal(
-      `NOT EXISTS (` +
-      `  SELECT 1 FROM "accountBlocklist" ` +
-      `  WHERE "targetAccountId" = ${columnNameJoin} ` +
-      `  AND "accountId" IN (${blockerIdsString})` +
-      `)`
-    ),
-
-    literal(
-      `NOT EXISTS (` +
-      `  SELECT 1 FROM "account" ` +
-      `  INNER JOIN "actor" ON account."actorId" = actor.id ` +
-      `  INNER JOIN "serverBlocklist" ON "actor"."serverId" = "serverBlocklist"."targetServerId" ` +
-      `  WHERE "account"."id" = ${columnNameJoin} ` +
-      `  AND "serverBlocklist"."accountId" IN (${blockerIdsString})` +
-      `)`
-    )
-  ]
-}
-
-function buildServerIdsFollowedBy (actorId: any) {
-  const actorIdNumber = forceNumber(actorId)
-
-  return '(' +
-    'SELECT "actor"."serverId" FROM "actorFollow" ' +
-    'INNER JOIN "actor" ON actor.id = "actorFollow"."targetActorId" ' +
-    'WHERE "actorFollow"."actorId" = ' + actorIdNumber +
-  ')'
-}
-
-function buildWhereIdOrUUID (id: number | string) {
-  return validator.isInt('' + id) ? { id } : { uuid: id }
-}
-
-function parseAggregateResult (result: any) {
-  if (!result) return 0
-
-  const total = forceNumber(result)
-  if (isNaN(total)) return 0
-
-  return total
-}
-
-function parseRowCountResult (result: any) {
-  if (result.length !== 0) return result[0].total
-
-  return 0
-}
-
-function createSafeIn (sequelize: Sequelize, stringArr: (string | number)[]) {
-  return stringArr.map(t => {
-    return t === null
-      ? null
-      : sequelize.escape('' + t)
-  }).join(', ')
-}
-
-function buildLocalAccountIdsIn () {
-  return literal(
-    '(SELECT "account"."id" FROM "account" INNER JOIN "actor" ON "actor"."id" = "account"."actorId" AND "actor"."serverId" IS NULL)'
-  )
-}
-
-function buildLocalActorIdsIn () {
-  return literal(
-    '(SELECT "actor"."id" FROM "actor" WHERE "actor"."serverId" IS NULL)'
-  )
-}
-
-function buildDirectionAndField (value: string) {
-  let field: string
-  let direction: 'ASC' | 'DESC'
-
-  if (value.substring(0, 1) === '-') {
-    direction = 'DESC'
-    field = value.substring(1)
-  } else {
-    direction = 'ASC'
-    field = value
-  }
-
-  return { direction, field }
-}
-
-function searchAttribute (sourceField?: string, targetField?: string) {
-  if (!sourceField) return {}
-
-  return {
-    [targetField]: {
-      // FIXME: ts error
-      [Op.iLike as any]: `%${sourceField}%`
-    }
-  }
-}
-
-// ---------------------------------------------------------------------------
-
-export {
-  buildBlockedAccountSQL,
-  buildBlockedAccountSQLOptimized,
-  buildLocalActorIdsIn,
-  getPlaylistSort,
-  SortType,
-  buildLocalAccountIdsIn,
-  getSort,
-  getCommentSort,
-  getAdminUsersSort,
-  getVideoSort,
-  getBlacklistSort,
-  getChannelSyncSort,
-  createSimilarityAttribute,
-  throwIfNotValid,
-  buildServerIdsFollowedBy,
-  buildTrigramSearchIndex,
-  buildWhereIdOrUUID,
-  isOutdated,
-  parseAggregateResult,
-  getInstanceFollowsSort,
-  buildDirectionAndField,
-  createSafeIn,
-  searchAttribute,
-  parseRowCountResult
-}
-
-// ---------------------------------------------------------------------------
-
-function searchTrigramNormalizeValue (value: string) {
-  return Sequelize.fn('lower', Sequelize.fn('immutable_unaccent', value))
-}
-
-function searchTrigramNormalizeCol (col: string) {
-  return Sequelize.fn('lower', Sequelize.fn('immutable_unaccent', Sequelize.col(col)))
-}
diff --git a/server/models/video/sql/comment/video-comment-list-query-builder.ts b/server/models/video/sql/comment/video-comment-list-query-builder.ts
new file mode 100644
index 000000000..3960f6b13
--- /dev/null
+++ b/server/models/video/sql/comment/video-comment-list-query-builder.ts
@@ -0,0 +1,385 @@
+import { Model, Sequelize, Transaction } from 'sequelize'
+import { AbstractRunQuery, ModelBuilder } from '@server/models/shared'
+import { ActorImageType, VideoPrivacy } from '@shared/models'
+import { createSafeIn, getCommentSort, parseRowCountResult } from '../../../shared'
+import { VideoCommentTableAttributes } from './video-comment-table-attributes'
+
+export interface ListVideoCommentsOptions {
+  selectType: 'api' | 'feed' | 'comment-only'
+
+  start?: number
+  count?: number
+  sort?: string
+
+  videoId?: number
+  threadId?: number
+  accountId?: number
+  videoChannelId?: number
+
+  blockerAccountIds?: number[]
+
+  isThread?: boolean
+  notDeleted?: boolean
+  isLocal?: boolean
+  onLocalVideo?: boolean
+  onPublicVideo?: boolean
+  videoAccountOwnerId?: boolean
+
+  search?: string
+  searchAccount?: string
+  searchVideo?: string
+
+  includeReplyCounters?: boolean
+
+  transaction?: Transaction
+}
+
+export class VideoCommentListQueryBuilder extends AbstractRunQuery {
+  private readonly tableAttributes = new VideoCommentTableAttributes()
+
+  private innerQuery: string
+
+  private select = ''
+  private joins = ''
+
+  private innerSelect = ''
+  private innerJoins = ''
+  private innerWhere = ''
+
+  private readonly built = {
+    cte: false,
+    accountJoin: false,
+    videoJoin: false,
+    videoChannelJoin: false,
+    avatarJoin: false
+  }
+
+  constructor (
+    protected readonly sequelize: Sequelize,
+    private readonly options: ListVideoCommentsOptions
+  ) {
+    super(sequelize)
+  }
+
+  async listComments <T extends Model> () {
+    this.buildListQuery()
+
+    const results = await this.runQuery({ nest: true, transaction: this.options.transaction })
+    const modelBuilder = new ModelBuilder<T>(this.sequelize)
+
+    return modelBuilder.createModels(results, 'VideoComment')
+  }
+
+  async countComments () {
+    this.buildCountQuery()
+
+    const result = await this.runQuery({ transaction: this.options.transaction })
+
+    return parseRowCountResult(result)
+  }
+
+  // ---------------------------------------------------------------------------
+
+  private buildListQuery () {
+    this.buildInnerListQuery()
+    this.buildListSelect()
+
+    this.query = `${this.select} ` +
+      `FROM (${this.innerQuery}) AS "VideoCommentModel" ` +
+      `${this.joins} ` +
+      `${this.getOrder()}`
+  }
+
+  private buildInnerListQuery () {
+    this.buildWhere()
+    this.buildInnerListSelect()
+
+    this.innerQuery = `${this.innerSelect} ` +
+      `FROM "videoComment" AS "VideoCommentModel" ` +
+      `${this.innerJoins} ` +
+      `${this.innerWhere} ` +
+      `${this.getOrder()} ` +
+      `${this.getInnerLimit()}`
+  }
+
+  // ---------------------------------------------------------------------------
+
+  private buildCountQuery () {
+    this.buildWhere()
+
+    this.query = `SELECT COUNT(*) AS "total" ` +
+      `FROM "videoComment" AS "VideoCommentModel" ` +
+      `${this.innerJoins} ` +
+      `${this.innerWhere}`
+  }
+
+  // ---------------------------------------------------------------------------
+
+  private buildWhere () {
+    let where: string[] = []
+
+    if (this.options.videoId) {
+      this.replacements.videoId = this.options.videoId
+
+      where.push('"VideoCommentModel"."videoId" = :videoId')
+    }
+
+    if (this.options.threadId) {
+      this.replacements.threadId = this.options.threadId
+
+      where.push('("VideoCommentModel"."id" = :threadId OR "VideoCommentModel"."originCommentId" = :threadId)')
+    }
+
+    if (this.options.accountId) {
+      this.replacements.accountId = this.options.accountId
+
+      where.push('"VideoCommentModel"."accountId" = :accountId')
+    }
+
+    if (this.options.videoChannelId) {
+      this.buildVideoChannelJoin()
+
+      this.replacements.videoChannelId = this.options.videoChannelId
+
+      where.push('"Account->VideoChannel"."id" = :videoChannelId')
+    }
+
+    if (this.options.blockerAccountIds) {
+      this.buildVideoChannelJoin()
+
+      where = where.concat(this.getBlockWhere('VideoCommentModel', 'Video->VideoChannel'))
+    }
+
+    if (this.options.isThread === true) {
+      where.push('"VideoCommentModel"."inReplyToCommentId" IS NULL')
+    }
+
+    if (this.options.notDeleted === true) {
+      where.push('"VideoCommentModel"."deletedAt" IS NULL')
+    }
+
+    if (this.options.isLocal === true) {
+      this.buildAccountJoin()
+
+      where.push('"Account->Actor"."serverId" IS NULL')
+    } else if (this.options.isLocal === false) {
+      this.buildAccountJoin()
+
+      where.push('"Account->Actor"."serverId" IS NOT NULL')
+    }
+
+    if (this.options.onLocalVideo === true) {
+      this.buildVideoJoin()
+
+      where.push('"Video"."remote" IS FALSE')
+    } else if (this.options.onLocalVideo === false) {
+      this.buildVideoJoin()
+
+      where.push('"Video"."remote" IS TRUE')
+    }
+
+    if (this.options.onPublicVideo === true) {
+      this.buildVideoJoin()
+
+      where.push(`"Video"."privacy" = ${VideoPrivacy.PUBLIC}`)
+    }
+
+    if (this.options.videoAccountOwnerId) {
+      this.buildVideoChannelJoin()
+
+      this.replacements.videoAccountOwnerId = this.options.videoAccountOwnerId
+
+      where.push(`"Video->VideoChannel"."accountId" = :videoAccountOwnerId`)
+    }
+
+    if (this.options.search) {
+      this.buildVideoJoin()
+      this.buildAccountJoin()
+
+      const escapedLikeSearch = this.sequelize.escape('%' + this.options.search + '%')
+
+      where.push(
+        `(` +
+          `"VideoCommentModel"."text" ILIKE ${escapedLikeSearch} OR ` +
+          `"Account->Actor"."preferredUsername" ILIKE ${escapedLikeSearch} OR ` +
+          `"Account"."name" ILIKE ${escapedLikeSearch} OR ` +
+          `"Video"."name" ILIKE ${escapedLikeSearch} ` +
+        `)`
+      )
+    }
+
+    if (this.options.searchAccount) {
+      this.buildAccountJoin()
+
+      const escapedLikeSearch = this.sequelize.escape('%' + this.options.searchAccount + '%')
+
+      where.push(
+        `(` +
+          `"Account->Actor"."preferredUsername" ILIKE ${escapedLikeSearch} OR ` +
+          `"Account"."name" ILIKE ${escapedLikeSearch} ` +
+        `)`
+      )
+    }
+
+    if (this.options.searchVideo) {
+      this.buildVideoJoin()
+
+      const escapedLikeSearch = this.sequelize.escape('%' + this.options.searchVideo + '%')
+
+      where.push(`"Video"."name" ILIKE ${escapedLikeSearch}`)
+    }
+
+    if (where.length !== 0) {
+      this.innerWhere = `WHERE ${where.join(' AND ')}`
+    }
+  }
+
+  private buildAccountJoin () {
+    if (this.built.accountJoin) return
+
+    this.innerJoins += ' LEFT JOIN "account" "Account" ON "Account"."id" = "VideoCommentModel"."accountId" ' +
+      'LEFT JOIN "actor" "Account->Actor" ON "Account->Actor"."id" = "Account"."actorId" ' +
+      'LEFT JOIN "server" "Account->Actor->Server" ON "Account->Actor"."serverId" = "Account->Actor->Server"."id" '
+
+    this.built.accountJoin = true
+  }
+
+  private buildVideoJoin () {
+    if (this.built.videoJoin) return
+
+    this.innerJoins += ' LEFT JOIN "video" "Video" ON "Video"."id" = "VideoCommentModel"."videoId" '
+
+    this.built.videoJoin = true
+  }
+
+  private buildVideoChannelJoin () {
+    if (this.built.videoChannelJoin) return
+
+    this.buildVideoJoin()
+
+    this.innerJoins += ' LEFT JOIN "videoChannel" "Video->VideoChannel" ON "Video"."channelId" = "Video->VideoChannel"."id" '
+
+    this.built.videoChannelJoin = true
+  }
+
+  private buildAvatarsJoin () {
+    if (this.options.selectType !== 'api' && this.options.selectType !== 'feed') return ''
+    if (this.built.avatarJoin) return
+
+    this.joins += `LEFT JOIN "actorImage" "Account->Actor->Avatars" ` +
+      `ON "VideoCommentModel"."Account.Actor.id" = "Account->Actor->Avatars"."actorId" ` +
+        `AND "Account->Actor->Avatars"."type" = ${ActorImageType.AVATAR}`
+
+    this.built.avatarJoin = true
+  }
+
+  // ---------------------------------------------------------------------------
+
+  private buildListSelect () {
+    const toSelect = [ '"VideoCommentModel".*' ]
+
+    if (this.options.selectType === 'api' || this.options.selectType === 'feed') {
+      this.buildAvatarsJoin()
+
+      toSelect.push(this.tableAttributes.getAvatarAttributes())
+    }
+
+    if (this.options.includeReplyCounters === true) {
+      toSelect.push(this.getTotalRepliesSelect())
+      toSelect.push(this.getAuthorTotalRepliesSelect())
+    }
+
+    this.select = this.buildSelect(toSelect)
+  }
+
+  private buildInnerListSelect () {
+    let toSelect = [ this.tableAttributes.getVideoCommentAttributes() ]
+
+    if (this.options.selectType === 'api' || this.options.selectType === 'feed') {
+      this.buildAccountJoin()
+      this.buildVideoJoin()
+
+      toSelect = toSelect.concat([
+        this.tableAttributes.getVideoAttributes(),
+        this.tableAttributes.getAccountAttributes(),
+        this.tableAttributes.getActorAttributes(),
+        this.tableAttributes.getServerAttributes()
+      ])
+    }
+
+    this.innerSelect = this.buildSelect(toSelect)
+  }
+
+  // ---------------------------------------------------------------------------
+
+  private getBlockWhere (commentTableName: string, channelTableName: string) {
+    const where: string[] = []
+
+    const blockerIdsString = createSafeIn(
+      this.sequelize,
+      this.options.blockerAccountIds,
+      [ `"${channelTableName}"."accountId"` ]
+    )
+
+    where.push(
+      `NOT EXISTS (` +
+        `SELECT 1 FROM "accountBlocklist" ` +
+        `WHERE "targetAccountId" = "${commentTableName}"."accountId" ` +
+        `AND "accountId" IN (${blockerIdsString})` +
+      `)`
+    )
+
+    where.push(
+      `NOT EXISTS (` +
+        `SELECT 1 FROM "account" ` +
+        `INNER JOIN "actor" ON account."actorId" = actor.id ` +
+        `INNER JOIN "serverBlocklist" ON "actor"."serverId" = "serverBlocklist"."targetServerId" ` +
+        `WHERE "account"."id" = "${commentTableName}"."accountId" ` +
+        `AND "serverBlocklist"."accountId" IN (${blockerIdsString})` +
+      `)`
+    )
+
+    return where
+  }
+
+  // ---------------------------------------------------------------------------
+
+  private getTotalRepliesSelect () {
+    const blockWhereString = this.getBlockWhere('replies', 'videoChannel').join(' AND ')
+
+    return `(` +
+      `SELECT COUNT("replies"."id") FROM "videoComment" AS "replies" ` +
+      `LEFT JOIN "video" ON "video"."id" = "replies"."videoId" ` +
+      `LEFT JOIN "videoChannel" ON "video"."channelId" = "videoChannel"."id" ` +
+      `WHERE "replies"."originCommentId" = "VideoCommentModel"."id" ` +
+        `AND "deletedAt" IS NULL ` +
+        `AND ${blockWhereString} ` +
+    `) AS "totalReplies"`
+  }
+
+  private getAuthorTotalRepliesSelect () {
+    return `(` +
+      `SELECT COUNT("replies"."id") FROM "videoComment" AS "replies" ` +
+      `INNER JOIN "video" ON "video"."id" = "replies"."videoId" ` +
+      `INNER JOIN "videoChannel" ON "videoChannel"."id" = "video"."channelId" ` +
+      `WHERE "replies"."originCommentId" = "VideoCommentModel"."id" AND "replies"."accountId" = "videoChannel"."accountId"` +
+    `) AS "totalRepliesFromVideoAuthor"`
+  }
+
+  private getOrder () {
+    if (!this.options.sort) return ''
+
+    const orders = getCommentSort(this.options.sort)
+
+    return 'ORDER BY ' + orders.map(o => `"${o[0]}" ${o[1]}`).join(', ')
+  }
+
+  private getInnerLimit () {
+    if (!this.options.count) return ''
+
+    this.replacements.limit = this.options.count
+    this.replacements.offset = this.options.start || 0
+
+    return `LIMIT :limit OFFSET :offset `
+  }
+}
diff --git a/server/models/video/sql/comment/video-comment-table-attributes.ts b/server/models/video/sql/comment/video-comment-table-attributes.ts
new file mode 100644
index 000000000..87f8750c1
--- /dev/null
+++ b/server/models/video/sql/comment/video-comment-table-attributes.ts
@@ -0,0 +1,43 @@
+import { Memoize } from '@server/helpers/memoize'
+import { AccountModel } from '@server/models/account/account'
+import { ActorModel } from '@server/models/actor/actor'
+import { ActorImageModel } from '@server/models/actor/actor-image'
+import { ServerModel } from '@server/models/server/server'
+import { VideoCommentModel } from '../../video-comment'
+
+export class VideoCommentTableAttributes {
+
+  @Memoize()
+  getVideoCommentAttributes () {
+    return VideoCommentModel.getSQLAttributes('VideoCommentModel').join(', ')
+  }
+
+  @Memoize()
+  getAccountAttributes () {
+    return AccountModel.getSQLAttributes('Account', 'Account.').join(', ')
+  }
+
+  @Memoize()
+  getVideoAttributes () {
+    return [
+      `"Video"."id" AS "Video.id"`,
+      `"Video"."uuid" AS "Video.uuid"`,
+      `"Video"."name" AS "Video.name"`
+    ].join(', ')
+  }
+
+  @Memoize()
+  getActorAttributes () {
+    return ActorModel.getSQLAPIAttributes('Account->Actor', `Account.Actor.`).join(', ')
+  }
+
+  @Memoize()
+  getServerAttributes () {
+    return ServerModel.getSQLAttributes('Account->Actor->Server', `Account.Actor.Server.`).join(', ')
+  }
+
+  @Memoize()
+  getAvatarAttributes () {
+    return ActorImageModel.getSQLAttributes('Account->Actor->Avatars', 'Account.Actor.Avatars.').join(', ')
+  }
+}
diff --git a/server/models/video/sql/video/shared/abstract-video-query-builder.ts b/server/models/video/sql/video/shared/abstract-video-query-builder.ts
index f0ce69501..cbd57ad8c 100644
--- a/server/models/video/sql/video/shared/abstract-video-query-builder.ts
+++ b/server/models/video/sql/video/shared/abstract-video-query-builder.ts
@@ -1,9 +1,9 @@
 import { Sequelize } from 'sequelize'
 import validator from 'validator'
-import { createSafeIn } from '@server/models/utils'
 import { MUserAccountId } from '@server/types/models'
 import { ActorImageType } from '@shared/models'
 import { AbstractRunQuery } from '../../../../shared/abstract-run-query'
+import { createSafeIn } from '../../../../shared'
 import { VideoTableAttributes } from './video-table-attributes'
 
