From f254af743ea4f722d3e3e073f5732eee60eb491f Mon Sep 17 00:00:00 2001
From: "Ayoub G." <git@ayghri.com>
Date: Sat, 6 Dec 2025 02:13:24 -0700
Subject: [PATCH 1/8] adding approval of comments

---
 backend/app/cmd/server.go                     |  2 +
 backend/app/rest/api/admin.go                 | 16 ++++
 backend/app/rest/api/rest.go                  |  1 +
 backend/app/store/comment.go                  |  2 +
 backend/app/store/comment_test.go             |  2 +
 backend/app/store/service/service.go          | 45 ++++++++++-
 backend/app/store/service/service_test.go     | 63 +++++++++++++++
 frontend/apps/remark42/app/common/api.test.ts | 24 +++++-
 frontend/apps/remark42/app/common/api.ts      |  6 ++
 frontend/apps/remark42/app/common/types.ts    |  2 +
 .../components/comment/comment-actions.tsx    |  9 +++
 .../app/components/comment/comment.test.tsx   | 32 ++++++++
 .../app/components/comment/comment.tsx        | 22 ++++++
 .../components/comment/connected-comment.tsx  | 10 ++-
 .../app/store/comments/actions.test.ts        | 78 ++++++++++++++++++-
 .../remark42/app/store/comments/actions.ts    | 14 ++++
 frontend/packages/api/clients/public.ts       |  4 +-
 17 files changed, 324 insertions(+), 8 deletions(-)

diff --git a/backend/app/cmd/server.go b/backend/app/cmd/server.go
index 9a6256d116..14a19c9473 100644
--- a/backend/app/cmd/server.go
+++ b/backend/app/cmd/server.go
@@ -61,6 +61,7 @@ type ServerCommand struct {
 
 	Sites                      []string      `long:"site" env:"SITE" default:"remark" description:"site names" env-delim:","`
 	AnonymousVote              bool          `long:"anon-vote" env:"ANON_VOTE" description:"enable anonymous votes (works only with VOTES_IP enabled)"`
+	NeedApproval               bool          `long:"need-approval" env:"NEED_APPROVAL" description:"require admin approval for new comments to be visible"`
 	AdminPasswd                string        `long:"admin-passwd" env:"ADMIN_PASSWD" default:"" description:"admin basic auth password"`
 	BackupLocation             string        `long:"backup" env:"BACKUP_PATH" default:"./var/backup" description:"backups location"`
 	MaxBackupFiles             int           `long:"max-back" env:"MAX_BACKUP_FILES" default:"10" description:"max backups to keep"`
@@ -520,6 +521,7 @@ func (s *ServerCommand) newServerApp(ctx context.Context) (*serverApp, error) {
 		ImageService:           imageService,
 		TitleExtractor:         service.NewTitleExtractor(http.Client{Timeout: time.Second * 5}, s.getAllowedDomains()),
 		RestrictedWordsMatcher: service.NewRestrictedWordsMatcher(service.StaticRestrictedWordsLister{Words: s.RestrictedWords}),
+		NeedApproval:           s.NeedApproval,
 	}
 	dataService.RestrictSameIPVotes.Enabled = s.RestrictVoteIP
 	dataService.RestrictSameIPVotes.Duration = s.DurationVoteIP
diff --git a/backend/app/rest/api/admin.go b/backend/app/rest/api/admin.go
index 2902566777..89334bb805 100644
--- a/backend/app/rest/api/admin.go
+++ b/backend/app/rest/api/admin.go
@@ -39,6 +39,7 @@ type adminStore interface {
 	SetVerified(siteID, userID string, status bool) error
 	SetReadOnly(locator store.Locator, status bool) error
 	SetPin(locator store.Locator, commentID string, status bool) error
+	SetApproved(locator store.Locator, commentID string, status bool) error
 }
 
 // DELETE /comment/{id}?site=siteID&url=post-url - removes comment
@@ -244,3 +245,18 @@ func (a *admin) setPinCtrl(w http.ResponseWriter, r *http.Request) {
 	a.cache.Flush(cache.Flusher(locator.SiteID).Scopes(locator.URL))
 	R.RenderJSON(w, R.JSON{"id": commentID, "locator": locator, "pin": pinStatus})
 }
+
+// PUT /approve/{id}?site=siteID&url=post-url&approved=1
+// approve/unapprove comment for moderation
+func (a *admin) setApprovedCtrl(w http.ResponseWriter, r *http.Request) {
+	commentID := chi.URLParam(r, "id")
+	locator := store.Locator{SiteID: r.URL.Query().Get("site"), URL: r.URL.Query().Get("url")}
+	approvedStatus := r.URL.Query().Get("approved") == "1"
+
+	if err := a.dataService.SetApproved(locator, commentID, approvedStatus); err != nil {
+		rest.SendErrorJSON(w, r, http.StatusBadRequest, err, "can't set approved status", rest.ErrActionRejected)
+		return
+	}
+	a.cache.Flush(cache.Flusher(locator.SiteID).Scopes(locator.URL, lastCommentsScope))
+	R.RenderJSON(w, R.JSON{"id": commentID, "locator": locator, "approved": approvedStatus})
+}
diff --git a/backend/app/rest/api/rest.go b/backend/app/rest/api/rest.go
index f351dffb34..66f20ee6ed 100644
--- a/backend/app/rest/api/rest.go
+++ b/backend/app/rest/api/rest.go
@@ -310,6 +310,7 @@ func (s *Rest) routes() chi.Router {
 			radmin.Get("/deleteme", s.adminRest.deleteMeRequestCtrl)
 			radmin.Put("/verify/{userid}", s.adminRest.setVerifyCtrl)
 			radmin.Put("/pin/{id}", s.adminRest.setPinCtrl)
+			radmin.Put("/approve/{id}", s.adminRest.setApprovedCtrl)
 			radmin.Get("/blocked", s.adminRest.blockedUsersCtrl)
 			radmin.Put("/readonly", s.adminRest.setReadOnlyCtrl)
 			radmin.Put("/title/{id}", s.adminRest.setTitleCtrl)
diff --git a/backend/app/store/comment.go b/backend/app/store/comment.go
index 6527088570..2167fbab24 100644
--- a/backend/app/store/comment.go
+++ b/backend/app/store/comment.go
@@ -29,6 +29,7 @@ type Comment struct {
 	Deleted     bool                   `json:"delete,omitempty" bson:"delete"`
 	Imported    bool                   `json:"imported,omitempty" bson:"imported"`
 	PostTitle   string                 `json:"title,omitempty" bson:"title"`
+	Approved    bool                   `json:"approved,omitempty" bson:"approved"` // moderation status, true if approved by admin
 }
 
 // Locator keeps site and url of the post
@@ -93,6 +94,7 @@ func (c *Comment) PrepareUntrusted() {
 	c.Pin = false
 	c.Deleted = false
 	c.Imported = false
+	c.Approved = false // new comments need approval when NeedApproval is enabled
 }
 
 // SetDeleted clears comment info, reset to deleted state. hard flag will clear all user info as well
diff --git a/backend/app/store/comment_test.go b/backend/app/store/comment_test.go
index ce48d37e53..936498d7db 100644
--- a/backend/app/store/comment_test.go
+++ b/backend/app/store/comment_test.go
@@ -124,6 +124,7 @@ func TestComment_PrepareUntrusted(t *testing.T) {
 		Votes:       map[string]bool{"uu": true},
 		Controversy: 123,
 		Imported:    true,
+		Approved:    true, // should be reset to false
 	}
 
 	comment.PrepareUntrusted()
@@ -139,6 +140,7 @@ func TestComment_PrepareUntrusted(t *testing.T) {
 	assert.Equal(t, User{ID: "username"}, comment.User)
 	assert.Equal(t, 0., comment.Controversy)
 	assert.Equal(t, false, comment.Imported)
+	assert.Equal(t, false, comment.Approved) // new comments need approval when NeedApproval is enabled
 }
 
 func TestComment_SetDeleted(t *testing.T) {
diff --git a/backend/app/store/service/service.go b/backend/app/store/service/service.go
index c1019109ba..0ba296b6f7 100644
--- a/backend/app/store/service/service.go
+++ b/backend/app/store/service/service.go
@@ -40,6 +40,7 @@ type DataStore struct {
 	RestrictedWordsMatcher *RestrictedWordsMatcher
 	ImageService           *image.Service
 	AdminEdits             bool // allow admin unlimited edits
+	NeedApproval           bool // require admin approval for new comments to be visible
 
 	// granular locks
 	scopedLocks struct {
@@ -140,6 +141,12 @@ func (s *DataStore) FindSince(locator store.Locator, sortMethod string, user sto
 		comments[i] = s.alterComment(c, user)
 	}
 
+	// filter unapproved comments for non-admin users when NeedApproval is enabled
+	// admins see all comments, users see approved comments + their own unapproved comments
+	if s.NeedApproval && !user.Admin {
+		comments = s.filterUnapproved(comments, user)
+	}
+
 	// resort commits if altered
 	if changedSort {
 		comments = engine.SortComments(comments, sortMethod)
@@ -331,6 +338,17 @@ func (s *DataStore) SetPin(locator store.Locator, commentID string, status bool)
 	return s.Engine.Update(comment)
 }
 
+// SetApproved approve/unapprove comment for moderation
+func (s *DataStore) SetApproved(locator store.Locator, commentID string, status bool) error {
+	comment, err := s.Engine.Get(engine.GetRequest{Locator: locator, CommentID: commentID})
+	if err != nil {
+		return err
+	}
+	comment.Approved = status
+	comment.Locator = locator
+	return s.Engine.Update(comment)
+}
+
 // VoteReq is the request ot make a vote
 type VoteReq struct {
 	Locator   store.Locator
@@ -956,7 +974,12 @@ func (s *DataStore) User(siteID, userID string, limit, skip int, user store.User
 	if err != nil {
 		return comments, err
 	}
-	return s.alterComments(comments, user), nil
+	comments = s.alterComments(comments, user)
+	// filter unapproved comments for non-admin users when NeedApproval is enabled
+	if s.NeedApproval && !user.Admin {
+		comments = s.filterUnapproved(comments, user)
+	}
+	return comments, nil
 }
 
