diff --git a/backend/app.js b/backend/app.js
index c014bb9..0489e88 100644
--- a/backend/app.js
+++ b/backend/app.js
@@ -928,7 +928,7 @@ const optionalJwt = async function (req, res, next) {
         const uuid = using_body ? req.body.uuid : req.query.uuid;
         const uid = using_body ? req.body.uid : req.query.uid;
         const playlist_id = using_body ? req.body.playlist_id : req.query.playlist_id;
-        const file = !playlist_id ? auth_api.getUserVideo(uuid, uid, true) : await files_api.getPlaylist(playlist_id, uuid, true);
+        const file = !playlist_id ? await auth_api.getUserVideo(uuid, uid, true) : await files_api.getPlaylist(playlist_id, uuid, true);
         if (file) {
             req.can_watch = true;
             return next();
diff --git a/backend/authentication/auth.js b/backend/authentication/auth.js
index 3d5a766..03c2308 100644
--- a/backend/authentication/auth.js
+++ b/backend/authentication/auth.js
@@ -482,7 +482,7 @@ exports.getUserPlaylist = async function(user_uid, playlistID, requireSharing =
   let playlist = await db_api.getRecord('playlists', filter_obj);
 
   // prevent unauthorized users from accessing the file info
-  if (requireSharing && !playlist['sharingEnabled']) playlist = null;
+  if (requireSharing && (!playlist || !playlist['sharingEnabled'])) playlist = null;
 
   return playlist;
 }
diff --git a/backend/files.js b/backend/files.js
index 4d57f1e..e5e8fad 100644
--- a/backend/files.js
+++ b/backend/files.js
@@ -194,7 +194,7 @@ exports.getPlaylist = async (playlist_id, user_uid = null, require_sharing = fal
     }
 
     // prevent unauthorized users from accessing the file info
-    if (require_sharing && !playlist['sharingEnabled']) return null;
+    if (require_sharing && (!playlist || !playlist['sharingEnabled'])) return null;
 
     return playlist;
 }