 /**
diff --git a/server/models/video/sql/video/videos-id-list-query-builder.ts b/server/models/video/sql/video/videos-id-list-query-builder.ts
index 7c864bf27..62f1855c7 100644
--- a/server/models/video/sql/video/videos-id-list-query-builder.ts
+++ b/server/models/video/sql/video/videos-id-list-query-builder.ts
@@ -2,11 +2,12 @@ import { Sequelize, Transaction } from 'sequelize'
 import validator from 'validator'
 import { exists } from '@server/helpers/custom-validators/misc'
 import { WEBSERVER } from '@server/initializers/constants'
-import { buildDirectionAndField, createSafeIn, parseRowCountResult } from '@server/models/utils'
+import { buildSortDirectionAndField } from '@server/models/shared'
 import { MUserAccountId, MUserId } from '@server/types/models'
+import { forceNumber } from '@shared/core-utils'
 import { VideoInclude, VideoPrivacy, VideoState } from '@shared/models'
+import { createSafeIn, parseRowCountResult } from '../../../shared'
 import { AbstractRunQuery } from '../../../shared/abstract-run-query'
-import { forceNumber } from '@shared/core-utils'
 
 /**
  *
@@ -665,7 +666,7 @@ export class VideosIdListQueryBuilder extends AbstractRunQuery {
   }
 
   private buildOrder (value: string) {
-    const { direction, field } = buildDirectionAndField(value)
+    const { direction, field } = buildSortDirectionAndField(value)
     if (field.match(/^[a-zA-Z."]+$/) === null) throw new Error('Invalid sort column ' + field)
 
     if (field.toLowerCase() === 'random') return 'ORDER BY RANDOM()'
diff --git a/server/models/video/tag.ts b/server/models/video/tag.ts
index 653b9694b..cebde3755 100644
--- a/server/models/video/tag.ts
+++ b/server/models/video/tag.ts
@@ -4,7 +4,7 @@ import { MTag } from '@server/types/models'
 import { AttributesOnly } from '@shared/typescript-utils'
 import { VideoPrivacy, VideoState } from '../../../shared/models/videos'
 import { isVideoTagValid } from '../../helpers/custom-validators/videos'
-import { throwIfNotValid } from '../utils'
+import { throwIfNotValid } from '../shared'
 import { VideoModel } from './video'
 import { VideoTagModel } from './video-tag'
 
diff --git a/server/models/video/video-blacklist.ts b/server/models/video/video-blacklist.ts
index 1cd8224c0..9247d0e2b 100644
--- a/server/models/video/video-blacklist.ts
+++ b/server/models/video/video-blacklist.ts
@@ -5,7 +5,7 @@ import { AttributesOnly } from '@shared/typescript-utils'
 import { VideoBlacklist, VideoBlacklistType } from '../../../shared/models/videos'
 import { isVideoBlacklistReasonValid, isVideoBlacklistTypeValid } from '../../helpers/custom-validators/video-blacklist'
 import { CONSTRAINTS_FIELDS } from '../../initializers/constants'
-import { getBlacklistSort, searchAttribute, SortType, throwIfNotValid } from '../utils'
+import { getBlacklistSort, searchAttribute, throwIfNotValid } from '../shared'
 import { ThumbnailModel } from './thumbnail'
 import { VideoModel } from './video'
 import { ScopeNames as VideoChannelScopeNames, SummaryOptions, VideoChannelModel } from './video-channel'
@@ -57,7 +57,7 @@ export class VideoBlacklistModel extends Model<Partial<AttributesOnly<VideoBlack
   static listForApi (parameters: {
     start: number
     count: number
-    sort: SortType
+    sort: string
     search?: string
     type?: VideoBlacklistType
   }) {
@@ -67,7 +67,7 @@ export class VideoBlacklistModel extends Model<Partial<AttributesOnly<VideoBlack
       return {
         offset: start,
         limit: count,
-        order: getBlacklistSort(sort.sortModel, sort.sortValue)
+        order: getBlacklistSort(sort)
       }
     }
 
diff --git a/server/models/video/video-caption.ts b/server/models/video/video-caption.ts
index 5fbcd6e3b..2eaa77407 100644
--- a/server/models/video/video-caption.ts
+++ b/server/models/video/video-caption.ts
@@ -23,7 +23,7 @@ import { isVideoCaptionLanguageValid } from '../../helpers/custom-validators/vid
 import { logger } from '../../helpers/logger'
 import { CONFIG } from '../../initializers/config'
 import { CONSTRAINTS_FIELDS, LAZY_STATIC_PATHS, VIDEO_LANGUAGES, WEBSERVER } from '../../initializers/constants'
-import { buildWhereIdOrUUID, throwIfNotValid } from '../utils'
+import { buildWhereIdOrUUID, throwIfNotValid } from '../shared'
 import { VideoModel } from './video'
 
 export enum ScopeNames {
diff --git a/server/models/video/video-change-ownership.ts b/server/models/video/video-change-ownership.ts
index 1a1b8c88d..2db4b523a 100644
--- a/server/models/video/video-change-ownership.ts
+++ b/server/models/video/video-change-ownership.ts
@@ -3,7 +3,7 @@ import { MVideoChangeOwnershipFormattable, MVideoChangeOwnershipFull } from '@se
 import { AttributesOnly } from '@shared/typescript-utils'
 import { VideoChangeOwnership, VideoChangeOwnershipStatus } from '../../../shared/models/videos'
 import { AccountModel } from '../account/account'
-import { getSort } from '../utils'
+import { getSort } from '../shared'
 import { ScopeNames as VideoScopeNames, VideoModel } from './video'
 
 enum ScopeNames {
diff --git a/server/models/video/video-channel-sync.ts b/server/models/video/video-channel-sync.ts
index 6e49cde10..a4cbf51f5 100644
--- a/server/models/video/video-channel-sync.ts
+++ b/server/models/video/video-channel-sync.ts
@@ -21,7 +21,7 @@ import { VideoChannelSync, VideoChannelSyncState } from '@shared/models'
 import { AttributesOnly } from '@shared/typescript-utils'
 import { AccountModel } from '../account/account'
 import { UserModel } from '../user/user'
-import { getChannelSyncSort, throwIfNotValid } from '../utils'
+import { getChannelSyncSort, throwIfNotValid } from '../shared'
 import { VideoChannelModel } from './video-channel'
 
 @DefaultScope(() => ({
diff --git a/server/models/video/video-channel.ts b/server/models/video/video-channel.ts
index 132c8f021..b71f5a197 100644
--- a/server/models/video/video-channel.ts
+++ b/server/models/video/video-channel.ts
@@ -43,8 +43,14 @@ import { ActorModel, unusedActorAttributesForAPI } from '../actor/actor'
 import { ActorFollowModel } from '../actor/actor-follow'
 import { ActorImageModel } from '../actor/actor-image'
 import { ServerModel } from '../server/server'
-import { setAsUpdated } from '../shared'
-import { buildServerIdsFollowedBy, buildTrigramSearchIndex, createSimilarityAttribute, getSort, throwIfNotValid } from '../utils'
+import {
+  buildServerIdsFollowedBy,
+  buildTrigramSearchIndex,
+  createSimilarityAttribute,
+  getSort,
+  setAsUpdated,
+  throwIfNotValid
+} from '../shared'
 import { VideoModel } from './video'
 import { VideoPlaylistModel } from './video-playlist'
 