 // UserCount is comments count by user
@@ -972,7 +995,12 @@ func (s *DataStore) Last(siteID string, limit int, since time.Time, user store.U
 	if err != nil {
 		return comments, err
 	}
-	return s.alterComments(comments, user), nil
+	comments = s.alterComments(comments, user)
+	// filter unapproved comments for non-admin users when NeedApproval is enabled
+	if s.NeedApproval && !user.Admin {
+		comments = s.filterUnapproved(comments, user)
+	}
+	return comments, nil
 }
 
 // Close store service
@@ -1081,3 +1109,16 @@ func (s *DataStore) getSecret(siteID string) (secret string, err error) {
 	}
 	return secret, nil
 }
+
+// filterUnapproved removes unapproved comments from non-admin users
+// Users can see their own unapproved comments
+func (s *DataStore) filterUnapproved(comments []store.Comment, user store.User) []store.Comment {
+	result := make([]store.Comment, 0, len(comments))
+	for _, c := range comments {
+		// show approved comments, or user's own unapproved comments
+		if c.Approved || c.User.ID == user.ID {
+			result = append(result, c)
+		}
+	}
+	return result
+}
diff --git a/backend/app/store/service/service_test.go b/backend/app/store/service/service_test.go
index 1c203669b5..8a5ec0688f 100644
--- a/backend/app/store/service/service_test.go
+++ b/backend/app/store/service/service_test.go
@@ -802,6 +802,69 @@ func TestService_Pin(t *testing.T) {
 	assert.Equal(t, false, c.Pin)
 }
 
+func TestService_Approved(t *testing.T) {
+	eng, teardown := prepStoreEngine(t)
+	defer teardown()
+	b := DataStore{Engine: eng, AdminStore: admin.NewStaticKeyStore("secret 123"), NeedApproval: true}
+
+	// Use admin user to see all comments including unapproved ones
+	adminUser := store.User{ID: "admin", Admin: true}
+	res, err := b.Last("radio-t", 0, time.Time{}, adminUser)
+	t.Logf("%+v", res[0])
+	assert.NoError(t, err)
+	require.Equal(t, 2, len(res))
+	assert.Equal(t, false, res[0].Approved)
+
+	err = b.SetApproved(store.Locator{URL: "https://radio-t.com", SiteID: "radio-t"}, res[0].ID, true)
+	assert.NoError(t, err)
+
+	c, err := b.Engine.Get(getReq(store.Locator{URL: "https://radio-t.com", SiteID: "radio-t"}, res[0].ID))
+	assert.NoError(t, err)
+	assert.Equal(t, true, c.Approved)
+
+	err = b.SetApproved(store.Locator{URL: "https://radio-t.com", SiteID: "radio-t"}, res[0].ID, false)
+	assert.NoError(t, err)
+	c, err = b.Engine.Get(getReq(store.Locator{URL: "https://radio-t.com", SiteID: "radio-t"}, res[0].ID))
+	assert.NoError(t, err)
+	assert.Equal(t, false, c.Approved)
+}
+
+func TestService_FilterUnapproved(t *testing.T) {
+	eng, teardown := prepStoreEngine(t)
+	defer teardown()
+	b := DataStore{Engine: eng, AdminStore: admin.NewStaticKeyStore("secret 123"), NeedApproval: true}
+	locator := store.Locator{URL: "https://radio-t.com", SiteID: "radio-t"}
+
+	// Get all comments as admin
+	adminUser := store.User{ID: "admin", Admin: true}
+	allComments, err := b.Find(locator, "-time", adminUser)
+	assert.NoError(t, err)
+	require.True(t, len(allComments) > 0)
+
+	// Approve only the first comment
+	err = b.SetApproved(locator, allComments[0].ID, true)
+	assert.NoError(t, err)
+
+	// Admin should see all comments
+	adminComments, err := b.Find(locator, "-time", adminUser)
+	assert.NoError(t, err)
+	assert.Equal(t, len(allComments), len(adminComments))
+
+	// Regular user should only see approved comments
+	regularUser := store.User{ID: "regular-user"}
+	regularComments, err := b.Find(locator, "-time", regularUser)
+	assert.NoError(t, err)
+	assert.Equal(t, 1, len(regularComments))
+	assert.True(t, regularComments[0].Approved)
+
+	// Comment author should see their own unapproved comments
+	commentAuthor := store.User{ID: allComments[1].User.ID}
+	authorComments, err := b.Find(locator, "-time", commentAuthor)
+	assert.NoError(t, err)
+	// Author sees approved + their own unapproved
+	assert.True(t, len(authorComments) >= 1)
+}
+
 func TestService_EditComment(t *testing.T) {
 	eng, teardown := prepStoreEngine(t)
 	defer teardown()
diff --git a/frontend/apps/remark42/app/common/api.test.ts b/frontend/apps/remark42/app/common/api.test.ts
index 3c9f6c99f7..bdf907367d 100644
--- a/frontend/apps/remark42/app/common/api.test.ts
+++ b/frontend/apps/remark42/app/common/api.test.ts
@@ -1,5 +1,5 @@
-import { getUserComments } from './api';
-import { apiFetcher } from './fetcher';
+import { getUserComments, approveComment, disapproveComment } from './api';
+import { apiFetcher, adminFetcher } from './fetcher';
 
 describe('getUserComments', () => {
   it('should call apiFetcher.get with /comments endpoint and default skip and limit query params', () => {
@@ -29,3 +29,23 @@ describe('getUserComments', () => {
     });
   });
 });
+
+describe('approveComment', () => {
+  it('should call adminFetcher.put with /approve/{id} endpoint and approved=1', () => {
+    const adminFetcherSpy = jest.spyOn(adminFetcher, 'put').mockResolvedValue(undefined);
+    const commentId = 'comment-123';
+
+    approveComment(commentId);
+    expect(adminFetcherSpy).toHaveBeenCalledWith(`/approve/${commentId}`, expect.objectContaining({ approved: 1 }));
+  });
+});
+
+describe('disapproveComment', () => {
+  it('should call adminFetcher.put with /approve/{id} endpoint and approved=0', () => {
+    const adminFetcherSpy = jest.spyOn(adminFetcher, 'put').mockResolvedValue(undefined);
+    const commentId = 'comment-123';
+
+    disapproveComment(commentId);
+    expect(adminFetcherSpy).toHaveBeenCalledWith(`/approve/${commentId}`, expect.objectContaining({ approved: 0 }));
+  });
+});
diff --git a/frontend/apps/remark42/app/common/api.ts b/frontend/apps/remark42/app/common/api.ts
index 2eb2f0ed5a..275251b60b 100644
--- a/frontend/apps/remark42/app/common/api.ts
+++ b/frontend/apps/remark42/app/common/api.ts
@@ -136,6 +136,12 @@ export const pinComment = (id: Comment['id']): Promise<void> => adminFetcher.put
 
 export const unpinComment = (id: Comment['id']): Promise<void> => adminFetcher.put(`/pin/${id}`, { url, pin: 0 });
 
+export const approveComment = (id: Comment['id']): Promise<void> =>
+  adminFetcher.put(`/approve/${id}`, { url, approved: 1 });
+
+export const disapproveComment = (id: Comment['id']): Promise<void> =>
+  adminFetcher.put(`/approve/${id}`, { url, approved: 0 });
+
 export const setVerifiedStatus = (id: User['id']): Promise<void> => adminFetcher.put(`/verify/${id}`, { verified: 1 });
 
 export const removeVerifiedStatus = (id: User['id']): Promise<void> =>
diff --git a/frontend/apps/remark42/app/common/types.ts b/frontend/apps/remark42/app/common/types.ts
index fd18f8ebc3..40fc050b6c 100644
--- a/frontend/apps/remark42/app/common/types.ts
+++ b/frontend/apps/remark42/app/common/types.ts
@@ -63,6 +63,8 @@ export interface Comment {
   delete?: boolean;
   /** post title */
   title?: string;
+  /** approved status for moderation, read only */
+  approved?: boolean;
   /**
    * @ClientOnly defines whether comments was hidden (deleted)
    *
diff --git a/frontend/apps/remark42/app/components/comment/comment-actions.tsx b/frontend/apps/remark42/app/components/comment/comment-actions.tsx
index d3fca73e41..2f4dffc19c 100644
--- a/frontend/apps/remark42/app/components/comment/comment-actions.tsx
+++ b/frontend/apps/remark42/app/components/comment/comment-actions.tsx
@@ -14,6 +14,7 @@ export type Props = {
   admin: boolean | undefined;
   currentUser: boolean | undefined;
   pinned: boolean | undefined;
+  approved: boolean | undefined;
   copied: boolean | undefined;
   bannedUser: boolean | undefined;
   readOnly: boolean | undefined;
@@ -25,6 +26,7 @@ export type Props = {
   onToggleEditing(): void;
   onDelete(): void;
   onTogglePin(): void;
+  onToggleApproval(): void;
   onToggleReplying(): void;
   onHideUser(): void;
   onBlockUser(ttl: BlockTTL): void;
@@ -35,6 +37,7 @@ export type Props = {
 export function CommentActions({
   admin,
   pinned,
+  approved,
   copied,
   readOnly,
   editable,
@@ -47,6 +50,7 @@ export function CommentActions({
   onToggleEditing,
   onDelete,
   onTogglePin,
+  onToggleApproval,
   onToggleReplying,
   onDisableEditing,
   onHideUser,
@@ -99,6 +103,9 @@ export function CommentActions({
             <Button kind="link" size="sm" onClick={onTogglePin}>
               {intl.formatMessage(pinned ? messages.unpin : messages.pin)}
             </Button>
+            <Button kind="link" size="sm" onClick={onToggleApproval}>
+              {intl.formatMessage(approved ? messages.disapprove : messages.approve)}
+            </Button>
             {bannedUser ? (
               <Button kind="link" size="sm" onClick={onUnblockUser}>
                 {intl.formatMessage(messages.unblock)}
@@ -123,6 +130,8 @@ const messages = defineMessages({
   unblock: { id: 'comment.unblock', defaultMessage: 'Unblock' },
   pin: { id: 'comment.pin', defaultMessage: 'Pin' },
   unpin: { id: 'comment.unpin', defaultMessage: 'Unpin' },
+  approve: { id: 'comment.approve', defaultMessage: 'Approve' },
+  disapprove: { id: 'comment.disapprove', defaultMessage: 'Disapprove' },
   hide: { id: 'comment.hide', defaultMessage: 'Hide' },
   cancel: { id: 'comment.cancel', defaultMessage: 'Cancel' },
   edit: { id: 'comment.edit', defaultMessage: 'Edit' },
diff --git a/frontend/apps/remark42/app/components/comment/comment.test.tsx b/frontend/apps/remark42/app/components/comment/comment.test.tsx
index 3e52f4713e..2647b139bd 100644
--- a/frontend/apps/remark42/app/components/comment/comment.test.tsx
+++ b/frontend/apps/remark42/app/components/comment/comment.test.tsx
@@ -255,4 +255,36 @@ describe('<Comment />', () => {
       expect(screen.getByText('Edit')).toBeVisible();
     });
   });
+
+  describe('approval', () => {
+    it('should render approve button for admin on unapproved comment', () => {
+      props.user!.admin = true;
+      props.data.approved = false;
+      render(<CommentWithIntl {...props} />);
+      expect(screen.getByText('Approve')).toBeVisible();
+    });
+
+    it('should render disapprove button for admin on approved comment', () => {
+      props.user!.admin = true;
+      props.data.approved = true;
+      render(<CommentWithIntl {...props} />);
+      expect(screen.getByText('Disapprove')).toBeVisible();
+    });
+
+    it('should not render approve/disapprove button for non-admin users', () => {
+      props.user!.admin = false;
+      props.data.approved = false;
+      render(<CommentWithIntl {...props} />);
+      expect(screen.queryByText('Approve')).not.toBeInTheDocument();
+      expect(screen.queryByText('Disapprove')).not.toBeInTheDocument();
+    });
+
+    it('should not render approve/disapprove button when user is null', () => {
+      props.user = null;
+      props.data.approved = false;
+      render(<CommentWithIntl {...props} />);
+      expect(screen.queryByText('Approve')).not.toBeInTheDocument();
+      expect(screen.queryByText('Disapprove')).not.toBeInTheDocument();
+    });
+  });
 });
diff --git a/frontend/apps/remark42/app/components/comment/comment.tsx b/frontend/apps/remark42/app/components/comment/comment.tsx
index 8e8d552a6e..c821f2f68d 100644
--- a/frontend/apps/remark42/app/components/comment/comment.tsx
+++ b/frontend/apps/remark42/app/components/comment/comment.tsx
@@ -162,6 +162,18 @@ export class Comment extends Component<CommentProps, State> {
     }
   };
 
