I have uploaded 4 videos with different privacy (Public, Private, Unlisted & Internal). After uploading, i copied the iframe tag from Share option. For now i have pasted the iframe in confluence page. When i paste that iframe in other website, it is showing video regardless of the video privacy. Is it a bug or something?
Public, Unlisted, and Internal modes do not change the fact that, provided a direct link (or embed) to the video, the video will play.
I’m not sure of the behaviour regarding Private videos however.
is there any way I can check for authentication before playing video on any other platform other than the peertube itself?
Not per video, no.
Otherwise as an admin you can always tweak your reverse proxy to disallow CORS, but that’s not authentication. You can implement this using a plugin or directly in your reverse proxy. See https://github.com/Chocobozzz/PeerTube/issues/3470 which is similar.