@@ -831,6 +837,6 @@ export class VideoChannelModel extends Model<Partial<AttributesOnly<VideoChannel
   }
 
   setAsUpdated (transaction?: Transaction) {
-    return setAsUpdated('videoChannel', this.id, transaction)
+    return setAsUpdated({ sequelize: this.sequelize, table: 'videoChannel', id: this.id, transaction })
   }
 }
diff --git a/server/models/video/video-comment.ts b/server/models/video/video-comment.ts
index af9614d30..ff5142809 100644
--- a/server/models/video/video-comment.ts
+++ b/server/models/video/video-comment.ts
@@ -1,4 +1,4 @@
-import { FindOptions, Op, Order, QueryTypes, ScopeOptions, Sequelize, Transaction, WhereOptions } from 'sequelize'
+import { FindOptions, Op, Order, QueryTypes, Sequelize, Transaction } from 'sequelize'
 import {
   AllowNull,
   BelongsTo,
@@ -13,11 +13,9 @@ import {
   Table,
   UpdatedAt
 } from 'sequelize-typescript'
-import { exists } from '@server/helpers/custom-validators/misc'
 import { getServerActor } from '@server/models/application/application'
 import { MAccount, MAccountId, MUserAccountId } from '@server/types/models'
-import { uniqify } from '@shared/core-utils'
-import { VideoPrivacy } from '@shared/models'
+import { pick, uniqify } from '@shared/core-utils'
 import { AttributesOnly } from '@shared/typescript-utils'
 import { ActivityTagObject, ActivityTombstoneObject } from '../../../shared/models/activitypub/objects/common-objects'
 import { VideoCommentObject } from '../../../shared/models/activitypub/objects/video-comment-object'
@@ -41,61 +39,19 @@ import {
 } from '../../types/models/video'
 import { VideoCommentAbuseModel } from '../abuse/video-comment-abuse'
 import { AccountModel } from '../account/account'
-import { ActorModel, unusedActorAttributesForAPI } from '../actor/actor'
-import {
-  buildBlockedAccountSQL,
-  buildBlockedAccountSQLOptimized,
-  buildLocalAccountIdsIn,
-  getCommentSort,
-  searchAttribute,
-  throwIfNotValid
-} from '../utils'
+import { ActorModel } from '../actor/actor'
+import { buildLocalAccountIdsIn, buildSQLAttributes, throwIfNotValid } from '../shared'
+import { ListVideoCommentsOptions, VideoCommentListQueryBuilder } from './sql/comment/video-comment-list-query-builder'
 import { VideoModel } from './video'
 import { VideoChannelModel } from './video-channel'
 
 export enum ScopeNames {
   WITH_ACCOUNT = 'WITH_ACCOUNT',
-  WITH_ACCOUNT_FOR_API = 'WITH_ACCOUNT_FOR_API',
   WITH_IN_REPLY_TO = 'WITH_IN_REPLY_TO',
-  WITH_VIDEO = 'WITH_VIDEO',
-  ATTRIBUTES_FOR_API = 'ATTRIBUTES_FOR_API'
+  WITH_VIDEO = 'WITH_VIDEO'
 }
 
 @Scopes(() => ({
-  [ScopeNames.ATTRIBUTES_FOR_API]: (blockerAccountIds: number[]) => {
-    return {
-      attributes: {
-        include: [
-          [
-            Sequelize.literal(
-              '(' +
-                'WITH "blocklist" AS (' + buildBlockedAccountSQL(blockerAccountIds) + ')' +
-                'SELECT COUNT("replies"."id") ' +
-                'FROM "videoComment" AS "replies" ' +
-                'WHERE "replies"."originCommentId" = "VideoCommentModel"."id" ' +
-                'AND "deletedAt" IS NULL ' +
-                'AND "accountId" NOT IN (SELECT "id" FROM "blocklist")' +
-              ')'
-            ),
-            'totalReplies'
-          ],
-          [
-            Sequelize.literal(
-              '(' +
-                'SELECT COUNT("replies"."id") ' +
-                'FROM "videoComment" AS "replies" ' +
-                'INNER JOIN "video" ON "video"."id" = "replies"."videoId" ' +
-                'INNER JOIN "videoChannel" ON "videoChannel"."id" = "video"."channelId" ' +
-                'WHERE "replies"."originCommentId" = "VideoCommentModel"."id" ' +
-                'AND "replies"."accountId" = "videoChannel"."accountId"' +
-              ')'
-            ),
-            'totalRepliesFromVideoAuthor'
-          ]
-        ]
-      }
-    } as FindOptions
-  },
   [ScopeNames.WITH_ACCOUNT]: {
     include: [
       {
@@ -103,22 +59,6 @@ export enum ScopeNames {
       }
     ]
   },
-  [ScopeNames.WITH_ACCOUNT_FOR_API]: {
-    include: [
-      {
-        model: AccountModel.unscoped(),
-        include: [
-          {
-            attributes: {
-              exclude: unusedActorAttributesForAPI
-            },
-            model: ActorModel, // Default scope includes avatar and server
-            required: true
-          }
-        ]
-      }
-    ]
-  },
   [ScopeNames.WITH_IN_REPLY_TO]: {
     include: [
       {
@@ -252,6 +192,18 @@ export class VideoCommentModel extends Model<Partial<AttributesOnly<VideoComment
   })
   CommentAbuses: VideoCommentAbuseModel[]
 
+  // ---------------------------------------------------------------------------
+
+  static getSQLAttributes (tableName: string, aliasPrefix = '') {
+    return buildSQLAttributes({
+      model: this,
+      tableName,
+      aliasPrefix
+    })
+  }
+
+  // ---------------------------------------------------------------------------
+
   static loadById (id: number, t?: Transaction): Promise<MComment> {
     const query: FindOptions = {
       where: {
@@ -319,93 +271,19 @@ export class VideoCommentModel extends Model<Partial<AttributesOnly<VideoComment
     searchAccount?: string
     searchVideo?: string
   }) {
-    const { start, count, sort, isLocal, search, searchAccount, searchVideo, onLocalVideo } = parameters
+    const queryOptions: ListVideoCommentsOptions = {
+      ...pick(parameters, [ 'start', 'count', 'sort', 'isLocal', 'search', 'searchVideo', 'searchAccount', 'onLocalVideo' ]),
 
-    const where: WhereOptions = {
-      deletedAt: null
-    }
-
-    const whereAccount: WhereOptions = {}
-    const whereActor: WhereOptions = {}
-    const whereVideo: WhereOptions = {}
-
-    if (isLocal === true) {
-      Object.assign(whereActor, {
-        serverId: null
-      })
-    } else if (isLocal === false) {
-      Object.assign(whereActor, {
-        serverId: {
-          [Op.ne]: null
-        }
-      })
-    }
-
-    if (search) {
-      Object.assign(where, {
-        [Op.or]: [
-          searchAttribute(search, 'text'),
-          searchAttribute(search, '$Account.Actor.preferredUsername$'),
-          searchAttribute(search, '$Account.name$'),
-          searchAttribute(search, '$Video.name$')
-        ]
-      })
-    }
-
-    if (searchAccount) {
-      Object.assign(whereActor, {
-        [Op.or]: [
-          searchAttribute(searchAccount, '$Account.Actor.preferredUsername$'),
-          searchAttribute(searchAccount, '$Account.name$')
-        ]
-      })
-    }
-
-    if (searchVideo) {
-      Object.assign(whereVideo, searchAttribute(searchVideo, 'name'))
-    }
-
-    if (exists(onLocalVideo)) {
-      Object.assign(whereVideo, { remote: !onLocalVideo })
-    }
-
-    const getQuery = (forCount: boolean) => {
-      return {
-        offset: start,
-        limit: count,
-        order: getCommentSort(sort),
-        where,
-        include: [
-          {
-            model: AccountModel.unscoped(),
-            required: true,
-            where: whereAccount,
-            include: [
-              {
-                attributes: {
-                  exclude: unusedActorAttributesForAPI
-                },
-                model: forCount === true
-                  ? ActorModel.unscoped() // Default scope includes avatar and server
-                  : ActorModel,
-                required: true,
-                where: whereActor
-              }
-            ]
-          },
-          {
-            model: VideoModel.unscoped(),
-            required: true,
-            where: whereVideo
-          }
-        ]
-      }
+      selectType: 'api',
+      notDeleted: true
     }
 
     return Promise.all([
-      VideoCommentModel.count(getQuery(true)),
-      VideoCommentModel.findAll(getQuery(false))
-    ]).then(([ total, data ]) => ({ total, data }))
+      new VideoCommentListQueryBuilder(VideoCommentModel.sequelize, queryOptions).listComments<MCommentAdminFormattable>(),
+      new VideoCommentListQueryBuilder(VideoCommentModel.sequelize, queryOptions).countComments()
+    ]).then(([ rows, count ]) => {
+      return { total: count, data: rows }
+    })
   }
 
   static async listThreadsForApi (parameters: {
@@ -416,67 +294,40 @@ export class VideoCommentModel extends Model<Partial<AttributesOnly<VideoComment
     sort: string
     user?: MUserAccountId
   }) {
-    const { videoId, isVideoOwned, start, count, sort, user } = parameters
+    const { videoId, user } = parameters
 
-    const blockerAccountIds = await VideoCommentModel.buildBlockerAccountIds({ videoId, user, isVideoOwned })
+    const blockerAccountIds = await VideoCommentModel.buildBlockerAccountIds({ user })
 
-    const accountBlockedWhere = {
-      accountId: {
-        [Op.notIn]: Sequelize.literal(
-          '(' + buildBlockedAccountSQL(blockerAccountIds) + ')'
-        )
-      }
+    const commonOptions: ListVideoCommentsOptions = {
+      selectType: 'api',
+      videoId,
+      blockerAccountIds
     }
 
-    const queryList = {
-      offset: start,
-      limit: count,
-      order: getCommentSort(sort),
-      where: {
-        [Op.and]: [
-          {
-            videoId
-          },
-          {
-            inReplyToCommentId: null
-          },
-          {
-            [Op.or]: [
-              accountBlockedWhere,
-              {
-                accountId: null
-              }
-            ]
-          }
-        ]
-      }
+    const listOptions: ListVideoCommentsOptions = {
+      ...commonOptions,
+      ...pick(parameters, [ 'sort', 'start', 'count' ]),
+
+      isThread: true,
+      includeReplyCounters: true
     }
 
-    const findScopesList: (string | ScopeOptions)[] = [
-      ScopeNames.WITH_ACCOUNT_FOR_API,
-      {
-        method: [ ScopeNames.ATTRIBUTES_FOR_API, blockerAccountIds ]
-      }
-    ]
+    const countOptions: ListVideoCommentsOptions = {
+      ...commonOptions,
 
-    const countScopesList: ScopeOptions[] = [
-      {
-        method: [ ScopeNames.ATTRIBUTES_FOR_API, blockerAccountIds ]
-      }
-    ]
+      isThread: true
+    }
 
-    const notDeletedQueryCount = {
-      where: {
-        videoId,
-        deletedAt: null,
-        ...accountBlockedWhere
-      }
+    const notDeletedCountOptions: ListVideoCommentsOptions = {
+      ...commonOptions,
+
+      notDeleted: true
     }
 
     return Promise.all([
-      VideoCommentModel.scope(findScopesList).findAll(queryList),
-      VideoCommentModel.scope(countScopesList).count(queryList),
-      VideoCommentModel.count(notDeletedQueryCount)
+      new VideoCommentListQueryBuilder(VideoCommentModel.sequelize, listOptions).listComments<MCommentAdminFormattable>(),
+      new VideoCommentListQueryBuilder(VideoCommentModel.sequelize, countOptions).countComments(),
+      new VideoCommentListQueryBuilder(VideoCommentModel.sequelize, notDeletedCountOptions).countComments()
     ]).then(([ rows, count, totalNotDeletedComments ]) => {
       return { total: count, data: rows, totalNotDeletedComments }
     })
@@ -484,54 +335,29 @@ export class VideoCommentModel extends Model<Partial<AttributesOnly<VideoComment
 
   static async listThreadCommentsForApi (parameters: {
     videoId: number
-    isVideoOwned: boolean
     threadId: number
     user?: MUserAccountId
   }) {
-    const { videoId, threadId, user, isVideoOwned } = parameters
+    const { user } = parameters
 
-    const blockerAccountIds = await VideoCommentModel.buildBlockerAccountIds({ videoId, user, isVideoOwned })
+    const blockerAccountIds = await VideoCommentModel.buildBlockerAccountIds({ user })
 
-    const query = {
-      order: [ [ 'createdAt', 'ASC' ], [ 'updatedAt', 'ASC' ] ] as Order,
-      where: {
-        videoId,
-        [Op.and]: [
-          {
-            [Op.or]: [
-              { id: threadId },
-              { originCommentId: threadId }
-            ]
-          },
-          {
-            [Op.or]: [
-              {
-                accountId: {
-                  [Op.notIn]: Sequelize.literal(
-                    '(' + buildBlockedAccountSQL(blockerAccountIds) + ')'
-                  )
-                }
-              },
-              {
-                accountId: null
-              }
-            ]
-          }
-        ]
-      }
-    }
+    const queryOptions: ListVideoCommentsOptions = {
+      ...pick(parameters, [ 'videoId', 'threadId' ]),
 