+  toggleApproval = () => {
+    const value = !this.props.data.approved;
+    const intl = this.props.intl;
+    const promptMessage = value
+      ? intl.formatMessage(messages.approveComment)
+      : intl.formatMessage(messages.disapproveComment);
+
+    if (window.confirm(promptMessage)) {
+      this.props.setApprovalState!(this.props.data.id, value);
+    }
+  };
+
   toggleVerify = () => {
     const value = !this.props.data.user.verified;
     const userId = this.props.data.user.id;
@@ -485,6 +497,7 @@ export class Comment extends Component<CommentProps, State> {
             <CommentActions
               admin={isAdmin}
               pinned={props.data.pin}
+              approved={props.data.approved}
               copied={state.isCopied}
               editing={isEditing}
               replying={isReplying}
@@ -497,6 +510,7 @@ export class Comment extends Component<CommentProps, State> {
               bannedUser={props.isUserBanned}
               onCopy={this.copyComment}
               onTogglePin={this.togglePin}
+              onToggleApproval={this.toggleApproval}
               onToggleEditing={this.toggleEditing}
               onDelete={this.deleteComment}
               onHideUser={this.hideUser}
@@ -579,6 +593,14 @@ const messages = defineMessages({
     id: 'comment.unpin-comment',
     defaultMessage: 'Do you want to unpin this comment?',
   },
+  approveComment: {
+    id: 'comment.approve-comment',
+    defaultMessage: 'Do you want to approve this comment?',
+  },
+  disapproveComment: {
+    id: 'comment.disapprove-comment',
+    defaultMessage: 'Do you want to disapprove this comment?',
+  },
   verifyUser: {
     id: 'comment.verify-user',
     defaultMessage: 'Do you want to verify {userName}?',
diff --git a/frontend/apps/remark42/app/components/comment/connected-comment.tsx b/frontend/apps/remark42/app/components/comment/connected-comment.tsx
index 80ea6d47f0..6c1b301d3a 100644
--- a/frontend/apps/remark42/app/components/comment/connected-comment.tsx
+++ b/frontend/apps/remark42/app/components/comment/connected-comment.tsx
@@ -8,7 +8,14 @@ import './styles';
 import { h, FunctionComponent } from 'preact';
 
 import { useAppSelector } from 'store';
-import { addComment, removeComment, updateComment, setPinState, setCommentMode } from 'store/comments/actions';
+import {
+  addComment,
+  removeComment,
+  updateComment,
+  setPinState,
+  setCommentMode,
+  setApprovalState,
+} from 'store/comments/actions';
 import { blockUser, unblockUser, hideUser, setVerifiedStatus } from 'store/user/actions';
 
 import { Comment, CommentProps } from './comment';
@@ -38,6 +45,7 @@ export const boundActions = bindActions({
   removeComment,
   setReplyEditState: setCommentMode,
   setPinState,
+  setApprovalState,
   blockUser,
   unblockUser,
   hideUser,
diff --git a/frontend/apps/remark42/app/store/comments/actions.test.ts b/frontend/apps/remark42/app/store/comments/actions.test.ts
index aa0f79a4e7..70c5be8d06 100644
--- a/frontend/apps/remark42/app/store/comments/actions.test.ts
+++ b/frontend/apps/remark42/app/store/comments/actions.test.ts
@@ -1,8 +1,9 @@
 import { mockStore } from '__stubs__/store';
 import { LS_SORT_KEY } from 'common/constants';
+import * as api from 'common/api';
 
-import { updateSorting } from './actions';
-import { COMMENTS_SET_SORT } from './types';
+import { updateSorting, setApprovalState } from './actions';
+import { COMMENTS_SET_SORT, COMMENTS_EDIT } from './types';
 
 describe('Store comments actions', () => {
   it('should save last sort to localstorage', async () => {
@@ -22,3 +23,76 @@ describe('Store comments actions', () => {
     expect(localStorage.setItem).toHaveBeenCalledWith(LS_SORT_KEY, newSort);
   });
 });
+
+describe('setApprovalState', () => {
+  const commentId = 'comment-123';
+  const mockComment = {
+    id: commentId,
+    text: 'test comment',
+    approved: false,
+    user: {
+      id: 'user-1',
+      name: 'Test User',
+    },
+  };
+
+  beforeEach(() => {
+    jest.clearAllMocks();
+  });
+
+  it('should call approveComment API when value is true', async () => {
+    const approveCommentSpy = jest.spyOn(api, 'approveComment').mockResolvedValue(undefined);
+    const store = mockStore({
+      comments: {
+        allComments: {
+          [commentId]: mockComment,
+        },
+      },
+      hiddenUsers: {},
+    });
+
+    await store.dispatch(setApprovalState(commentId, true));
+
+    expect(approveCommentSpy).toHaveBeenCalledWith(commentId);
+    const actions = store.getActions();
+    expect(actions[0].type).toBe(COMMENTS_EDIT);
+    expect(actions[0].comment.approved).toBe(true);
+  });
+
+  it('should call disapproveComment API when value is false', async () => {
+    const disapproveCommentSpy = jest.spyOn(api, 'disapproveComment').mockResolvedValue(undefined);
+    const store = mockStore({
+      comments: {
+        allComments: {
+          [commentId]: { ...mockComment, approved: true },
+        },
+      },
+      hiddenUsers: {},
+    });
+
+    await store.dispatch(setApprovalState(commentId, false));
+
+    expect(disapproveCommentSpy).toHaveBeenCalledWith(commentId);
+    const actions = store.getActions();
+    expect(actions[0].type).toBe(COMMENTS_EDIT);
+    expect(actions[0].comment.approved).toBe(false);
+  });
+
+  it('should update the comment edit time', async () => {
+    jest.spyOn(api, 'approveComment').mockResolvedValue(undefined);
+    const store = mockStore({
+      comments: {
+        allComments: {
+          [commentId]: mockComment,
+        },
+      },
+      hiddenUsers: {},
+    });
+
+    await store.dispatch(setApprovalState(commentId, true));
+
+    const actions = store.getActions();
+    expect(actions[0].comment.edit).toBeDefined();
+    expect(actions[0].comment.edit.time).toBeDefined();
+  });
+});
diff --git a/frontend/apps/remark42/app/store/comments/actions.ts b/frontend/apps/remark42/app/store/comments/actions.ts
index 0181667d65..696582d7c8 100644
--- a/frontend/apps/remark42/app/store/comments/actions.ts
+++ b/frontend/apps/remark42/app/store/comments/actions.ts
@@ -68,6 +68,20 @@ export const setPinState =
     dispatch(editComments(comment));
   };
 
+/** sets approval state for comment (moderation) */
+export const setApprovalState =
+  (id: Comment['id'], value: boolean): StoreAction<Promise<void>> =>
+  async (dispatch, getState) => {
+    if (value) {
+      await api.approveComment(id);
+    } else {
+      await api.disapproveComment(id);
+    }
+    let comment = getState().comments.allComments[id];
+    comment = { ...comment, approved: value, edit: { summary: '', time: new Date().toISOString() } };
+    dispatch(editComments(comment));
+  };
+
 /** edits comment in tree */
 export const removeComment =
   (id: Comment['id']): StoreAction<Promise<void>> =>
diff --git a/frontend/packages/api/clients/public.ts b/frontend/packages/api/clients/public.ts
index 005014129c..bd8318558c 100644
--- a/frontend/packages/api/clients/public.ts
+++ b/frontend/packages/api/clients/public.ts
@@ -58,6 +58,8 @@ export interface Comment {
 	delete?: boolean
 	/** page title */
 	title?: string
+	/** approved status for moderation */
+	approved?: boolean
 }
 
 export interface CommentsTree {
@@ -103,7 +105,7 @@ export function createPublicClient({ siteId: site, baseUrl }: ClientParams) {
 	async function getComments(url: string): Promise<CommentsTree>
 	async function getComments(params: GetUserCommentsParams): Promise<Comment[]>
 	async function getComments(
-		params: string | GetUserCommentsParams
+		params: string | GetUserCommentsParams,
 	): Promise<Comment[] | CommentsTree> {
 		if (typeof params === 'string') {
 			return fetcher.get('/comments', { url: params })