-    const scopes: any[] = [
-      ScopeNames.WITH_ACCOUNT_FOR_API,
-      {
-        method: [ ScopeNames.ATTRIBUTES_FOR_API, blockerAccountIds ]
-      }
-    ]
+      selectType: 'api',
+      sort: 'createdAt',
+
+      blockerAccountIds,
+      includeReplyCounters: true
+    }
 
     return Promise.all([
-      VideoCommentModel.count(query),
-      VideoCommentModel.scope(scopes).findAll(query)
-    ]).then(([ total, data ]) => ({ total, data }))
+      new VideoCommentListQueryBuilder(VideoCommentModel.sequelize, queryOptions).listComments<MCommentAdminFormattable>(),
+      new VideoCommentListQueryBuilder(VideoCommentModel.sequelize, queryOptions).countComments()
+    ]).then(([ rows, count ]) => {
+      return { total: count, data: rows }
+    })
   }
 
   static listThreadParentComments (comment: MCommentId, t: Transaction, order: 'ASC' | 'DESC' = 'ASC'): Promise<MCommentOwner[]> {
@@ -559,31 +385,31 @@ export class VideoCommentModel extends Model<Partial<AttributesOnly<VideoComment
       .findAll(query)
   }
 
-  static async listAndCountByVideoForAP (video: MVideoImmutable, start: number, count: number, t?: Transaction) {
-    const blockerAccountIds = await VideoCommentModel.buildBlockerAccountIds({
+  static async listAndCountByVideoForAP (parameters: {
+    video: MVideoImmutable
+    start: number
+    count: number
+  }) {
+    const { video } = parameters
+
+    const blockerAccountIds = await VideoCommentModel.buildBlockerAccountIds({ user: null })
+
+    const queryOptions: ListVideoCommentsOptions = {
+      ...pick(parameters, [ 'start', 'count' ]),
+
+      selectType: 'comment-only',
       videoId: video.id,
-      isVideoOwned: video.isOwned()
-    })
+      sort: 'createdAt',
 
-    const query = {
-      order: [ [ 'createdAt', 'ASC' ] ] as Order,
-      offset: start,
-      limit: count,
-      where: {
-        videoId: video.id,
-        accountId: {
-          [Op.notIn]: Sequelize.literal(
-            '(' + buildBlockedAccountSQL(blockerAccountIds) + ')'
-          )
-        }
-      },
-      transaction: t
+      blockerAccountIds
     }
 
     return Promise.all([
-      VideoCommentModel.count(query),
-      VideoCommentModel.findAll<MComment>(query)
-    ]).then(([ total, data ]) => ({ total, data }))
+      new VideoCommentListQueryBuilder(VideoCommentModel.sequelize, queryOptions).listComments<MComment>(),
+      new VideoCommentListQueryBuilder(VideoCommentModel.sequelize, queryOptions).countComments()
+    ]).then(([ rows, count ]) => {
+      return { total: count, data: rows }
+    })
   }
 
   static async listForFeed (parameters: {
@@ -592,97 +418,36 @@ export class VideoCommentModel extends Model<Partial<AttributesOnly<VideoComment
     videoId?: number
     accountId?: number
     videoChannelId?: number
-  }): Promise<MCommentOwnerVideoFeed[]> {
-    const serverActor = await getServerActor()
-    const { start, count, videoId, accountId, videoChannelId } = parameters
-
-    const whereAnd: WhereOptions[] = buildBlockedAccountSQLOptimized(
-      '"VideoCommentModel"."accountId"',
-      [ serverActor.Account.id, '"Video->VideoChannel"."accountId"' ]
-    )
+  }) {
+    const blockerAccountIds = await VideoCommentModel.buildBlockerAccountIds({ user: null })
 
-    if (accountId) {
-      whereAnd.push({
-        accountId
-      })
-    }
+    const queryOptions: ListVideoCommentsOptions = {
+      ...pick(parameters, [ 'start', 'count', 'accountId', 'videoId', 'videoChannelId' ]),
 
-    const accountWhere = {
-      [Op.and]: whereAnd
-    }
+      selectType: 'feed',
 
-    const videoChannelWhere = videoChannelId ? { id: videoChannelId } : undefined
+      sort: '-createdAt',
+      onPublicVideo: true,
+      notDeleted: true,
 
-    const query = {
-      order: [ [ 'createdAt', 'DESC' ] ] as Order,
-      offset: start,
-      limit: count,
-      where: {
-        deletedAt: null,
-        accountId: accountWhere
-      },
-      include: [
-        {
-          attributes: [ 'name', 'uuid' ],
-          model: VideoModel.unscoped(),
-          required: true,
-          where: {
-            privacy: VideoPrivacy.PUBLIC
-          },
-          include: [
-            {
-              attributes: [ 'accountId' ],
-              model: VideoChannelModel.unscoped(),
-              required: true,
-              where: videoChannelWhere
-            }
-          ]
-        }
-      ]
+      blockerAccountIds
     }
 
-    if (videoId) query.where['videoId'] = videoId
-
-    return VideoCommentModel
-      .scope([ ScopeNames.WITH_ACCOUNT ])
-      .findAll(query)
+    return new VideoCommentListQueryBuilder(VideoCommentModel.sequelize, queryOptions).listComments<MCommentOwnerVideoFeed>()
   }
 
   static listForBulkDelete (ofAccount: MAccount, filter: { onVideosOfAccount?: MAccountId } = {}) {
-    const accountWhere = filter.onVideosOfAccount
-      ? { id: filter.onVideosOfAccount.id }
-      : {}
+    const queryOptions: ListVideoCommentsOptions = {
+      selectType: 'comment-only',
 
-    const query = {
-      limit: 1000,
-      where: {
-        deletedAt: null,
-        accountId: ofAccount.id
-      },
-      include: [
-        {
-          model: VideoModel,
-          required: true,
-          include: [
-            {
-              model: VideoChannelModel,
-              required: true,
-              include: [
-                {
-                  model: AccountModel,
-                  required: true,
-                  where: accountWhere
-                }
-              ]
-            }
-          ]
-        }
-      ]
+      accountId: ofAccount.id,
+      videoAccountOwnerId: filter.onVideosOfAccount?.id,
+
+      notDeleted: true,
+      count: 5000
     }
 
-    return VideoCommentModel
-      .scope([ ScopeNames.WITH_ACCOUNT ])
-      .findAll(query)
+    return new VideoCommentListQueryBuilder(VideoCommentModel.sequelize, queryOptions).listComments<MComment>()
   }
 
   static async getStats () {
@@ -750,9 +515,7 @@ export class VideoCommentModel extends Model<Partial<AttributesOnly<VideoComment
   }
 
   isOwned () {
-    if (!this.Account) {
-      return false
-    }
+    if (!this.Account) return false
 
     return this.Account.isOwned()
   }
@@ -906,22 +669,15 @@ export class VideoCommentModel extends Model<Partial<AttributesOnly<VideoComment
   }
 
   private static async buildBlockerAccountIds (options: {
-    videoId: number
-    isVideoOwned: boolean
-    user?: MUserAccountId
-  }) {
-    const { videoId, user, isVideoOwned } = options
+    user: MUserAccountId
+  }): Promise<number[]> {
+    const { user } = options
 
     const serverActor = await getServerActor()
     const blockerAccountIds = [ serverActor.Account.id ]
 
     if (user) blockerAccountIds.push(user.Account.id)
 
-    if (isVideoOwned) {
-      const videoOwnerAccount = await AccountModel.loadAccountIdFromVideo(videoId)
-      if (videoOwnerAccount) blockerAccountIds.push(videoOwnerAccount.id)
-    }
-
     return blockerAccountIds
   }
 }
diff --git a/server/models/video/video-file.ts b/server/models/video/video-file.ts
index 9c4e6d078..07bc13de1 100644
--- a/server/models/video/video-file.ts
+++ b/server/models/video/video-file.ts
@@ -21,6 +21,7 @@ import {
 import validator from 'validator'
 import { logger } from '@server/helpers/logger'
 import { extractVideo } from '@server/helpers/video'
+import { CONFIG } from '@server/initializers/config'
 import { buildRemoteVideoBaseUrl } from '@server/lib/activitypub/url'
 import {
   getHLSPrivateFileUrl,
@@ -50,11 +51,9 @@ import {
 } from '../../initializers/constants'
 import { MVideoFile, MVideoFileStreamingPlaylistVideo, MVideoFileVideo } from '../../types/models/video/video-file'
 import { VideoRedundancyModel } from '../redundancy/video-redundancy'
-import { doesExist } from '../shared'
-import { parseAggregateResult, throwIfNotValid } from '../utils'
+import { doesExist, parseAggregateResult, throwIfNotValid } from '../shared'
 import { VideoModel } from './video'
 import { VideoStreamingPlaylistModel } from './video-streaming-playlist'
-import { CONFIG } from '@server/initializers/config'
 
 export enum ScopeNames {
   WITH_VIDEO = 'WITH_VIDEO',
@@ -266,7 +265,7 @@ export class VideoFileModel extends Model<Partial<AttributesOnly<VideoFileModel>
   static doesInfohashExist (infoHash: string) {
     const query = 'SELECT 1 FROM "videoFile" WHERE "infoHash" = $infoHash LIMIT 1'
 
-    return doesExist(query, { infoHash })
+    return doesExist(this.sequelize, query, { infoHash })
   }
 
   static async doesVideoExistForVideoFile (id: number, videoIdOrUUID: number | string) {
@@ -282,14 +281,14 @@ export class VideoFileModel extends Model<Partial<AttributesOnly<VideoFileModel>
                   'LEFT JOIN "video" "hlsVideo" ON "hlsVideo"."id" = "videoStreamingPlaylist"."videoId" AND "hlsVideo"."remote" IS FALSE ' +
                   'WHERE "torrentFilename" = $filename AND ("hlsVideo"."id" IS NOT NULL OR "webtorrent"."id" IS NOT NULL) LIMIT 1'
 
-    return doesExist(query, { filename })
+    return doesExist(this.sequelize, query, { filename })
   }
 
   static async doesOwnedWebTorrentVideoFileExist (filename: string) {
     const query = 'SELECT 1 FROM "videoFile" INNER JOIN "video" ON "video"."id" = "videoFile"."videoId" AND "video"."remote" IS FALSE ' +
                   `WHERE "filename" = $filename AND "storage" = ${VideoStorage.FILE_SYSTEM} LIMIT 1`
 
-    return doesExist(query, { filename })
+    return doesExist(this.sequelize, query, { filename })
   }
 
   static loadByFilename (filename: string) {
@@ -439,7 +438,7 @@ export class VideoFileModel extends Model<Partial<AttributesOnly<VideoFileModel>
     if (!element) return videoFile.save({ transaction })
 
     for (const k of Object.keys(videoFile.toJSON())) {
-      element[k] = videoFile[k]
+      element.set(k, videoFile[k])
     }
 
     return element.save({ transaction })
diff --git a/server/models/video/video-import.ts b/server/models/video/video-import.ts
index da6b92c7a..c040e0fda 100644
--- a/server/models/video/video-import.ts
+++ b/server/models/video/video-import.ts
@@ -22,7 +22,7 @@ import { isVideoImportStateValid, isVideoImportTargetUrlValid } from '../../help
 import { isVideoMagnetUriValid } from '../../helpers/custom-validators/videos'
 import { CONSTRAINTS_FIELDS, VIDEO_IMPORT_STATES } from '../../initializers/constants'
 import { UserModel } from '../user/user'
-import { getSort, searchAttribute, throwIfNotValid } from '../utils'
+import { getSort, searchAttribute, throwIfNotValid } from '../shared'
 import { ScopeNames as VideoModelScopeNames, VideoModel } from './video'
 import { VideoChannelSyncModel } from './video-channel-sync'
 
diff --git a/server/models/video/video-playlist-element.ts b/server/models/video/video-playlist-element.ts
index 7181b5599..48f4ed5a9 100644
--- a/server/models/video/video-playlist-element.ts
+++ b/server/models/video/video-playlist-element.ts
@@ -31,7 +31,7 @@ import { VideoPlaylistElement, VideoPlaylistElementType } from '../../../shared/
 import { isActivityPubUrlValid } from '../../helpers/custom-validators/activitypub/misc'
 import { CONSTRAINTS_FIELDS } from '../../initializers/constants'
 import { AccountModel } from '../account/account'
-import { getSort, throwIfNotValid } from '../utils'
+import { getSort, throwIfNotValid } from '../shared'
 import { ForAPIOptions, ScopeNames as VideoScopeNames, VideoModel } from './video'
 import { VideoPlaylistModel } from './video-playlist'
 
diff --git a/server/models/video/video-playlist.ts b/server/models/video/video-playlist.ts
index 8bbe54c49..faf4bea78 100644
--- a/server/models/video/video-playlist.ts
+++ b/server/models/video/video-playlist.ts
@@ -21,12 +21,8 @@ import { activityPubCollectionPagination } from '@server/lib/activitypub/collect
 import { MAccountId, MChannelId } from '@server/types/models'
 import { buildPlaylistEmbedPath, buildPlaylistWatchPath, pick } from '@shared/core-utils'
 import { buildUUID, uuidToShort } from '@shared/extra-utils'
+import { ActivityIconObject, PlaylistObject, VideoPlaylist, VideoPlaylistPrivacy, VideoPlaylistType } from '@shared/models'
 import { AttributesOnly } from '@shared/typescript-utils'
-import { ActivityIconObject } from '../../../shared/models/activitypub/objects'
-import { PlaylistObject } from '../../../shared/models/activitypub/objects/playlist-object'
-import { VideoPlaylistPrivacy } from '../../../shared/models/videos/playlist/video-playlist-privacy.model'
-import { VideoPlaylistType } from '../../../shared/models/videos/playlist/video-playlist-type.model'
-import { VideoPlaylist } from '../../../shared/models/videos/playlist/video-playlist.model'
 import { isActivityPubUrlValid } from '../../helpers/custom-validators/activitypub/misc'
 import {
   isVideoPlaylistDescriptionValid,
@@ -53,7 +49,6 @@ import {
 } from '../../types/models/video/video-playlist'
 import { AccountModel, ScopeNames as AccountScopeNames, SummaryOptions } from '../account/account'
 import { ActorModel } from '../actor/actor'
-import { setAsUpdated } from '../shared'
 import {
   buildServerIdsFollowedBy,
   buildTrigramSearchIndex,
@@ -61,8 +56,9 @@ import {
   createSimilarityAttribute,
   getPlaylistSort,
   isOutdated,
+  setAsUpdated,
   throwIfNotValid
-} from '../utils'
+} from '../shared'
 import { ThumbnailModel } from './thumbnail'
 import { ScopeNames as VideoChannelScopeNames, VideoChannelModel } from './video-channel'
 import { VideoPlaylistElementModel } from './video-playlist-element'
@@ -641,7 +637,7 @@ export class VideoPlaylistModel extends Model<Partial<AttributesOnly<VideoPlayli
   }
 
   setAsRefreshed () {
-    return setAsUpdated('videoPlaylist', this.id)
+    return setAsUpdated({ sequelize: this.sequelize, table: 'videoPlaylist', id: this.id })
   }
 
   setVideosLength (videosLength: number) {
diff --git a/server/models/video/video-share.ts b/server/models/video/video-share.ts
index f2190037e..b4de2b20f 100644
--- a/server/models/video/video-share.ts
+++ b/server/models/video/video-share.ts
@@ -7,7 +7,7 @@ import { CONSTRAINTS_FIELDS } from '../../initializers/constants'
 import { MActorDefault, MActorFollowersUrl, MActorId } from '../../types/models'
 import { MVideoShareActor, MVideoShareFull } from '../../types/models/video'
 import { ActorModel } from '../actor/actor'
-import { buildLocalActorIdsIn, throwIfNotValid } from '../utils'
+import { buildLocalActorIdsIn, throwIfNotValid } from '../shared'
 import { VideoModel } from './video'
 
 enum ScopeNames {
diff --git a/server/models/video/video-streaming-playlist.ts b/server/models/video/video-streaming-playlist.ts
index 0386edf28..a85c79c9f 100644
--- a/server/models/video/video-streaming-playlist.ts
+++ b/server/models/video/video-streaming-playlist.ts
@@ -37,8 +37,7 @@ import {
   WEBSERVER
 } from '../../initializers/constants'
 import { VideoRedundancyModel } from '../redundancy/video-redundancy'
-import { doesExist } from '../shared'
-import { throwIfNotValid } from '../utils'
+import { doesExist, throwIfNotValid } from '../shared'
 import { VideoModel } from './video'
 
 @Table({
@@ -138,7 +137,7 @@ export class VideoStreamingPlaylistModel extends Model<Partial<AttributesOnly<Vi
   static doesInfohashExist (infoHash: string) {
     const query = 'SELECT 1 FROM "videoStreamingPlaylist" WHERE $infoHash = ANY("p2pMediaLoaderInfohashes") LIMIT 1'
 
-    return doesExist(query, { infoHash })
+    return doesExist(this.sequelize, query, { infoHash })
   }
 
   static buildP2PMediaLoaderInfoHashes (playlistUrl: string, files: unknown[]) {
@@ -237,7 +236,7 @@ export class VideoStreamingPlaylistModel extends Model<Partial<AttributesOnly<Vi
       `AND "video"."remote" IS FALSE AND "video"."uuid" = $videoUUID ` +
       `AND "storage" = ${VideoStorage.FILE_SYSTEM} LIMIT 1`
 
-    return doesExist(query, { videoUUID })
+    return doesExist(this.sequelize, query, { videoUUID })
   }
 
   assignP2PMediaLoaderInfoHashes (video: MVideo, files: unknown[]) {
diff --git a/server/models/video/video.ts b/server/models/video/video.ts
index 56cc45cfe..1a10d2da2 100644
--- a/server/models/video/video.ts
+++ b/server/models/video/video.ts
@@ -32,7 +32,7 @@ import { getHLSDirectory, getHLSRedundancyDirectory, getHlsResolutionPlaylistFil
 import { VideoPathManager } from '@server/lib/video-path-manager'
 import { isVideoInPrivateDirectory } from '@server/lib/video-privacy'
 import { getServerActor } from '@server/models/application/application'
-import { ModelCache } from '@server/models/model-cache'
+import { ModelCache } from '@server/models/shared/model-cache'
 import { buildVideoEmbedPath, buildVideoWatchPath, pick } from '@shared/core-utils'
 import { ffprobePromise, getAudioStream, hasAudioStream, uuidToShort } from '@shared/extra-utils'
 import {
@@ -103,10 +103,9 @@ import { VideoRedundancyModel } from '../redundancy/video-redundancy'
 import { ServerModel } from '../server/server'
 import { TrackerModel } from '../server/tracker'
 import { VideoTrackerModel } from '../server/video-tracker'
-import { setAsUpdated } from '../shared'
+import { buildTrigramSearchIndex, buildWhereIdOrUUID, getVideoSort, isOutdated, setAsUpdated, throwIfNotValid } from '../shared'
 import { UserModel } from '../user/user'
 import { UserVideoHistoryModel } from '../user/user-video-history'
-import { buildTrigramSearchIndex, buildWhereIdOrUUID, getVideoSort, isOutdated, throwIfNotValid } from '../utils'
 import { VideoViewModel } from '../view/video-view'
 import {
   videoFilesModelToFormattedJSON,
@@ -1871,7 +1870,7 @@ export class VideoModel extends Model<Partial<AttributesOnly<VideoModel>>> {
   }
 
   setAsRefreshed (transaction?: Transaction) {
-    return setAsUpdated('video', this.id, transaction)
+    return setAsUpdated({ sequelize: this.sequelize, table: 'video', id: this.id, transaction })
   }
 
   // ---------------------------------------------------------------------------
diff --git a/server/tests/api/activitypub/cleaner.ts b/server/tests/api/activitypub/cleaner.ts
index eb6779123..1c1495022 100644
--- a/server/tests/api/activitypub/cleaner.ts
+++ b/server/tests/api/activitypub/cleaner.ts
@@ -148,7 +148,7 @@ describe('Test AP cleaner', function () {
   it('Should destroy server 3 internal shares and correctly clean them', async function () {
     this.timeout(20000)
 
-    const preCount = await servers[0].sql.getCount('videoShare')
+    const preCount = await servers[0].sql.getVideoShareCount()
     expect(preCount).to.equal(6)
 
     await servers[2].sql.deleteAll('videoShare')
@@ -156,7 +156,7 @@ describe('Test AP cleaner', function () {
     await waitJobs(servers)
 
     // Still 6 because we don't have remote shares on local videos
-    const postCount = await servers[0].sql.getCount('videoShare')
+    const postCount = await servers[0].sql.getVideoShareCount()
     expect(postCount).to.equal(6)
   })
 
@@ -185,7 +185,7 @@ describe('Test AP cleaner', function () {
     async function check (like: string, ofServerUrl: string, urlSuffix: string, remote: 'true' | 'false') {
       const query = `SELECT "videoId", "accountVideoRate".url FROM "accountVideoRate" ` +
         `INNER JOIN video ON "accountVideoRate"."videoId" = video.id AND remote IS ${remote} WHERE "accountVideoRate"."url" LIKE '${like}'`
-      const res = await servers[0].sql.selectQuery(query)
+      const res = await servers[0].sql.selectQuery<{ url: string }>(query)
 
       for (const rate of res) {
         const matcher = new RegExp(`^${ofServerUrl}/accounts/root/dislikes/\\d+${urlSuffix}$`)
@@ -231,7 +231,7 @@ describe('Test AP cleaner', function () {
       const query = `SELECT "videoId", "videoComment".url, uuid as "videoUUID" FROM "videoComment" ` +
         `INNER JOIN video ON "videoComment"."videoId" = video.id AND remote IS ${remote} WHERE "videoComment"."url" LIKE '${like}'`
 
-      const res = await servers[0].sql.selectQuery(query)
+      const res = await servers[0].sql.selectQuery<{ url: string, videoUUID: string }>(query)
 
       for (const comment of res) {
         const matcher = new RegExp(`${ofServerUrl}/videos/watch/${comment.videoUUID}/comments/\\d+${urlSuffix}`)
diff --git a/server/tests/api/check-params/redundancy.ts b/server/tests/api/check-params/redundancy.ts
index 908407b9a..73dfd489d 100644
--- a/server/tests/api/check-params/redundancy.ts
+++ b/server/tests/api/check-params/redundancy.ts
@@ -24,7 +24,7 @@ describe('Test server redundancy API validators', function () {
   // ---------------------------------------------------------------
 
   before(async function () {
-    this.timeout(80000)
+    this.timeout(160000)
 
     servers = await createMultipleServers(2)
 
diff --git a/server/tests/api/live/live-fast-restream.ts b/server/tests/api/live/live-fast-restream.ts
index c0bb8d529..f6959b83c 100644
--- a/server/tests/api/live/live-fast-restream.ts
+++ b/server/tests/api/live/live-fast-restream.ts
@@ -78,9 +78,15 @@ describe('Fast restream in live', function () {
       const video = await server.videos.get({ id: liveId })
       expect(video.streamingPlaylists).to.have.lengthOf(1)
 
-      await server.live.getSegmentFile({ videoUUID: liveId, segment: 0, playlistNumber: 0 })
-      await makeRawRequest({ url: video.streamingPlaylists[0].playlistUrl, expectedStatus: HttpStatusCode.OK_200 })
-      await makeRawRequest({ url: video.streamingPlaylists[0].segmentsSha256Url, expectedStatus: HttpStatusCode.OK_200 })
+      try {
+        await server.live.getSegmentFile({ videoUUID: liveId, segment: 0, playlistNumber: 0 })
+        await makeRawRequest({ url: video.streamingPlaylists[0].playlistUrl, expectedStatus: HttpStatusCode.OK_200 })
+        await makeRawRequest({ url: video.streamingPlaylists[0].segmentsSha256Url, expectedStatus: HttpStatusCode.OK_200 })
+      } catch (err) {
+        // FIXME: try to debug error in CI "Unexpected end of JSON input"
+        console.error(err)
+        throw err
+      }
 
       await wait(100)
     }
@@ -129,7 +135,7 @@ describe('Fast restream in live', function () {
     await server.config.enableLive({ allowReplay: true, transcoding: true, resolutions: 'min' })
   })
 
-  it('Should correctly fast reastream in a permanent live with and without save replay', async function () {
+  it('Should correctly fast restream in a permanent live with and without save replay', async function () {
     this.timeout(480000)
 
     // A test can take a long time, so prefer to run them in parallel
diff --git a/server/tests/api/notifications/moderation-notifications.ts b/server/tests/api/notifications/moderation-notifications.ts
index b127a7a31..c7b9b5fb0 100644
--- a/server/tests/api/notifications/moderation-notifications.ts
+++ b/server/tests/api/notifications/moderation-notifications.ts
@@ -34,7 +34,7 @@ describe('Test moderation notifications', function () {
   let emails: object[] = []
 
   before(async function () {
-    this.timeout(120000)
+    this.timeout(50000)
 
     const res = await prepareNotificationsTest(3)
     emails = res.emails
@@ -60,7 +60,7 @@ describe('Test moderation notifications', function () {
     })
 
     it('Should not send a notification to moderators on local abuse reported by an admin', async function () {
-      this.timeout(20000)
+      this.timeout(50000)
 
       const name = 'video for abuse ' + buildUUID()
       const video = await servers[0].videos.upload({ token: userToken1, attributes: { name } })
@@ -72,7 +72,7 @@ describe('Test moderation notifications', function () {
     })
 
     it('Should send a notification to moderators on local video abuse', async function () {
-      this.timeout(20000)
+      this.timeout(50000)
 
       const name = 'video for abuse ' + buildUUID()
       const video = await servers[0].videos.upload({ token: userToken1, attributes: { name } })
@@ -84,7 +84,7 @@ describe('Test moderation notifications', function () {
     })
 
     it('Should send a notification to moderators on remote video abuse', async function () {
-      this.timeout(20000)
+      this.timeout(50000)
 
       const name = 'video for abuse ' + buildUUID()
       const video = await servers[0].videos.upload({ token: userToken1, attributes: { name } })
@@ -99,7 +99,7 @@ describe('Test moderation notifications', function () {
     })
 
     it('Should send a notification to moderators on local comment abuse', async function () {
-      this.timeout(20000)
+      this.timeout(50000)
 
       const name = 'video for abuse ' + buildUUID()
       const video = await servers[0].videos.upload({ token: userToken1, attributes: { name } })
@@ -118,7 +118,7 @@ describe('Test moderation notifications', function () {
     })
 
     it('Should send a notification to moderators on remote comment abuse', async function () {
-      this.timeout(20000)
+      this.timeout(50000)
 
       const name = 'video for abuse ' + buildUUID()
       const video = await servers[0].videos.upload({ token: userToken1, attributes: { name } })
@@ -140,7 +140,7 @@ describe('Test moderation notifications', function () {
     })
 
     it('Should send a notification to moderators on local account abuse', async function () {
-      this.timeout(20000)
+      this.timeout(50000)
 
       const username = 'user' + new Date().getTime()
       const { account } = await servers[0].users.create({ username, password: 'donald' })
@@ -153,7 +153,7 @@ describe('Test moderation notifications', function () {
     })
 
     it('Should send a notification to moderators on remote account abuse', async function () {
-      this.timeout(20000)
+      this.timeout(50000)
 
       const username = 'user' + new Date().getTime()
       const tmpToken = await servers[0].users.generateUserAndToken(username)
@@ -512,10 +512,14 @@ describe('Test moderation notifications', function () {
     })
 
     it('Should not send video publish notification if auto-blacklisted', async function () {
+      this.timeout(120000)
+
       await checkVideoIsPublished({ ...userBaseParams, videoName, shortUUID, checkType: 'absence' })
     })
 
     it('Should not send a local user subscription notification if auto-blacklisted', async function () {
+      this.timeout(120000)
+
       await checkNewVideoFromSubscription({ ...adminBaseParamsServer1, videoName, shortUUID, checkType: 'absence' })
     })
 