From 9c071e2837c2e6212708b3de9d18574ee588913e Mon Sep 17 00:00:00 2001
From: "Ayoub G." <git@ayghri.com>
Date: Sat, 6 Dec 2025 03:41:46 -0700
Subject: [PATCH 2/8] fixed comment action prop checks

---
 .../app/components/comment/comment-actions.spec.tsx        | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/frontend/apps/remark42/app/components/comment/comment-actions.spec.tsx b/frontend/apps/remark42/app/components/comment/comment-actions.spec.tsx
index 648dd85326..a9a03b06e6 100644
--- a/frontend/apps/remark42/app/components/comment/comment-actions.spec.tsx
+++ b/frontend/apps/remark42/app/components/comment/comment-actions.spec.tsx
@@ -7,6 +7,7 @@ import { fireEvent, screen, waitFor } from '@testing-library/preact';
 function getProps(): Props {
   return {
     pinned: false,
+    approved: false,
     admin: false,
     currentUser: false,
     copied: false,
@@ -18,6 +19,7 @@ function getProps(): Props {
     onDelete: jest.fn(),
     onToggleEditing: jest.fn(),
     onTogglePin: jest.fn(),
+    onToggleApproval: jest.fn(),
     onToggleReplying: jest.fn(),
     onHideUser: jest.fn(),
     onBlockUser: jest.fn(),
@@ -148,8 +150,9 @@ describe('<CommentActions/>', () => {
       expect(screen.getByTestId('comment-actions-additional').children[0]).toHaveTextContent('Hide');
       expect(screen.getByTestId('comment-actions-additional').children[1]).toHaveTextContent('Copy');
       expect(screen.getByTestId('comment-actions-additional').children[2]).toHaveTextContent('Pin');
-      expect(screen.getByTestId('comment-actions-additional').children[3]).toHaveTextContent('Block');
-      expect(screen.getByTestId('comment-actions-additional').children[4]).toHaveTextContent('Delete');
+      expect(screen.getByTestId('comment-actions-additional').children[3]).toHaveTextContent('Approve');
+      expect(screen.getByTestId('comment-actions-additional').children[4]).toHaveTextContent('Block');
+      expect(screen.getByTestId('comment-actions-additional').children[5]).toHaveTextContent('Delete');
     });
 
     it('calls `onToggleEditing` when edit button is pressed', () => {

From 876bd6f84ee5a09b35860f7344d8e292e797f809 Mon Sep 17 00:00:00 2001
From: "Ayoub G." <git@ayghri.com>
Date: Sat, 6 Dec 2025 04:06:10 -0700
Subject: [PATCH 3/8] moved to unnaproved so that migration defaults to false

---
 backend/app/store/comment.go                           |  4 ++--
 backend/app/store/comment_test.go                      |  4 ++--
 frontend/apps/remark42/app/common/types.ts             |  4 ++--
 .../app/components/comment/comment-actions.spec.tsx    |  5 +++--
 .../app/components/comment/comment-actions.tsx         |  6 +++---
 .../remark42/app/components/comment/comment.test.tsx   |  8 ++++----
 .../apps/remark42/app/components/comment/comment.tsx   |  5 +++--
 .../apps/remark42/app/store/comments/actions.test.ts   | 10 ++++++----
 frontend/apps/remark42/app/store/comments/actions.ts   |  3 ++-
 frontend/packages/api/clients/public.ts                |  4 ++--
 10 files changed, 29 insertions(+), 24 deletions(-)

diff --git a/backend/app/store/comment.go b/backend/app/store/comment.go
index 2167fbab24..1a20eac313 100644
--- a/backend/app/store/comment.go
+++ b/backend/app/store/comment.go
@@ -29,7 +29,7 @@ type Comment struct {
 	Deleted     bool                   `json:"delete,omitempty" bson:"delete"`
 	Imported    bool                   `json:"imported,omitempty" bson:"imported"`
 	PostTitle   string                 `json:"title,omitempty" bson:"title"`
-	Approved    bool                   `json:"approved,omitempty" bson:"approved"` // moderation status, true if approved by admin
+	Unapproved  bool                   `json:"unapproved,omitempty" bson:"unapproved"` // moderation status, true if pending admin approval
 }
 
 // Locator keeps site and url of the post
@@ -94,7 +94,7 @@ func (c *Comment) PrepareUntrusted() {
 	c.Pin = false
 	c.Deleted = false
 	c.Imported = false
-	c.Approved = false // new comments need approval when NeedApproval is enabled
+	c.Unapproved = false // reset moderation status, will be set by service if NeedApproval is enabled
 }
 
 // SetDeleted clears comment info, reset to deleted state. hard flag will clear all user info as well
diff --git a/backend/app/store/comment_test.go b/backend/app/store/comment_test.go
index 936498d7db..c700655e95 100644
--- a/backend/app/store/comment_test.go
+++ b/backend/app/store/comment_test.go
@@ -124,7 +124,7 @@ func TestComment_PrepareUntrusted(t *testing.T) {
 		Votes:       map[string]bool{"uu": true},
 		Controversy: 123,
 		Imported:    true,
-		Approved:    true, // should be reset to false
+		Unapproved:  true, // should be reset to false
 	}
 
 	comment.PrepareUntrusted()
@@ -140,7 +140,7 @@ func TestComment_PrepareUntrusted(t *testing.T) {
 	assert.Equal(t, User{ID: "username"}, comment.User)
 	assert.Equal(t, 0., comment.Controversy)
 	assert.Equal(t, false, comment.Imported)
-	assert.Equal(t, false, comment.Approved) // new comments need approval when NeedApproval is enabled
+	assert.Equal(t, false, comment.Unapproved) // PrepareUntrusted resets moderation status
 }
 
 func TestComment_SetDeleted(t *testing.T) {
diff --git a/frontend/apps/remark42/app/common/types.ts b/frontend/apps/remark42/app/common/types.ts
index 40fc050b6c..2374fcfb25 100644
--- a/frontend/apps/remark42/app/common/types.ts
+++ b/frontend/apps/remark42/app/common/types.ts
@@ -63,8 +63,8 @@ export interface Comment {
   delete?: boolean;
   /** post title */
   title?: string;
-  /** approved status for moderation, read only */
-  approved?: boolean;
+  /** unapproved status for moderation (pending approval), read only */
+  unapproved?: boolean;
   /**
    * @ClientOnly defines whether comments was hidden (deleted)
    *
diff --git a/frontend/apps/remark42/app/components/comment/comment-actions.spec.tsx b/frontend/apps/remark42/app/components/comment/comment-actions.spec.tsx
index a9a03b06e6..4227f082e4 100644
--- a/frontend/apps/remark42/app/components/comment/comment-actions.spec.tsx
+++ b/frontend/apps/remark42/app/components/comment/comment-actions.spec.tsx
@@ -7,7 +7,7 @@ import { fireEvent, screen, waitFor } from '@testing-library/preact';
 function getProps(): Props {
   return {
     pinned: false,
-    approved: false,
+    unapproved: false,
     admin: false,
     currentUser: false,
     copied: false,
@@ -150,7 +150,8 @@ describe('<CommentActions/>', () => {
       expect(screen.getByTestId('comment-actions-additional').children[0]).toHaveTextContent('Hide');
       expect(screen.getByTestId('comment-actions-additional').children[1]).toHaveTextContent('Copy');
       expect(screen.getByTestId('comment-actions-additional').children[2]).toHaveTextContent('Pin');
-      expect(screen.getByTestId('comment-actions-additional').children[3]).toHaveTextContent('Approve');
+      // unapproved=false (default) means comment is approved, so button shows "Disapprove"
+      expect(screen.getByTestId('comment-actions-additional').children[3]).toHaveTextContent('Disapprove');
       expect(screen.getByTestId('comment-actions-additional').children[4]).toHaveTextContent('Block');
       expect(screen.getByTestId('comment-actions-additional').children[5]).toHaveTextContent('Delete');
     });
diff --git a/frontend/apps/remark42/app/components/comment/comment-actions.tsx b/frontend/apps/remark42/app/components/comment/comment-actions.tsx
index 2f4dffc19c..fcf733bb80 100644
--- a/frontend/apps/remark42/app/components/comment/comment-actions.tsx
+++ b/frontend/apps/remark42/app/components/comment/comment-actions.tsx
@@ -14,7 +14,7 @@ export type Props = {
   admin: boolean | undefined;
   currentUser: boolean | undefined;
   pinned: boolean | undefined;
-  approved: boolean | undefined;
+  unapproved: boolean | undefined;
   copied: boolean | undefined;
   bannedUser: boolean | undefined;
   readOnly: boolean | undefined;
@@ -37,7 +37,7 @@ export type Props = {
 export function CommentActions({
   admin,
   pinned,
-  approved,
+  unapproved,
   copied,
   readOnly,
   editable,
@@ -104,7 +104,7 @@ export function CommentActions({
               {intl.formatMessage(pinned ? messages.unpin : messages.pin)}
             </Button>
             <Button kind="link" size="sm" onClick={onToggleApproval}>
-              {intl.formatMessage(approved ? messages.disapprove : messages.approve)}
+              {intl.formatMessage(unapproved ? messages.approve : messages.disapprove)}
             </Button>
             {bannedUser ? (
               <Button kind="link" size="sm" onClick={onUnblockUser}>
diff --git a/frontend/apps/remark42/app/components/comment/comment.test.tsx b/frontend/apps/remark42/app/components/comment/comment.test.tsx
index 2647b139bd..044d626f9a 100644
--- a/frontend/apps/remark42/app/components/comment/comment.test.tsx
+++ b/frontend/apps/remark42/app/components/comment/comment.test.tsx
@@ -259,21 +259,21 @@ describe('<Comment />', () => {
   describe('approval', () => {
     it('should render approve button for admin on unapproved comment', () => {
       props.user!.admin = true;
-      props.data.approved = false;
+      props.data.unapproved = true;
       render(<CommentWithIntl {...props} />);
       expect(screen.getByText('Approve')).toBeVisible();
     });
 