@@ -524,7 +528,7 @@ describe('Test moderation notifications', function () {
     })
 
     it('Should send video published and unblacklist after video unblacklisted', async function () {
-      this.timeout(40000)
+      this.timeout(120000)
 
       await servers[0].blacklist.remove({ videoId: uuid })
 
@@ -537,10 +541,14 @@ describe('Test moderation notifications', function () {
     })
 
     it('Should send a local user subscription notification after removed from blacklist', async function () {
+      this.timeout(120000)
+
       await checkNewVideoFromSubscription({ ...adminBaseParamsServer1, videoName, shortUUID, checkType: 'presence' })
     })
 
     it('Should send a remote user subscription notification after removed from blacklist', async function () {
+      this.timeout(120000)
+
       await checkNewVideoFromSubscription({ ...adminBaseParamsServer2, videoName, shortUUID, checkType: 'presence' })
     })
 
@@ -576,7 +584,7 @@ describe('Test moderation notifications', function () {
     })
 
     it('Should not send publish/subscription notifications after scheduled update if video still auto-blacklisted', async function () {
-      this.timeout(40000)
+      this.timeout(120000)
 
       // In 2 seconds
       const updateAt = new Date(new Date().getTime() + 2000)
diff --git a/server/tests/api/object-storage/video-static-file-privacy.ts b/server/tests/api/object-storage/video-static-file-privacy.ts
index 71ad35a43..869d437d5 100644
--- a/server/tests/api/object-storage/video-static-file-privacy.ts
+++ b/server/tests/api/object-storage/video-static-file-privacy.ts
@@ -120,7 +120,7 @@ describe('Object storage for video static file privacy', function () {
     // ---------------------------------------------------------------------------
 
     it('Should upload a private video and have appropriate object storage ACL', async function () {
-      this.timeout(60000)
+      this.timeout(120000)
 
       {
         const { uuid } = await server.videos.quickUpload({ name: 'video', privacy: VideoPrivacy.PRIVATE })
@@ -138,7 +138,7 @@ describe('Object storage for video static file privacy', function () {
     })
 
     it('Should upload a public video and have appropriate object storage ACL', async function () {
-      this.timeout(60000)
+      this.timeout(120000)
 
       const { uuid } = await server.videos.quickUpload({ name: 'video', privacy: VideoPrivacy.UNLISTED })
       await waitJobs([ server ])
diff --git a/server/tests/api/users/index.ts b/server/tests/api/users/index.ts
index 643f1a531..0313845ef 100644
--- a/server/tests/api/users/index.ts
+++ b/server/tests/api/users/index.ts
@@ -1,3 +1,4 @@
+import './oauth'
 import './two-factor'
 import './user-subscriptions'
 import './user-videos'
diff --git a/server/tests/api/users/oauth.ts b/server/tests/api/users/oauth.ts
new file mode 100644
index 000000000..6a3da5ea2
--- /dev/null
+++ b/server/tests/api/users/oauth.ts
@@ -0,0 +1,192 @@
+/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
+
+import { expect } from 'chai'
+import { wait } from '@shared/core-utils'
+import { HttpStatusCode, OAuth2ErrorCode, PeerTubeProblemDocument } from '@shared/models'
+import { cleanupTests, createSingleServer, killallServers, PeerTubeServer, setAccessTokensToServers } from '@shared/server-commands'
+
+describe('Test oauth', function () {
+  let server: PeerTubeServer
+
+  before(async function () {
+    this.timeout(30000)
+
+    server = await createSingleServer(1, {
+      rates_limit: {
+        login: {
+          max: 30
+        }
+      }
+    })
+
+    await setAccessTokensToServers([ server ])
+  })
+
+  describe('OAuth client', function () {
+
+    function expectInvalidClient (body: PeerTubeProblemDocument) {
+      expect(body.code).to.equal(OAuth2ErrorCode.INVALID_CLIENT)
+      expect(body.error).to.contain('client is invalid')
+      expect(body.type.startsWith('https://')).to.be.true
+      expect(body.type).to.contain(OAuth2ErrorCode.INVALID_CLIENT)
+    }
+
+    it('Should create a new client')
+
+    it('Should return the first client')
+
+    it('Should remove the last client')
+
+    it('Should not login with an invalid client id', async function () {
+      const client = { id: 'client', secret: server.store.client.secret }
+      const body = await server.login.login({ client, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+
+      expectInvalidClient(body)
+    })
+
+    it('Should not login with an invalid client secret', async function () {
+      const client = { id: server.store.client.id, secret: 'coucou' }
+      const body = await server.login.login({ client, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+
+      expectInvalidClient(body)
+    })
+  })
+
+  describe('Login', function () {
+
+    function expectInvalidCredentials (body: PeerTubeProblemDocument) {
+      expect(body.code).to.equal(OAuth2ErrorCode.INVALID_GRANT)
+      expect(body.error).to.contain('credentials are invalid')
+      expect(body.type.startsWith('https://')).to.be.true
+      expect(body.type).to.contain(OAuth2ErrorCode.INVALID_GRANT)
+    }
+
+    it('Should not login with an invalid username', async function () {
+      const user = { username: 'captain crochet', password: server.store.user.password }
+      const body = await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+
+      expectInvalidCredentials(body)
+    })
+
+    it('Should not login with an invalid password', async function () {
+      const user = { username: server.store.user.username, password: 'mew_three' }
+      const body = await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+
+      expectInvalidCredentials(body)
+    })
+
+    it('Should be able to login', async function () {
+      await server.login.login({ expectedStatus: HttpStatusCode.OK_200 })
+    })
+
+    it('Should be able to login with an insensitive username', async function () {
+      const user = { username: 'RoOt', password: server.store.user.password }
+      await server.login.login({ user, expectedStatus: HttpStatusCode.OK_200 })
+
+      const user2 = { username: 'rOoT', password: server.store.user.password }
+      await server.login.login({ user: user2, expectedStatus: HttpStatusCode.OK_200 })
+
+      const user3 = { username: 'ROOt', password: server.store.user.password }
+      await server.login.login({ user: user3, expectedStatus: HttpStatusCode.OK_200 })
+    })
+  })
+
+  describe('Logout', function () {
+
+    it('Should logout (revoke token)', async function () {
+      await server.login.logout({ token: server.accessToken })
+    })
+
+    it('Should not be able to get the user information', async function () {
+      await server.users.getMyInfo({ expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
+    })
+
+    it('Should not be able to upload a video', async function () {
+      await server.videos.upload({ attributes: { name: 'video' }, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
+    })
+
+    it('Should be able to login again', async function () {
+      const body = await server.login.login()
+      server.accessToken = body.access_token
+      server.refreshToken = body.refresh_token
+    })
+
+    it('Should be able to get my user information again', async function () {
+      await server.users.getMyInfo()
+    })
+
+    it('Should have an expired access token', async function () {
+      this.timeout(60000)
+
+      await server.sql.setTokenField(server.accessToken, 'accessTokenExpiresAt', new Date().toISOString())
+      await server.sql.setTokenField(server.accessToken, 'refreshTokenExpiresAt', new Date().toISOString())
+
+      await killallServers([ server ])
+      await server.run()
+
+      await server.users.getMyInfo({ expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
+    })
+
+    it('Should not be able to refresh an access token with an expired refresh token', async function () {
+      await server.login.refreshToken({ refreshToken: server.refreshToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+    })
+
+    it('Should refresh the token', async function () {
+      this.timeout(50000)
+
+      const futureDate = new Date(new Date().getTime() + 1000 * 60).toISOString()
+      await server.sql.setTokenField(server.accessToken, 'refreshTokenExpiresAt', futureDate)
+
+      await killallServers([ server ])
+      await server.run()
+
+      const res = await server.login.refreshToken({ refreshToken: server.refreshToken })
+      server.accessToken = res.body.access_token
+      server.refreshToken = res.body.refresh_token
+    })
+
+    it('Should be able to get my user information again', async function () {
+      await server.users.getMyInfo()
+    })
+  })
+
+  describe('Custom token lifetime', function () {
+    before(async function () {
+      this.timeout(120_000)
+
+      await server.kill()
+      await server.run({
+        oauth2: {
+          token_lifetime: {
+            access_token: '2 seconds',
+            refresh_token: '2 seconds'
+          }
+        }
+      })
+    })
+
+    it('Should have a very short access token lifetime', async function () {
+      this.timeout(50000)
+
+      const { access_token: accessToken } = await server.login.login()
+      await server.users.getMyInfo({ token: accessToken })
+
+      await wait(3000)
+      await server.users.getMyInfo({ token: accessToken, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
+    })
+
+    it('Should have a very short refresh token lifetime', async function () {
+      this.timeout(50000)
+
+      const { refresh_token: refreshToken } = await server.login.login()
+      await server.login.refreshToken({ refreshToken })
+
+      await wait(3000)
+      await server.login.refreshToken({ refreshToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
+    })
+  })
+
+  after(async function () {
+    await cleanupTests([ server ])
+  })
+})
diff --git a/server/tests/api/users/users.ts b/server/tests/api/users/users.ts
index 421b3ce16..93e2e489a 100644
--- a/server/tests/api/users/users.ts
+++ b/server/tests/api/users/users.ts
@@ -2,15 +2,8 @@
 
 import { expect } from 'chai'
 import { testImage } from '@server/tests/shared'
-import { AbuseState, HttpStatusCode, OAuth2ErrorCode, UserAdminFlag, UserRole, VideoPlaylistType } from '@shared/models'
-import {
-  cleanupTests,
-  createSingleServer,
-  killallServers,
-  makePutBodyRequest,
-  PeerTubeServer,
-  setAccessTokensToServers
-} from '@shared/server-commands'
+import { AbuseState, HttpStatusCode, UserAdminFlag, UserRole, VideoPlaylistType } from '@shared/models'
+import { cleanupTests, createSingleServer, PeerTubeServer, setAccessTokensToServers } from '@shared/server-commands'
 
 describe('Test users', function () {
   let server: PeerTubeServer
@@ -39,166 +32,6 @@ describe('Test users', function () {
     await server.plugins.install({ npmName: 'peertube-theme-background-red' })
   })
 
-  describe('OAuth client', function () {
-    it('Should create a new client')
-
-    it('Should return the first client')
-
-    it('Should remove the last client')
-
-    it('Should not login with an invalid client id', async function () {
-      const client = { id: 'client', secret: server.store.client.secret }
-      const body = await server.login.login({ client, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
-
-      expect(body.code).to.equal(OAuth2ErrorCode.INVALID_CLIENT)
-      expect(body.error).to.contain('client is invalid')
-      expect(body.type.startsWith('https://')).to.be.true
-      expect(body.type).to.contain(OAuth2ErrorCode.INVALID_CLIENT)
-    })
-
-    it('Should not login with an invalid client secret', async function () {
-      const client = { id: server.store.client.id, secret: 'coucou' }
-      const body = await server.login.login({ client, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
-
-      expect(body.code).to.equal(OAuth2ErrorCode.INVALID_CLIENT)
-      expect(body.error).to.contain('client is invalid')
-      expect(body.type.startsWith('https://')).to.be.true
-      expect(body.type).to.contain(OAuth2ErrorCode.INVALID_CLIENT)
-    })
-  })
-
-  describe('Login', function () {
-
-    it('Should not login with an invalid username', async function () {
-      const user = { username: 'captain crochet', password: server.store.user.password }
-      const body = await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
-
-      expect(body.code).to.equal(OAuth2ErrorCode.INVALID_GRANT)
-      expect(body.error).to.contain('credentials are invalid')
-      expect(body.type.startsWith('https://')).to.be.true
-      expect(body.type).to.contain(OAuth2ErrorCode.INVALID_GRANT)
-    })
-
-    it('Should not login with an invalid password', async function () {
-      const user = { username: server.store.user.username, password: 'mew_three' }
-      const body = await server.login.login({ user, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
-
-      expect(body.code).to.equal(OAuth2ErrorCode.INVALID_GRANT)
-      expect(body.error).to.contain('credentials are invalid')
-      expect(body.type.startsWith('https://')).to.be.true
-      expect(body.type).to.contain(OAuth2ErrorCode.INVALID_GRANT)
-    })
-
-    it('Should not be able to upload a video', async function () {
-      token = 'my_super_token'
-
-      await server.videos.upload({ token, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
-    })
-
-    it('Should not be able to follow', async function () {
-      token = 'my_super_token'
-
-      await server.follows.follow({
-        hosts: [ 'http://example.com' ],
-        token,
-        expectedStatus: HttpStatusCode.UNAUTHORIZED_401
-      })
-    })
-
-    it('Should not be able to unfollow')
-
-    it('Should be able to login', async function () {
-      const body = await server.login.login({ expectedStatus: HttpStatusCode.OK_200 })
-
-      token = body.access_token
-    })
-
-    it('Should be able to login with an insensitive username', async function () {
-      const user = { username: 'RoOt', password: server.store.user.password }
-      await server.login.login({ user, expectedStatus: HttpStatusCode.OK_200 })
-
-      const user2 = { username: 'rOoT', password: server.store.user.password }
-      await server.login.login({ user: user2, expectedStatus: HttpStatusCode.OK_200 })
-
-      const user3 = { username: 'ROOt', password: server.store.user.password }
-      await server.login.login({ user: user3, expectedStatus: HttpStatusCode.OK_200 })
-    })
-  })
-
-  describe('Logout', function () {
-    it('Should logout (revoke token)', async function () {
-      await server.login.logout({ token: server.accessToken })
-    })
-
-    it('Should not be able to get the user information', async function () {
-      await server.users.getMyInfo({ expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
-    })
-
-    it('Should not be able to upload a video', async function () {
-      await server.videos.upload({ attributes: { name: 'video' }, expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
-    })
-
-    it('Should not be able to rate a video', async function () {
-      const path = '/api/v1/videos/'
-      const data = {
-        rating: 'likes'
-      }
-
-      const options = {
-        url: server.url,
-        path: path + videoId,
-        token: 'wrong token',
-        fields: data,
-        expectedStatus: HttpStatusCode.UNAUTHORIZED_401
-      }
-      await makePutBodyRequest(options)
-    })
-
-    it('Should be able to login again', async function () {
-      const body = await server.login.login()
-      server.accessToken = body.access_token
-      server.refreshToken = body.refresh_token
-    })
-
-    it('Should be able to get my user information again', async function () {
-      await server.users.getMyInfo()
-    })
-
-    it('Should have an expired access token', async function () {
-      this.timeout(60000)
-
-      await server.sql.setTokenField(server.accessToken, 'accessTokenExpiresAt', new Date().toISOString())
-      await server.sql.setTokenField(server.accessToken, 'refreshTokenExpiresAt', new Date().toISOString())
-
-      await killallServers([ server ])
-      await server.run()
-
-      await server.users.getMyInfo({ expectedStatus: HttpStatusCode.UNAUTHORIZED_401 })
-    })
-
-    it('Should not be able to refresh an access token with an expired refresh token', async function () {
-      await server.login.refreshToken({ refreshToken: server.refreshToken, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
-    })
-
-    it('Should refresh the token', async function () {
-      this.timeout(50000)
-
-      const futureDate = new Date(new Date().getTime() + 1000 * 60).toISOString()
-      await server.sql.setTokenField(server.accessToken, 'refreshTokenExpiresAt', futureDate)
-
-      await killallServers([ server ])
-      await server.run()
-
-      const res = await server.login.refreshToken({ refreshToken: server.refreshToken })
-      server.accessToken = res.body.access_token
-      server.refreshToken = res.body.refresh_token
-    })
-
-    it('Should be able to get my user information again', async function () {
-      await server.users.getMyInfo()
-    })
-  })
-
   describe('Creating a user', function () {
 