     it('should render disapprove button for admin on approved comment', () => {
       props.user!.admin = true;
-      props.data.approved = true;
+      props.data.unapproved = false;
       render(<CommentWithIntl {...props} />);
       expect(screen.getByText('Disapprove')).toBeVisible();
     });
 
     it('should not render approve/disapprove button for non-admin users', () => {
       props.user!.admin = false;
-      props.data.approved = false;
+      props.data.unapproved = true;
       render(<CommentWithIntl {...props} />);
       expect(screen.queryByText('Approve')).not.toBeInTheDocument();
       expect(screen.queryByText('Disapprove')).not.toBeInTheDocument();
@@ -281,7 +281,7 @@ describe('<Comment />', () => {
 
     it('should not render approve/disapprove button when user is null', () => {
       props.user = null;
-      props.data.approved = false;
+      props.data.unapproved = true;
       render(<CommentWithIntl {...props} />);
       expect(screen.queryByText('Approve')).not.toBeInTheDocument();
       expect(screen.queryByText('Disapprove')).not.toBeInTheDocument();
diff --git a/frontend/apps/remark42/app/components/comment/comment.tsx b/frontend/apps/remark42/app/components/comment/comment.tsx
index c821f2f68d..747b2927ba 100644
--- a/frontend/apps/remark42/app/components/comment/comment.tsx
+++ b/frontend/apps/remark42/app/components/comment/comment.tsx
@@ -163,7 +163,8 @@ export class Comment extends Component<CommentProps, State> {
   };
 
   toggleApproval = () => {
-    const value = !this.props.data.approved;
+    // If unapproved, we want to approve (value=true); if approved, we want to disapprove (value=false)
+    const value = this.props.data.unapproved === true;
     const intl = this.props.intl;
     const promptMessage = value
       ? intl.formatMessage(messages.approveComment)
@@ -497,7 +498,7 @@ export class Comment extends Component<CommentProps, State> {
             <CommentActions
               admin={isAdmin}
               pinned={props.data.pin}
-              approved={props.data.approved}
+              unapproved={props.data.unapproved}
               copied={state.isCopied}
               editing={isEditing}
               replying={isReplying}
diff --git a/frontend/apps/remark42/app/store/comments/actions.test.ts b/frontend/apps/remark42/app/store/comments/actions.test.ts
index 70c5be8d06..545a8e9c70 100644
--- a/frontend/apps/remark42/app/store/comments/actions.test.ts
+++ b/frontend/apps/remark42/app/store/comments/actions.test.ts
@@ -29,7 +29,7 @@ describe('setApprovalState', () => {
   const mockComment = {
     id: commentId,
     text: 'test comment',
-    approved: false,
+    unapproved: true,
     user: {
       id: 'user-1',
       name: 'Test User',
@@ -56,7 +56,8 @@ describe('setApprovalState', () => {
     expect(approveCommentSpy).toHaveBeenCalledWith(commentId);
     const actions = store.getActions();
     expect(actions[0].type).toBe(COMMENTS_EDIT);
-    expect(actions[0].comment.approved).toBe(true);
+    // value=true means approved, so unapproved should be false
+    expect(actions[0].comment.unapproved).toBe(false);
   });
 
   it('should call disapproveComment API when value is false', async () => {
@@ -64,7 +65,7 @@ describe('setApprovalState', () => {
     const store = mockStore({
       comments: {
         allComments: {
-          [commentId]: { ...mockComment, approved: true },
+          [commentId]: { ...mockComment, unapproved: false },
         },
       },
       hiddenUsers: {},
@@ -75,7 +76,8 @@ describe('setApprovalState', () => {
     expect(disapproveCommentSpy).toHaveBeenCalledWith(commentId);
     const actions = store.getActions();
     expect(actions[0].type).toBe(COMMENTS_EDIT);
-    expect(actions[0].comment.approved).toBe(false);
+    // value=false means disapproved, so unapproved should be true
+    expect(actions[0].comment.unapproved).toBe(true);
   });
 
   it('should update the comment edit time', async () => {
diff --git a/frontend/apps/remark42/app/store/comments/actions.ts b/frontend/apps/remark42/app/store/comments/actions.ts
index 696582d7c8..172dfb78eb 100644
--- a/frontend/apps/remark42/app/store/comments/actions.ts
+++ b/frontend/apps/remark42/app/store/comments/actions.ts
@@ -78,7 +78,8 @@ export const setApprovalState =
       await api.disapproveComment(id);
     }
     let comment = getState().comments.allComments[id];
-    comment = { ...comment, approved: value, edit: { summary: '', time: new Date().toISOString() } };
+    // value=true means approved, so unapproved=false; value=false means disapproved, so unapproved=true
+    comment = { ...comment, unapproved: !value, edit: { summary: '', time: new Date().toISOString() } };
     dispatch(editComments(comment));
   };
 
diff --git a/frontend/packages/api/clients/public.ts b/frontend/packages/api/clients/public.ts
index bd8318558c..c424d75df6 100644
--- a/frontend/packages/api/clients/public.ts
+++ b/frontend/packages/api/clients/public.ts
@@ -58,8 +58,8 @@ export interface Comment {
 	delete?: boolean
 	/** page title */
 	title?: string
-	/** approved status for moderation */
-	approved?: boolean
+	/** unapproved status for moderation (pending approval) */
+	unapproved?: boolean
 }
 
 export interface CommentsTree {

From b62526d7024cbd74693d63aa0872f6c5050a6cbd Mon Sep 17 00:00:00 2001
From: "Ayoub G." <git@ayghri.com>
Date: Sat, 6 Dec 2025 04:06:32 -0700
Subject: [PATCH 4/8] doing service and its tests

---
 backend/app/store/service/service.go      | 14 ++++++++-----
 backend/app/store/service/service_test.go | 24 ++++++++++++++---------
 2 files changed, 24 insertions(+), 14 deletions(-)

diff --git a/backend/app/store/service/service.go b/backend/app/store/service/service.go
index 0ba296b6f7..b2df79fd5b 100644
--- a/backend/app/store/service/service.go
+++ b/backend/app/store/service/service.go
@@ -142,7 +142,6 @@ func (s *DataStore) FindSince(locator store.Locator, sortMethod string, user sto
 	}
 
 	// filter unapproved comments for non-admin users when NeedApproval is enabled
-	// admins see all comments, users see approved comments + their own unapproved comments
 	if s.NeedApproval && !user.Admin {
 		comments = s.filterUnapproved(comments, user)
 	}
@@ -311,6 +310,10 @@ func (s *DataStore) prepareNewComment(comment store.Comment) (store.Comment, err
 	if comment.Votes == nil {
 		comment.Votes = make(map[string]bool)
 	}
+	// set unapproved if moderation is required
+	if s.NeedApproval {
+		comment.Unapproved = true
+	}
 	comment.Sanitize() // clear potentially dangerous js from all parts of comment
 
 	secret, err := s.getSecret(comment.Locator.SiteID)
@@ -339,12 +342,13 @@ func (s *DataStore) SetPin(locator store.Locator, commentID string, status bool)
 }
 
 // SetApproved approve/unapprove comment for moderation
-func (s *DataStore) SetApproved(locator store.Locator, commentID string, status bool) error {
+// When approved=true, we set Unapproved=false; when approved=false, we set Unapproved=true
+func (s *DataStore) SetApproved(locator store.Locator, commentID string, approved bool) error {
 	comment, err := s.Engine.Get(engine.GetRequest{Locator: locator, CommentID: commentID})
 	if err != nil {
 		return err
 	}
-	comment.Approved = status
+	comment.Unapproved = !approved
 	comment.Locator = locator
 	return s.Engine.Update(comment)
 }
@@ -1115,8 +1119,8 @@ func (s *DataStore) getSecret(siteID string) (secret string, err error) {
 func (s *DataStore) filterUnapproved(comments []store.Comment, user store.User) []store.Comment {
 	result := make([]store.Comment, 0, len(comments))
 	for _, c := range comments {
-		// show approved comments, or user's own unapproved comments
-		if c.Approved || c.User.ID == user.ID {
+		// show approved comments (Unapproved=false), or user's own unapproved comments
+		if !c.Unapproved || c.User.ID == user.ID {
 			result = append(result, c)
 		}
 	}
diff --git a/backend/app/store/service/service_test.go b/backend/app/store/service/service_test.go
index 8a5ec0688f..dc098eefe5 100644
--- a/backend/app/store/service/service_test.go
+++ b/backend/app/store/service/service_test.go
@@ -813,20 +813,23 @@ func TestService_Approved(t *testing.T) {
 	t.Logf("%+v", res[0])
 	assert.NoError(t, err)
 	require.Equal(t, 2, len(res))
-	assert.Equal(t, false, res[0].Approved)
+	// Existing comments have Unapproved=false (default), so they are approved
+	assert.Equal(t, false, res[0].Unapproved)
 
-	err = b.SetApproved(store.Locator{URL: "https://radio-t.com", SiteID: "radio-t"}, res[0].ID, true)
+	// Disapprove the comment (set Unapproved=true)
+	err = b.SetApproved(store.Locator{URL: "https://radio-t.com", SiteID: "radio-t"}, res[0].ID, false)
 	assert.NoError(t, err)
 
 	c, err := b.Engine.Get(getReq(store.Locator{URL: "https://radio-t.com", SiteID: "radio-t"}, res[0].ID))
 	assert.NoError(t, err)
-	assert.Equal(t, true, c.Approved)
+	assert.Equal(t, true, c.Unapproved)
 
-	err = b.SetApproved(store.Locator{URL: "https://radio-t.com", SiteID: "radio-t"}, res[0].ID, false)
+	// Approve the comment (set Unapproved=false)
+	err = b.SetApproved(store.Locator{URL: "https://radio-t.com", SiteID: "radio-t"}, res[0].ID, true)
 	assert.NoError(t, err)
 	c, err = b.Engine.Get(getReq(store.Locator{URL: "https://radio-t.com", SiteID: "radio-t"}, res[0].ID))
 	assert.NoError(t, err)
-	assert.Equal(t, false, c.Approved)
+	assert.Equal(t, false, c.Unapproved)
 }
 
 func TestService_FilterUnapproved(t *testing.T) {
@@ -841,9 +844,12 @@ func TestService_FilterUnapproved(t *testing.T) {
 	assert.NoError(t, err)
 	require.True(t, len(allComments) > 0)
 