     it('Should be able to create a new user', async function () {
@@ -512,6 +345,7 @@ describe('Test users', function () {
   })
 
   describe('Updating another user', function () {
+
     it('Should be able to update another user', async function () {
       await server.users.update({
         userId,
@@ -562,13 +396,6 @@ describe('Test users', function () {
     })
   })
 
-  describe('Video blacklists', function () {
-
-    it('Should be able to list my video blacklist', async function () {
-      await server.blacklist.list({ token: userToken })
-    })
-  })
-
   describe('Remove a user', function () {
 
     before(async function () {
@@ -653,8 +480,9 @@ describe('Test users', function () {
   })
 
   describe('User blocking', function () {
-    let user16Id
-    let user16AccessToken
+    let user16Id: number
+    let user16AccessToken: string
+
     const user16 = {
       username: 'user_16',
       password: 'my super password'
diff --git a/server/tests/api/videos/video-channel-syncs.ts b/server/tests/api/videos/video-channel-syncs.ts
index 91291524d..dd483f95e 100644
--- a/server/tests/api/videos/video-channel-syncs.ts
+++ b/server/tests/api/videos/video-channel-syncs.ts
@@ -307,6 +307,7 @@ describe('Test channel synchronizations', function () {
     })
   }
 
-  runSuite('youtube-dl')
+  // FIXME: suite is broken with youtube-dl
+  // runSuite('youtube-dl')
   runSuite('yt-dlp')
 })
diff --git a/server/tests/api/videos/video-comments.ts b/server/tests/api/videos/video-comments.ts
index dc47f8a4a..e077cbf73 100644
--- a/server/tests/api/videos/video-comments.ts
+++ b/server/tests/api/videos/video-comments.ts
@@ -38,6 +38,8 @@ describe('Test video comments', function () {
     await setDefaultAccountAvatar(server)
 
     userAccessTokenServer1 = await server.users.generateUserAndToken('user1')
+    await setDefaultChannelAvatar(server, 'user1_channel')
+    await setDefaultAccountAvatar(server, userAccessTokenServer1)
 
     command = server.comments
   })
@@ -232,16 +234,34 @@ describe('Test video comments', function () {
       await command.addReply({ videoId, toCommentId: threadId2, text: text3 })
 
       const tree = await command.getThread({ videoId: videoUUID, threadId: threadId2 })
-      expect(tree.comment.totalReplies).to.equal(tree.comment.totalRepliesFromVideoAuthor + 1)
+      expect(tree.comment.totalRepliesFromVideoAuthor).to.equal(1)
+      expect(tree.comment.totalReplies).to.equal(2)
     })
   })
 
   describe('All instance comments', function () {
 
     it('Should list instance comments as admin', async function () {
-      const { data } = await command.listForAdmin({ start: 0, count: 1 })
+      {
+        const { data, total } = await command.listForAdmin({ start: 0, count: 1 })
 
-      expect(data[0].text).to.equal('my second answer to thread 4')
+        expect(total).to.equal(7)
+        expect(data).to.have.lengthOf(1)
+        expect(data[0].text).to.equal('my second answer to thread 4')
+        expect(data[0].account.name).to.equal('root')
+        expect(data[0].account.displayName).to.equal('root')
+        expect(data[0].account.avatars).to.have.lengthOf(2)
+      }
+
+      {
+        const { data, total } = await command.listForAdmin({ start: 1, count: 2 })
+
+        expect(total).to.equal(7)
+        expect(data).to.have.lengthOf(2)
+
+        expect(data[0].account.avatars).to.have.lengthOf(2)
+        expect(data[1].account.avatars).to.have.lengthOf(2)
+      }
     })
 
     it('Should filter instance comments by isLocal', async function () {
diff --git a/server/tests/external-plugins/auto-block-videos.ts b/server/tests/external-plugins/auto-block-videos.ts
index d14587c38..cadd02e8d 100644
--- a/server/tests/external-plugins/auto-block-videos.ts
+++ b/server/tests/external-plugins/auto-block-videos.ts
@@ -30,7 +30,7 @@ describe('Official plugin auto-block videos', function () {
   let port: number
 
   before(async function () {
-    this.timeout(60000)
+    this.timeout(120000)
 
     servers = await createMultipleServers(2)
     await setAccessTokensToServers(servers)
diff --git a/server/tests/external-plugins/auto-mute.ts b/server/tests/external-plugins/auto-mute.ts
index 440b58bfd..cfed76e88 100644
--- a/server/tests/external-plugins/auto-mute.ts
+++ b/server/tests/external-plugins/auto-mute.ts
@@ -21,7 +21,7 @@ describe('Official plugin auto-mute', function () {
   let port: number
 
   before(async function () {
-    this.timeout(30000)
+    this.timeout(120000)
 
     servers = await createMultipleServers(2)
     await setAccessTokensToServers(servers)
diff --git a/server/tests/feeds/feeds.ts b/server/tests/feeds/feeds.ts
index 906dab1a3..7345f728a 100644
--- a/server/tests/feeds/feeds.ts
+++ b/server/tests/feeds/feeds.ts
@@ -189,7 +189,7 @@ describe('Test syndication feeds', () => {
         const jsonObj = JSON.parse(json)
         expect(jsonObj.items.length).to.be.equal(1)
         expect(jsonObj.items[0].title).to.equal('my super name for server 1')
-        expect(jsonObj.items[0].author.name).to.equal('root')
+        expect(jsonObj.items[0].author.name).to.equal('Main root channel')
       }
 
       {
@@ -197,7 +197,7 @@ describe('Test syndication feeds', () => {
         const jsonObj = JSON.parse(json)
         expect(jsonObj.items.length).to.be.equal(1)
         expect(jsonObj.items[0].title).to.equal('user video')
-        expect(jsonObj.items[0].author.name).to.equal('john')
+        expect(jsonObj.items[0].author.name).to.equal('Main john channel')
       }
 
       for (const server of servers) {
@@ -223,7 +223,7 @@ describe('Test syndication feeds', () => {
         const jsonObj = JSON.parse(json)
         expect(jsonObj.items.length).to.be.equal(1)
         expect(jsonObj.items[0].title).to.equal('my super name for server 1')
-        expect(jsonObj.items[0].author.name).to.equal('root')
+        expect(jsonObj.items[0].author.name).to.equal('Main root channel')
       }
 
       {
@@ -231,7 +231,7 @@ describe('Test syndication feeds', () => {
         const jsonObj = JSON.parse(json)
         expect(jsonObj.items.length).to.be.equal(1)
         expect(jsonObj.items[0].title).to.equal('user video')
-        expect(jsonObj.items[0].author.name).to.equal('john')
+        expect(jsonObj.items[0].author.name).to.equal('Main john channel')
       }
 
       for (const server of servers) {
diff --git a/server/tests/fixtures/peertube-plugin-test-external-auth-one/main.js b/server/tests/fixtures/peertube-plugin-test-external-auth-one/main.js
index c65b8d3a8..58bc27661 100644
--- a/server/tests/fixtures/peertube-plugin-test-external-auth-one/main.js
+++ b/server/tests/fixtures/peertube-plugin-test-external-auth-one/main.js
@@ -33,7 +33,17 @@ async function register ({
           username: 'kefka',
           email: 'kefka@example.com',
           role: 0,
-          displayName: 'Kefka Palazzo'
+          displayName: 'Kefka Palazzo',
+          adminFlags: 1,
+          videoQuota: 42000,
+          videoQuotaDaily: 42100,
+
+          // Always use new value except for videoQuotaDaily field
+          userUpdater: ({ fieldName, currentValue, newValue }) => {
+            if (fieldName === 'videoQuotaDaily') return currentValue
+
+            return newValue
+          }
         })
       },
       hookTokenValidity: (options) => {
diff --git a/server/tests/fixtures/peertube-plugin-test-four/main.js b/server/tests/fixtures/peertube-plugin-test-four/main.js
index 3e848c49e..b10177b45 100644
--- a/server/tests/fixtures/peertube-plugin-test-four/main.js
+++ b/server/tests/fixtures/peertube-plugin-test-four/main.js
@@ -76,6 +76,12 @@ async function register ({
       return res.json({ serverConfig })
     })
 
+    router.get('/server-listening-config', async (req, res) => {
+      const config = await peertubeHelpers.config.getServerListeningConfig()
+
+      return res.json({ config })
+    })
+
     router.get('/static-route', async (req, res) => {
       const staticRoute = peertubeHelpers.plugin.getBaseStaticRoute()
 
diff --git a/server/tests/fixtures/peertube-plugin-test-id-pass-auth-two/main.js b/server/tests/fixtures/peertube-plugin-test-id-pass-auth-two/main.js
index ceab7b60d..fad5abf60 100644
--- a/server/tests/fixtures/peertube-plugin-test-id-pass-auth-two/main.js
+++ b/server/tests/fixtures/peertube-plugin-test-id-pass-auth-two/main.js
@@ -33,7 +33,18 @@ async function register ({
       if (body.id === 'laguna' && body.password === 'laguna password') {
         return Promise.resolve({
           username: 'laguna',
-          email: 'laguna@example.com'
+          email: 'laguna@example.com',
+          displayName: 'Laguna Loire',
+          adminFlags: 1,
+          videoQuota: 42000,
+          videoQuotaDaily: 42100,
+
+          // Always use new value except for videoQuotaDaily field
+          userUpdater: ({ fieldName, currentValue, newValue }) => {
+            if (fieldName === 'videoQuotaDaily') return currentValue
+
+            return newValue
+          }
         })
       }
 
diff --git a/server/tests/fixtures/peertube-plugin-test/main.js b/server/tests/fixtures/peertube-plugin-test/main.js
index 19dccf26e..19ba9f278 100644
--- a/server/tests/fixtures/peertube-plugin-test/main.js
+++ b/server/tests/fixtures/peertube-plugin-test/main.js
@@ -250,7 +250,10 @@ async function register ({ registerHook, registerSetting, settingsManager, stora
 
   registerHook({
     target: 'filter:api.download.video.allowed.result',
-    handler: (result, params) => {
+    handler: async (result, params) => {
+      const loggedInUser = await peertubeHelpers.user.getAuthUser(params.res)
+      if (loggedInUser) return { allowed: true }
+
       if (params && !params.streamingPlaylist && params.video.name.includes('bad file')) {
         return { allowed: false, errorMessage: 'Cao Cao' }
       }
diff --git a/server/tests/plugins/external-auth.ts b/server/tests/plugins/external-auth.ts
index 437777e90..e600f958f 100644
--- a/server/tests/plugins/external-auth.ts
+++ b/server/tests/plugins/external-auth.ts
@@ -2,7 +2,7 @@
 
 import { expect } from 'chai'
 import { wait } from '@shared/core-utils'
-import { HttpStatusCode, UserRole } from '@shared/models'
+import { HttpStatusCode, UserAdminFlag, UserRole } from '@shared/models'
 import {
   cleanupTests,
   createSingleServer,
@@ -51,6 +51,7 @@ describe('Test external auth plugins', function () {
 
   let kefkaAccessToken: string
   let kefkaRefreshToken: string
+  let kefkaId: number
 
   let externalAuthToken: string
 
@@ -156,6 +157,9 @@ describe('Test external auth plugins', function () {
       expect(body.account.displayName).to.equal('cyan')
       expect(body.email).to.equal('cyan@example.com')
       expect(body.role.id).to.equal(UserRole.USER)
+      expect(body.adminFlags).to.equal(UserAdminFlag.NONE)
+      expect(body.videoQuota).to.equal(5242880)
+      expect(body.videoQuotaDaily).to.equal(-1)
     }
   })
 