-	// Approve only the first comment
-	err = b.SetApproved(locator, allComments[0].ID, true)
-	assert.NoError(t, err)
+	// Existing comments are approved by default (Unapproved=false)
+	// Disapprove all except the first comment
+	for i := 1; i < len(allComments); i++ {
+		err = b.SetApproved(locator, allComments[i].ID, false)
+		assert.NoError(t, err)
+	}
 
 	// Admin should see all comments
 	adminComments, err := b.Find(locator, "-time", adminUser)
@@ -855,7 +861,7 @@ func TestService_FilterUnapproved(t *testing.T) {
 	regularComments, err := b.Find(locator, "-time", regularUser)
 	assert.NoError(t, err)
 	assert.Equal(t, 1, len(regularComments))
-	assert.True(t, regularComments[0].Approved)
+	assert.False(t, regularComments[0].Unapproved)
 
 	// Comment author should see their own unapproved comments
 	commentAuthor := store.User{ID: allComments[1].User.ID}

From bb7fccf569f5711233206ed1fb23068cd9027630 Mon Sep 17 00:00:00 2001
From: "Ayoub G." <git@ayghri.com>
Date: Sat, 6 Dec 2025 04:19:25 -0700
Subject: [PATCH 5/8] only display Approval actions if NeedApproval is True

---
 backend/app/rest/api/rest.go                        |  2 ++
 frontend/apps/remark42/app/common/types.ts          |  1 +
 .../app/components/comment/comment-actions.spec.tsx |  2 ++
 .../app/components/comment/comment-actions.tsx      | 10 +++++++---
 .../app/components/comment/comment.test.tsx         | 13 +++++++++++++
 .../remark42/app/components/comment/comment.tsx     |  1 +
 6 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/backend/app/rest/api/rest.go b/backend/app/rest/api/rest.go
index 66f20ee6ed..9fa7b05086 100644
--- a/backend/app/rest/api/rest.go
+++ b/backend/app/rest/api/rest.go
@@ -443,6 +443,7 @@ func (s *Rest) configCtrl(w http.ResponseWriter, r *http.Request) {
 		SimpleView            bool     `json:"simple_view"`
 		SendJWTHeader         bool     `json:"send_jwt_header"`
 		SubscribersOnly       bool     `json:"subscribers_only"`
+		NeedApproval          bool     `json:"need_approval"`
 	}{
 		Version:               s.Version,
 		EditDuration:          int(s.DataService.EditDuration.Seconds()),
@@ -463,6 +464,7 @@ func (s *Rest) configCtrl(w http.ResponseWriter, r *http.Request) {
 		SimpleView:            s.SimpleView,
 		SendJWTHeader:         s.SendJWTHeader,
 		SubscribersOnly:       s.SubscribersOnly,
+		NeedApproval:          s.DataService.NeedApproval,
 	}
 
 	cnf.Auth = []string{}
diff --git a/frontend/apps/remark42/app/common/types.ts b/frontend/apps/remark42/app/common/types.ts
index 2374fcfb25..a8b56dfa74 100644
--- a/frontend/apps/remark42/app/common/types.ts
+++ b/frontend/apps/remark42/app/common/types.ts
@@ -124,6 +124,7 @@ export interface Config {
   email_notifications: boolean;
   telegram_notifications: boolean;
   emoji_enabled: boolean;
+  need_approval: boolean;
 }
 
 export type Sorting = '-time' | '+time' | '-active' | '+active' | '-score' | '+score' | '-controversy' | '+controversy';
diff --git a/frontend/apps/remark42/app/components/comment/comment-actions.spec.tsx b/frontend/apps/remark42/app/components/comment/comment-actions.spec.tsx
index 4227f082e4..8d5ae2f500 100644
--- a/frontend/apps/remark42/app/components/comment/comment-actions.spec.tsx
+++ b/frontend/apps/remark42/app/components/comment/comment-actions.spec.tsx
@@ -8,6 +8,7 @@ function getProps(): Props {
   return {
     pinned: false,
     unapproved: false,
+    needApproval: false,
     admin: false,
     currentUser: false,
     copied: false,
@@ -146,6 +147,7 @@ describe('<CommentActions/>', () => {
 
     it('should render admin actions in right order', () => {
       props.admin = true;
+      props.needApproval = true;
       render(<CommentActions {...props} />);
       expect(screen.getByTestId('comment-actions-additional').children[0]).toHaveTextContent('Hide');
       expect(screen.getByTestId('comment-actions-additional').children[1]).toHaveTextContent('Copy');
diff --git a/frontend/apps/remark42/app/components/comment/comment-actions.tsx b/frontend/apps/remark42/app/components/comment/comment-actions.tsx
index fcf733bb80..0ed7150272 100644
--- a/frontend/apps/remark42/app/components/comment/comment-actions.tsx
+++ b/frontend/apps/remark42/app/components/comment/comment-actions.tsx
@@ -15,6 +15,7 @@ export type Props = {
   currentUser: boolean | undefined;
   pinned: boolean | undefined;
   unapproved: boolean | undefined;
+  needApproval: boolean | undefined;
   copied: boolean | undefined;
   bannedUser: boolean | undefined;
   readOnly: boolean | undefined;
@@ -38,6 +39,7 @@ export function CommentActions({
   admin,
   pinned,
   unapproved,
+  needApproval,
   copied,
   readOnly,
   editable,
@@ -103,9 +105,11 @@ export function CommentActions({
             <Button kind="link" size="sm" onClick={onTogglePin}>
               {intl.formatMessage(pinned ? messages.unpin : messages.pin)}
             </Button>
-            <Button kind="link" size="sm" onClick={onToggleApproval}>
-              {intl.formatMessage(unapproved ? messages.approve : messages.disapprove)}
-            </Button>
+            {needApproval && (
+              <Button kind="link" size="sm" onClick={onToggleApproval}>
+                {intl.formatMessage(unapproved ? messages.approve : messages.disapprove)}
+              </Button>
+            )}
             {bannedUser ? (
               <Button kind="link" size="sm" onClick={onUnblockUser}>
                 {intl.formatMessage(messages.unblock)}
diff --git a/frontend/apps/remark42/app/components/comment/comment.test.tsx b/frontend/apps/remark42/app/components/comment/comment.test.tsx
index 044d626f9a..4df29e8582 100644
--- a/frontend/apps/remark42/app/components/comment/comment.test.tsx
+++ b/frontend/apps/remark42/app/components/comment/comment.test.tsx
@@ -258,6 +258,7 @@ describe('<Comment />', () => {
 
   describe('approval', () => {
     it('should render approve button for admin on unapproved comment', () => {
+      StaticStore.config.need_approval = true;
       props.user!.admin = true;
       props.data.unapproved = true;
       render(<CommentWithIntl {...props} />);
@@ -265,6 +266,7 @@ describe('<Comment />', () => {
     });
 
     it('should render disapprove button for admin on approved comment', () => {
+      StaticStore.config.need_approval = true;
       props.user!.admin = true;
       props.data.unapproved = false;
       render(<CommentWithIntl {...props} />);
@@ -272,6 +274,7 @@ describe('<Comment />', () => {
     });
 
     it('should not render approve/disapprove button for non-admin users', () => {
+      StaticStore.config.need_approval = true;
       props.user!.admin = false;
       props.data.unapproved = true;
       render(<CommentWithIntl {...props} />);
@@ -280,11 +283,21 @@ describe('<Comment />', () => {
     });
 
     it('should not render approve/disapprove button when user is null', () => {
+      StaticStore.config.need_approval = true;
       props.user = null;
       props.data.unapproved = true;
       render(<CommentWithIntl {...props} />);
       expect(screen.queryByText('Approve')).not.toBeInTheDocument();
       expect(screen.queryByText('Disapprove')).not.toBeInTheDocument();
     });
+
+    it('should not render approve/disapprove button when need_approval is false', () => {
+      StaticStore.config.need_approval = false;
+      props.user!.admin = true;
+      props.data.unapproved = true;
+      render(<CommentWithIntl {...props} />);
+      expect(screen.queryByText('Approve')).not.toBeInTheDocument();
+      expect(screen.queryByText('Disapprove')).not.toBeInTheDocument();
+    });
   });
 });
diff --git a/frontend/apps/remark42/app/components/comment/comment.tsx b/frontend/apps/remark42/app/components/comment/comment.tsx
index 747b2927ba..8a79d16e8c 100644
--- a/frontend/apps/remark42/app/components/comment/comment.tsx
+++ b/frontend/apps/remark42/app/components/comment/comment.tsx
@@ -499,6 +499,7 @@ export class Comment extends Component<CommentProps, State> {
               admin={isAdmin}
               pinned={props.data.pin}
               unapproved={props.data.unapproved}
+              needApproval={StaticStore.config.need_approval}
               copied={state.isCopied}
               editing={isEditing}
               replying={isReplying}

From cb3be60867d5f59aea3897550ed5e49b3b6604eb Mon Sep 17 00:00:00 2001
From: "Ayoub G." <git@ayghri.com>
Date: Sat, 6 Dec 2025 04:23:40 -0700
Subject: [PATCH 6/8] add NeedApproval to doc & fix static config stubs

---
 frontend/apps/remark42/app/__stubs__/static-config.ts | 1 +
 frontend/apps/remark42/app/common/static-store.ts     | 1 +
 site/src/docs/configuration/parameters/index.md       | 1 +
 3 files changed, 3 insertions(+)

diff --git a/frontend/apps/remark42/app/__stubs__/static-config.ts b/frontend/apps/remark42/app/__stubs__/static-config.ts
index 2145a4757f..92730d0a5d 100644
--- a/frontend/apps/remark42/app/__stubs__/static-config.ts
+++ b/frontend/apps/remark42/app/__stubs__/static-config.ts
@@ -18,5 +18,6 @@ beforeEach(() => {
     email_notifications: false,
     telegram_notifications: false,
     emoji_enabled: true,
+    need_approval: false,
   };
 });
diff --git a/frontend/apps/remark42/app/common/static-store.ts b/frontend/apps/remark42/app/common/static-store.ts
index bced7b79f2..e287450846 100644
--- a/frontend/apps/remark42/app/common/static-store.ts
+++ b/frontend/apps/remark42/app/common/static-store.ts
@@ -29,5 +29,6 @@ export const StaticStore: StaticStoreType = {
     email_notifications: false,
     telegram_notifications: false,
     emoji_enabled: false,
+    need_approval: false,
   },
 };
diff --git a/site/src/docs/configuration/parameters/index.md b/site/src/docs/configuration/parameters/index.md
index ac80a0682e..ada0febded 100644
--- a/site/src/docs/configuration/parameters/index.md
+++ b/site/src/docs/configuration/parameters/index.md
@@ -146,6 +146,7 @@ services:
 | positive-score                 | POSITIVE_SCORE                 | `false`                 | restricts comment's score to be only positive            |
 | restricted-words               | RESTRICTED_WORDS               |                         | words banned in comments (can use `*`), _multi_          |
 | restricted-names               | RESTRICTED_NAMES               |                         | names prohibited to use by the user, _multi_             |
+| need-approval                  | NEED_APPROVAL                  | `false`                 | enable comment moderation: new comments require admin approval before being visible to other users |
 | edit-time                      | EDIT_TIME                      | `5m`                    | edit window                                              |
 | admin-edit                     | ADMIN_EDIT                     | `false`                 | unlimited edit for admins                                |
 | read-age                       | READONLY_AGE                   |                         | read-only age of comments, days                          |

From cc4b88534a2061833c2c66ea8269ead2653f003f Mon Sep 17 00:00:00 2001
From: "Ayoub G." <git@ayghri.com>
Date: Sat, 6 Dec 2025 04:49:55 -0700
Subject: [PATCH 7/8] adding pending-comments widget

---
 backend/app/rest/api/admin.go                 | 14 ++++
 backend/app/rest/api/rest.go                  |  1 +
 backend/app/store/service/service.go          | 18 +++++
 backend/app/store/service/service_test.go     | 46 +++++++++++
 .../app/common/api.getPendingComments.ts      |  6 ++
 .../apps/remark42/app/pending-comments.tsx    | 81 +++++++++++++++++++
 frontend/apps/remark42/templates/demo.ejs     |  4 +
 .../remark42/templates/pending-comments.ejs   | 64 +++++++++++++++
 frontend/apps/remark42/webpack.config.js      |  9 +++
 site/src/docs/configuration/frontend/index.md | 29 ++++++-
 10 files changed, 271 insertions(+), 1 deletion(-)
 create mode 100644 frontend/apps/remark42/app/common/api.getPendingComments.ts
 create mode 100644 frontend/apps/remark42/app/pending-comments.tsx
 create mode 100644 frontend/apps/remark42/templates/pending-comments.ejs

diff --git a/backend/app/rest/api/admin.go b/backend/app/rest/api/admin.go
index 89334bb805..a8b929713a 100644
--- a/backend/app/rest/api/admin.go
+++ b/backend/app/rest/api/admin.go
@@ -40,6 +40,7 @@ type adminStore interface {
 	SetReadOnly(locator store.Locator, status bool) error
 	SetPin(locator store.Locator, commentID string, status bool) error
 	SetApproved(locator store.Locator, commentID string, status bool) error
+	Unapproved(siteID string, limit int) ([]store.Comment, error)
 }
 
 // DELETE /comment/{id}?site=siteID&url=post-url - removes comment
@@ -260,3 +261,16 @@ func (a *admin) setApprovedCtrl(w http.ResponseWriter, r *http.Request) {
 	a.cache.Flush(cache.Flusher(locator.SiteID).Scopes(locator.URL, lastCommentsScope))
 	R.RenderJSON(w, R.JSON{"id": commentID, "locator": locator, "approved": approvedStatus})
 }
+
+// GET /pending?site=siteID - get pending (unapproved) comments for admin review
+func (a *admin) pendingCommentsCtrl(w http.ResponseWriter, r *http.Request) {
+	siteID := r.URL.Query().Get("site")
+	log.Printf("[DEBUG] get pending comments for site %s", siteID)
+
+	comments, err := a.dataService.Unapproved(siteID, 100)
+	if err != nil {
+		rest.SendErrorJSON(w, r, http.StatusInternalServerError, err, "can't get pending comments", rest.ErrInternal)
+		return
+	}
+	R.RenderJSON(w, comments)
+}
diff --git a/backend/app/rest/api/rest.go b/backend/app/rest/api/rest.go
index 9fa7b05086..9461cf459f 100644
--- a/backend/app/rest/api/rest.go
+++ b/backend/app/rest/api/rest.go
@@ -311,6 +311,7 @@ func (s *Rest) routes() chi.Router {
 			radmin.Put("/verify/{userid}", s.adminRest.setVerifyCtrl)
 			radmin.Put("/pin/{id}", s.adminRest.setPinCtrl)
 			radmin.Put("/approve/{id}", s.adminRest.setApprovedCtrl)
+			radmin.Get("/pending", s.adminRest.pendingCommentsCtrl)
 			radmin.Get("/blocked", s.adminRest.blockedUsersCtrl)
 			radmin.Put("/readonly", s.adminRest.setReadOnlyCtrl)
 			radmin.Put("/title/{id}", s.adminRest.setTitleCtrl)
diff --git a/backend/app/store/service/service.go b/backend/app/store/service/service.go
index b2df79fd5b..a09ab3bff8 100644
--- a/backend/app/store/service/service.go
+++ b/backend/app/store/service/service.go
@@ -1007,6 +1007,24 @@ func (s *DataStore) Last(siteID string, limit int, since time.Time, user store.U
 	return comments, nil
 }
 
+// Unapproved gets unapproved comments for site, cross-post. Limited by count.
+// This is for admin use only to see pending comments.
+func (s *DataStore) Unapproved(siteID string, limit int) ([]store.Comment, error) {
+	req := engine.FindRequest{Locator: store.Locator{SiteID: siteID}, Limit: limit, Sort: "-time"}
+	comments, err := s.Engine.Find(req)
+	if err != nil {
+		return comments, err
+	}
+	// filter to only include unapproved comments
+	result := make([]store.Comment, 0)
+	for _, c := range comments {
+		if c.Unapproved && !c.Deleted {
+			result = append(result, c)
+		}
+	}
+	return result, nil
+}
+
 // Close store service
 func (s *DataStore) Close() error {
 	errs := new(multierror.Error)
diff --git a/backend/app/store/service/service_test.go b/backend/app/store/service/service_test.go
index dc098eefe5..17dc98ab1d 100644
--- a/backend/app/store/service/service_test.go
+++ b/backend/app/store/service/service_test.go
@@ -871,6 +871,52 @@ func TestService_FilterUnapproved(t *testing.T) {
 	assert.True(t, len(authorComments) >= 1)
 }
 