@@ -178,6 +182,11 @@ describe('Test external auth plugins', function () {
       expect(body.account.displayName).to.equal('Kefka Palazzo')
       expect(body.email).to.equal('kefka@example.com')
       expect(body.role.id).to.equal(UserRole.ADMINISTRATOR)
+      expect(body.adminFlags).to.equal(UserAdminFlag.BYPASS_VIDEO_AUTO_BLACKLIST)
+      expect(body.videoQuota).to.equal(42000)
+      expect(body.videoQuotaDaily).to.equal(42100)
+
+      kefkaId = body.id
     }
   })
 
@@ -240,6 +249,37 @@ describe('Test external auth plugins', function () {
     expect(body.role.id).to.equal(UserRole.USER)
   })
 
+  it('Should login Kefka and update the profile', async function () {
+    {
+      await server.users.update({ userId: kefkaId, videoQuota: 43000, videoQuotaDaily: 43100 })
+      await server.users.updateMe({ token: kefkaAccessToken, displayName: 'kefka updated' })
+
+      const body = await server.users.getMyInfo({ token: kefkaAccessToken })
+      expect(body.username).to.equal('kefka')
+      expect(body.account.displayName).to.equal('kefka updated')
+      expect(body.videoQuota).to.equal(43000)
+      expect(body.videoQuotaDaily).to.equal(43100)
+    }
+
+    {
+      const res = await loginExternal({
+        server,
+        npmName: 'test-external-auth-one',
+        authName: 'external-auth-2',
+        username: 'kefka'
+      })
+
+      kefkaAccessToken = res.access_token
+      kefkaRefreshToken = res.refresh_token
+
+      const body = await server.users.getMyInfo({ token: kefkaAccessToken })
+      expect(body.username).to.equal('kefka')
+      expect(body.account.displayName).to.equal('Kefka Palazzo')
+      expect(body.videoQuota).to.equal(42000)
+      expect(body.videoQuotaDaily).to.equal(43100)
+    }
+  })
+
   it('Should not update an external auth email', async function () {
     await server.users.updateMe({
       token: cyanAccessToken,
diff --git a/server/tests/plugins/filter-hooks.ts b/server/tests/plugins/filter-hooks.ts
index 083fd43ca..6724b3bf8 100644
--- a/server/tests/plugins/filter-hooks.ts
+++ b/server/tests/plugins/filter-hooks.ts
@@ -430,6 +430,7 @@ describe('Test plugin filter hooks', function () {
 
   describe('Download hooks', function () {
     const downloadVideos: VideoDetails[] = []
+    let downloadVideo2Token: string
 
     before(async function () {
       this.timeout(120000)
@@ -459,6 +460,8 @@ describe('Test plugin filter hooks', function () {
       for (const uuid of uuids) {
         downloadVideos.push(await servers[0].videos.get({ id: uuid }))
       }
+
+      downloadVideo2Token = await servers[0].videoToken.getVideoFileToken({ videoId: downloadVideos[2].uuid })
     })
 
     it('Should run filter:api.download.torrent.allowed.result', async function () {
@@ -471,32 +474,42 @@ describe('Test plugin filter hooks', function () {
 
     it('Should run filter:api.download.video.allowed.result', async function () {
       {
-        const res = await makeRawRequest({ url: downloadVideos[1].files[0].fileDownloadUrl, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
+        const refused = downloadVideos[1].files[0].fileDownloadUrl
+        const allowed = [
+          downloadVideos[0].files[0].fileDownloadUrl,
+          downloadVideos[2].files[0].fileDownloadUrl
+        ]
+
+        const res = await makeRawRequest({ url: refused, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
         expect(res.body.error).to.equal('Cao Cao')
 
-        await makeRawRequest({ url: downloadVideos[0].files[0].fileDownloadUrl, expectedStatus: HttpStatusCode.OK_200 })
-        await makeRawRequest({ url: downloadVideos[2].files[0].fileDownloadUrl, expectedStatus: HttpStatusCode.OK_200 })
+        for (const url of allowed) {
+          await makeRawRequest({ url, expectedStatus: HttpStatusCode.OK_200 })
+          await makeRawRequest({ url, expectedStatus: HttpStatusCode.OK_200 })
+        }
       }
 
       {
-        const res = await makeRawRequest({
-          url: downloadVideos[2].streamingPlaylists[0].files[0].fileDownloadUrl,
-          expectedStatus: HttpStatusCode.FORBIDDEN_403
-        })
+        const refused = downloadVideos[2].streamingPlaylists[0].files[0].fileDownloadUrl
 
-        expect(res.body.error).to.equal('Sun Jian')
+        const allowed = [
+          downloadVideos[2].files[0].fileDownloadUrl,
+          downloadVideos[0].streamingPlaylists[0].files[0].fileDownloadUrl,
+          downloadVideos[1].streamingPlaylists[0].files[0].fileDownloadUrl
+        ]
 
-        await makeRawRequest({ url: downloadVideos[2].files[0].fileDownloadUrl, expectedStatus: HttpStatusCode.OK_200 })
+        // Only streaming playlist is refuse
+        const res = await makeRawRequest({ url: refused, expectedStatus: HttpStatusCode.FORBIDDEN_403 })
+        expect(res.body.error).to.equal('Sun Jian')
 
-        await makeRawRequest({
-          url: downloadVideos[0].streamingPlaylists[0].files[0].fileDownloadUrl,
-          expectedStatus: HttpStatusCode.OK_200
-        })
+        // But not we there is a user in res
+        await makeRawRequest({ url: refused, token: servers[0].accessToken, expectedStatus: HttpStatusCode.OK_200 })
+        await makeRawRequest({ url: refused, query: { videoFileToken: downloadVideo2Token }, expectedStatus: HttpStatusCode.OK_200 })
 
-        await makeRawRequest({
-          url: downloadVideos[1].streamingPlaylists[0].files[0].fileDownloadUrl,
-          expectedStatus: HttpStatusCode.OK_200
-        })
+        // Other files work
+        for (const url of allowed) {
+          await makeRawRequest({ url, expectedStatus: HttpStatusCode.OK_200 })
+        }
       }
     })
   })
diff --git a/server/tests/plugins/id-and-pass-auth.ts b/server/tests/plugins/id-and-pass-auth.ts
index fc24a5656..10155c28b 100644
--- a/server/tests/plugins/id-and-pass-auth.ts
+++ b/server/tests/plugins/id-and-pass-auth.ts
@@ -13,6 +13,7 @@ describe('Test id and pass auth plugins', function () {
 
   let lagunaAccessToken: string
   let lagunaRefreshToken: string
+  let lagunaId: number
 
   before(async function () {
     this.timeout(30000)
@@ -78,8 +79,10 @@ describe('Test id and pass auth plugins', function () {
       const body = await server.users.getMyInfo({ token: lagunaAccessToken })
 
       expect(body.username).to.equal('laguna')
-      expect(body.account.displayName).to.equal('laguna')
+      expect(body.account.displayName).to.equal('Laguna Loire')
       expect(body.role.id).to.equal(UserRole.USER)
+
+      lagunaId = body.id
     }
   })
 
@@ -132,6 +135,33 @@ describe('Test id and pass auth plugins', function () {
     expect(body.role.id).to.equal(UserRole.MODERATOR)
   })
 
+  it('Should login Laguna and update the profile', async function () {
+    {
+      await server.users.update({ userId: lagunaId, videoQuota: 43000, videoQuotaDaily: 43100 })
+      await server.users.updateMe({ token: lagunaAccessToken, displayName: 'laguna updated' })
+
+      const body = await server.users.getMyInfo({ token: lagunaAccessToken })
+      expect(body.username).to.equal('laguna')
+      expect(body.account.displayName).to.equal('laguna updated')
+      expect(body.videoQuota).to.equal(43000)
+      expect(body.videoQuotaDaily).to.equal(43100)
+    }
+
+    {
+      const body = await server.login.login({ user: { username: 'laguna', password: 'laguna password' } })
+      lagunaAccessToken = body.access_token
+      lagunaRefreshToken = body.refresh_token
+    }
+
+    {
+      const body = await server.users.getMyInfo({ token: lagunaAccessToken })
+      expect(body.username).to.equal('laguna')
+      expect(body.account.displayName).to.equal('Laguna Loire')
+      expect(body.videoQuota).to.equal(42000)
+      expect(body.videoQuotaDaily).to.equal(43100)
+    }
+  })
+
   it('Should reject token of laguna by the plugin hook', async function () {
     this.timeout(10000)
 
@@ -147,7 +177,7 @@ describe('Test id and pass auth plugins', function () {
     await server.servers.waitUntilLog('valid username')
 
     await command.login({ user: { username: 'kiros', password: 'kiros password' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
-    await server.servers.waitUntilLog('valid display name')
+    await server.servers.waitUntilLog('valid displayName')
 
     await command.login({ user: { username: 'raine', password: 'raine password' }, expectedStatus: HttpStatusCode.BAD_REQUEST_400 })
     await server.servers.waitUntilLog('valid role')
diff --git a/server/tests/plugins/plugin-helpers.ts b/server/tests/plugins/plugin-helpers.ts
index 038e3f0d6..e25992723 100644
--- a/server/tests/plugins/plugin-helpers.ts
+++ b/server/tests/plugins/plugin-helpers.ts
@@ -64,6 +64,18 @@ describe('Test plugin helpers', function () {
       await servers[0].servers.waitUntilLog(`server url is ${servers[0].url}`)
     })
 
+    it('Should have the correct listening config', async function () {
+      const res = await makeGetRequest({
+        url: servers[0].url,
+        path: '/plugins/test-four/router/server-listening-config',
+        expectedStatus: HttpStatusCode.OK_200
+      })
+
+      expect(res.body.config).to.exist
+      expect(res.body.config.hostname).to.equal('::')
+      expect(res.body.config.port).to.equal(servers[0].port)
+    })
+
     it('Should have the correct config', async function () {
       const res = await makeGetRequest({
         url: servers[0].url,
diff --git a/server/types/express.d.ts b/server/types/express.d.ts
index 3738ffc47..6fea4dac2 100644
--- a/server/types/express.d.ts
+++ b/server/types/express.d.ts
@@ -1,4 +1,3 @@
-
 import { OutgoingHttpHeaders } from 'http'
 import { RegisterServerAuthExternalOptions } from '@server/types'
 import {
@@ -10,6 +9,7 @@ import {
   MChannelBannerAccountDefault,
   MChannelSyncChannel,
   MStreamingPlaylist,
+  MUserAccountUrl,
   MVideoChangeOwnershipFull,
   MVideoFile,
   MVideoFormattableDetails,
@@ -187,6 +187,10 @@ declare module 'express' {
         actor: MActorAccountChannelId
       }
 
+      videoFileToken?: {
+        user: MUserAccountUrl
+      }
+
       authenticated?: boolean
 
       registeredPlugin?: RegisteredPlugin
diff --git a/server/types/lib.d.ts b/server/types/lib.d.ts
new file mode 100644
index 000000000..c901e2032
--- /dev/null
+++ b/server/types/lib.d.ts
@@ -0,0 +1,12 @@
+type ObjectKeys<T> =
+  T extends object
+    ? `${Exclude<keyof T, symbol>}`[]
+    : T extends number
+      ? []
+      : T extends any | string
+        ? string[]
+        : never
+
+interface ObjectConstructor {
+  keys<T> (o: T): ObjectKeys<T>
+}
diff --git a/server/types/plugins/register-server-auth.model.ts b/server/types/plugins/register-server-auth.model.ts
index 79c18c406..e10968c20 100644
--- a/server/types/plugins/register-server-auth.model.ts
+++ b/server/types/plugins/register-server-auth.model.ts
@@ -1,14 +1,33 @@
 import express from 'express'
-import { UserRole } from '@shared/models'
+import { UserAdminFlag, UserRole } from '@shared/models'
 import { MOAuthToken, MUser } from '../models'
 
 export type RegisterServerAuthOptions = RegisterServerAuthPassOptions | RegisterServerAuthExternalOptions
 
+export type AuthenticatedResultUpdaterFieldName = 'displayName' | 'role' | 'adminFlags' | 'videoQuota' | 'videoQuotaDaily'
+
 export interface RegisterServerAuthenticatedResult {
+  // Update the user profile if it already exists
+  // Default behaviour is no update
+  // Introduced in PeerTube >= 5.1
+  userUpdater?: <T> (options: {
+    fieldName: AuthenticatedResultUpdaterFieldName
+    currentValue: T
+    newValue: T
+  }) => T
+
   username: string
   email: string
   role?: UserRole
   displayName?: string
+
+  // PeerTube >= 5.1
+  adminFlags?: UserAdminFlag
+
+  // PeerTube >= 5.1
+  videoQuota?: number
+  // PeerTube >= 5.1
+  videoQuotaDaily?: number
 }
 
 export interface RegisterServerExternalAuthenticatedResult extends RegisterServerAuthenticatedResult {
diff --git a/server/types/plugins/register-server-option.model.ts b/server/types/plugins/register-server-option.model.ts
index 1e2bd830e..df419fff4 100644
--- a/server/types/plugins/register-server-option.model.ts
+++ b/server/types/plugins/register-server-option.model.ts
@@ -71,6 +71,9 @@ export type PeerTubeHelpers = {
   config: {
     getWebserverUrl: () => string
 
+    // PeerTube >= 5.1
+    getServerListeningConfig: () => { hostname: string, port: number }
+
     getServerConfig: () => Promise<ServerConfig>
   }