+func TestService_Unapproved(t *testing.T) {
+	eng, teardown := prepStoreEngine(t)
+	defer teardown()
+	b := DataStore{Engine: eng, AdminStore: admin.NewStaticKeyStore("secret 123"), NeedApproval: true}
+	defer b.Close()
+
+	locator := store.Locator{SiteID: "radio-t", URL: "https://radio-t.com/unapproved-test"}
+
+	// Create several comments - they will be marked as unapproved because NeedApproval is true
+	c1ID, err := b.Create(store.Comment{Text: "comment 1", Locator: locator, User: store.User{ID: "user1", Name: "user1"}})
+	require.NoError(t, err)
+
+	c2ID, err := b.Create(store.Comment{Text: "comment 2", Locator: locator, User: store.User{ID: "user2", Name: "user2"}})
+	require.NoError(t, err)
+
+	// Verify comments are unapproved
+	adminUser := store.User{Admin: true}
+	allComments, err := b.Find(locator, "-time", adminUser)
+	require.NoError(t, err)
+	require.Equal(t, 2, len(allComments))
+	assert.True(t, allComments[0].Unapproved)
+	assert.True(t, allComments[1].Unapproved)
+
+	// Approve one comment
+	err = b.SetApproved(locator, c1ID, true)
+	require.NoError(t, err)
+
+	// Get unapproved comments - includes all unapproved from site
+	unapproved, err := b.Unapproved("radio-t", 100)
+	require.NoError(t, err)
+	// Find our unapproved comment
+	found := false
+	for _, c := range unapproved {
+		if c.ID == c2ID {
+			found = true
+			break
+		}
+	}
+	assert.True(t, found, "should find our unapproved comment")
+
+	// Verify approved comment is not in the list
+	for _, c := range unapproved {
+		assert.NotEqual(t, c1ID, c.ID, "approved comment should not be in unapproved list")
+	}
+}
+
 func TestService_EditComment(t *testing.T) {
 	eng, teardown := prepStoreEngine(t)
 	defer teardown()
diff --git a/frontend/apps/remark42/app/common/api.getPendingComments.ts b/frontend/apps/remark42/app/common/api.getPendingComments.ts
new file mode 100644
index 0000000000..a5de0fac53
--- /dev/null
+++ b/frontend/apps/remark42/app/common/api.getPendingComments.ts
@@ -0,0 +1,6 @@
+import { Comment } from './types';
+import { apiFetcher } from './fetcher';
+
+export function getPendingComments(siteId: string): Promise<Comment[]> {
+  return apiFetcher.get('/admin/pending', { site: siteId });
+}
diff --git a/frontend/apps/remark42/app/pending-comments.tsx b/frontend/apps/remark42/app/pending-comments.tsx
new file mode 100644
index 0000000000..08ee7dd35f
--- /dev/null
+++ b/frontend/apps/remark42/app/pending-comments.tsx
@@ -0,0 +1,81 @@
+import { h, render } from 'preact';
+import { IntlProvider } from 'react-intl';
+
+import { getPendingComments } from 'common/api.getPendingComments';
+import { BASE_URL } from 'common/constants.config';
+import { loadLocale } from 'utils/loadLocale';
+import { getLocale } from 'utils/getLocale';
+import { ListComments } from 'components/list-comments';
+
+const PENDING_COMMENTS_NODE_CLASSNAME = 'remark42__pending-comments';
+
+if (document.readyState === 'loading') {
+  document.addEventListener('DOMContentLoaded', init);
+} else {
+  init();
+}
+
+async function init(): Promise<void> {
+  __webpack_public_path__ = `${BASE_URL}/web/`;
+
+  const nodes = document.getElementsByClassName(PENDING_COMMENTS_NODE_CLASSNAME);
+
+  if (!nodes) {
+    throw new Error("Remark42: Can't find pending comments nodes.");
+  }
+
+  if (!window.remark_config) {
+    throw new Error('Remark42: Config object is undefined');
+  }
+
+  const { site_id } = window.remark_config;
+
+  if (!site_id) {
+    throw new Error('Remark42: Site ID is undefined.');
+  }
+
+  if (process.env.NODE_ENV === 'production') {
+    const styles = document.createElement('link');
+    styles.href = `${BASE_URL}/web/pending-comments.css`;
+    styles.rel = 'stylesheet';
+    (document.head || document.body).appendChild(styles);
+  }
+
+  (Array.from(nodes) as HTMLElement[]).forEach((node) => {
+    const locale = getLocale(window.remark_config);
+
+    Promise.all([getPendingComments(site_id), loadLocale(locale)])
+      .then(([comments, messages]) => {
+        try {
+          render(
+            <IntlProvider locale={locale} messages={messages}>
+              <div className="pending-comments">
+                <h3 className="pending-comments__title">Pending Comments ({comments.length})</h3>
+                {comments.length === 0 ? (
+                  <p className="pending-comments__empty">No pending comments to review.</p>
+                ) : (
+                  <ListComments comments={comments} />
+                )}
+              </div>
+            </IntlProvider>,
+            node
+          );
+        } catch (e) {
+          console.error('Remark42: Something went wrong with pending comments rendering');
+          console.error(e);
+        }
+      })
+      .catch((e) => {
+        console.error('Remark42: Failed to load pending comments. Make sure you are logged in as admin.');
+        console.error(e);
+        render(
+          <div className="pending-comments">
+            <p className="pending-comments__error">
+              Failed to load pending comments. Please ensure you are logged in as an admin.
+            </p>
+          </div>,
+          node
+        );
+      });
+  });
+}
diff --git a/frontend/apps/remark42/templates/demo.ejs b/frontend/apps/remark42/templates/demo.ejs
index 09d43709ad..d327a2bcea 100644
--- a/frontend/apps/remark42/templates/demo.ejs
+++ b/frontend/apps/remark42/templates/demo.ejs
@@ -75,6 +75,10 @@
           <a class="widget__link" href="/web/last-comments.html">Last comments widget page</a><br />
           <iframe class="widget__frame widget__comments-frame" src="/web/last-comments.html" frameborder="0"></iframe>
         </div>
+        <div class="widget widgets__widget widgets__comments-widget">
+          <a class="widget__link" href="/web/pending-comments.html">Pending comments widget page (Admin only)</a><br />
+          <iframe class="widget__frame widget__comments-frame" src="/web/pending-comments.html" frameborder="0"></iframe>
+        </div>
         <div class="widget widgets__widget widgets__counter-widget">
           <a class="widget__link" href="/web/counter.html">Counter widget page</a><br />
           <div class="widget__frame widget__counter-frame">Comments count: <span class="remark42__counter"></span></div>
diff --git a/frontend/apps/remark42/templates/pending-comments.ejs b/frontend/apps/remark42/templates/pending-comments.ejs
new file mode 100644
index 0000000000..28c6888c13
--- /dev/null
+++ b/frontend/apps/remark42/templates/pending-comments.ejs
@@ -0,0 +1,64 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <meta name="viewport" content="width=device-width,initial-scale=1" />
+    <title>Pending comments (Admin)</title>
+    <style>
+      body {
+        padding: 0;
+        margin: 0;
+      }
+
+      .container {
+        max-width: 600px;
+        margin: 40px;
+      }
+
+      .pending-comments__title {
+        margin-bottom: 20px;
+        font-family: system-ui, -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+      }
+
+      .pending-comments__empty,
+      .pending-comments__error {
+        font-family: system-ui, -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+        color: #666;
+      }
+
+      .pending-comments__error {
+        color: #c00;
+      }
+    </style>
+    <% if (htmlWebpackPlugin.options.env === 'production') { %>
+    <link rel="stylesheet" href="pending-comments.css" />
+    <% } %>
+  </head>
+  <body>
+    <div class="container">
+      <div class="remark42__pending-comments"></div>
+    </div>
+    <script>
+      var remark_config = {
+        site_id: 'remark',
+        host: '<%= htmlWebpackPlugin.options.REMARK_URL %>',
+        components: ['pending-comments'],
+      };
+
+      (function (c, d) {
+        var r = d.head || d.body;
+        for (var i = 0; i < c.length; i++) {
+          var s = d.createElement('script');
+          var m = 'noModule' in s;
+          var e = m ? '.mjs' : '.js';
+          m && (s.type = 'module');
+          s.async = true;
+          s.defer = true;
+          s.src = remark_config.host + '/web/' + c[i] + e;
+          r.appendChild(s);
+        }
+      })(remark_config.components || ['embed'], document);
+    </script>
+    <noscript> Please enable JavaScript to view the comments powered by Remark. </noscript>
+  </body>
+</html>
diff --git a/frontend/apps/remark42/webpack.config.js b/frontend/apps/remark42/webpack.config.js
index 482250a311..7dc7e6e8dd 100644
--- a/frontend/apps/remark42/webpack.config.js
+++ b/frontend/apps/remark42/webpack.config.js
@@ -87,6 +87,7 @@ module.exports = (_, { mode, analyze }) => {
     counter: './app/counter.ts',
     deleteme: './app/deleteme.ts',
     'last-comments': [...preactDebug, CUSTOM_PROPERTIES_PATH, './app/last-comments.tsx'],
+    'pending-comments': [...preactDebug, CUSTOM_PROPERTIES_PATH, './app/pending-comments.tsx'],
     remark: [...preactDebug, CUSTOM_PROPERTIES_PATH, './app/remark.tsx'],
   };
 
@@ -333,6 +334,14 @@ module.exports = (_, { mode, analyze }) => {
         REMARK_URL,
         minify: htmlMinifyOptions,
       }),
+      new HtmlWebpackPlugin({
+        template: path.resolve(__dirname, 'templates/pending-comments.ejs'),
+        filename: 'pending-comments.html',
+        inject: false,
+        env: mode,
+        REMARK_URL,
+        minify: htmlMinifyOptions,
+      }),
       new HtmlWebpackPlugin({
         template: path.resolve(__dirname, 'templates/deleteme.ejs'),
         filename: 'deleteme.html',
diff --git a/site/src/docs/configuration/frontend/index.md b/site/src/docs/configuration/frontend/index.md
index 7720ee3785..8f9a238956 100644
--- a/site/src/docs/configuration/frontend/index.md
+++ b/site/src/docs/configuration/frontend/index.md
@@ -8,11 +8,12 @@ title: Frontend Configuration
 - **`site_id`**`: string` (optional, `remark` by default) – the `SITE` that you passed to Remark42 instance on start of backend.
 - **`url`**`: string` (optional, `window.location.origin + window.location.pathname` by default) – url to the page with comments, it is used as unique identificator for comments thread
   Note that if you use query parameters as significant part of URL (the one that actually changes content on page) you will have to configure URL manually to keep query params, as `window.location.origin + window.location.pathname` doesn't contain query params and hash. For example, default URL for `https://example/com/example-post?id=1#hash` would be `https://example/com/example-post`
-- **`components`**`: ['embed' | 'last-comments' | 'counter']` (optional, `['embed']` by default) – an array of widgets that should be rendered on a page. You may use more than one widget on a page.
+- **`components`**`: ['embed' | 'last-comments' | 'counter' | 'pending-comments']` (optional, `['embed']` by default) – an array of widgets that should be rendered on a page. You may use more than one widget on a page.
   Available components are:
   - `'embed'` – basic comments widget
   - `'last-comments'` – last comments widget, see [Last Comments](#last-comments-widget) section below
   - `'counter'` – counter widget, see [Counter](#counter-widget) section below
+  - `'pending-comments'` – pending comments widget for admins, see [Pending Comments](#pending-comments-widget) section below
 - **`max_shown_comments`**`: number` (optional, `15` by default) – maximum number of comments that is rendered on mobile version
 - **`max_last_comments`**`: number` (optional, `15` by default) – maximum number of comments in the last comments widget
 - **`theme`**`: 'light' | 'dark'` (optional, `'light'` by default) – changes UI theme
@@ -112,6 +113,32 @@ And then add this node in the place where you want to see last comments widget:
 
 `data-max` sets the max amount of comments (default: `15`).
 
+### Pending comments widget
+
+This widget is for administrators only. It shows comments that are waiting for approval when the `NEED_APPROVAL` setting is enabled. Regular users cannot access this widget.
+
+Add this snippet to the bottom of web page, or adjust already present `remark_config` to have `pending-comments` in `components` list:
+
+```html
+<script>
+	var remark_config = {
+		host: "REMARK_URL",
+		site_id: "YOUR_SITE_ID",
+		components: ["pending-comments"],
+	}
+</script>
+```
+
+::: note 💡
+**Note:** You must be logged in as an admin to see the pending comments. Make sure `NEED_APPROVAL=true` is set in your backend configuration.
+:::
+
+And then add this node in the place where you want to see the pending comments widget:
+
+```html
+<div class="remark42__pending-comments"></div>
+```
+
 ### Counter widget
 
 It's a widget that renders several comments for the specified page.

From 39c5e542a3fbb232d06599ea55d18cdedeeeabef Mon Sep 17 00:00:00 2001
From: "Ayoub G." <git@ayghri.com>
Date: Sat, 6 Dec 2025 04:52:33 -0700
Subject: [PATCH 8/8] pending comment widget style

---
 .../apps/remark42/templates/pending-comments.ejs  | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/frontend/apps/remark42/templates/pending-comments.ejs b/frontend/apps/remark42/templates/pending-comments.ejs
index 28c6888c13..d495c2007c 100644
--- a/frontend/apps/remark42/templates/pending-comments.ejs
+++ b/frontend/apps/remark42/templates/pending-comments.ejs
@@ -14,21 +14,6 @@
         max-width: 600px;
         margin: 40px;
       }
-
-      .pending-comments__title {
-        margin-bottom: 20px;
-        font-family: system-ui, -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
-      }
-
-      .pending-comments__empty,
-      .pending-comments__error {
-        font-family: system-ui, -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
-        color: #666;
-      }
-
-      .pending-comments__error {
-        color: #c00;
-      }
     </style>
     <% if (htmlWebpackPlugin.options.env === 'production') { %>
     <link rel="stylesheet" href="pending-comments.css" />