release: v1.1.1

Related to https://gitlab.com/commento/commento-ce/issues/79

.gitlab-ci.yml

@@ -4,13 +4,15 @@ stages:
   - go-test
   - build-src
   - build-docker
-  - docker-registry
+  - docker-registry-master
+  - docker-registry-tags
 
 check-dco:
   stage: check-dco
   image: debian:buster
   except:
     - master
+    - tags
   script:
     - apt update
     - apt install -y curl git jq
@@ -23,6 +25,7 @@ build-src:
     GOPATH: $CI_PROJECT_DIR
   except:
     - master
+    - tags
   script:
     - apt update
     - apt install -y curl gnupg git make golang
@@ -41,6 +44,7 @@ build-docker:
     - docker:dind
   except:
     - master
+    - tags
   script:
     - docker build -t commento-ce .
 
@@ -57,6 +61,7 @@ go-test:
     GOPATH: $CI_PROJECT_DIR
   except:
     - master
+    - tags
   script:
     - mkdir -p src/gitlab.com/commento && cd src/gitlab.com/commento && ln -s $CI_PROJECT_DIR && cd $CI_PROJECT_NAME
     - make test
@@ -66,12 +71,13 @@ go-fmt:
   image: golang:1.10.2
   except:
     - master
+    - tags
   script:
     - cd api
     - test -z $(go fmt)
 
-docker-registry:
-  stage: docker-registry
+docker-registry-master:
+  stage: docker-registry-master
   image: docker:stable
   services:
     - docker:dind
@@ -83,3 +89,16 @@ docker-registry:
     - docker pull registry.gitlab.com/commento/commento-ce:latest || true
     - docker build --cache-from registry.gitlab.com/commento/commento-ce:latest --tag registry.gitlab.com/commento/commento-ce:latest .
     - docker push registry.gitlab.com/commento/commento-ce:latest
+
+docker-registry-tags:
+  stage: docker-registry-tags
+  image: docker:stable
+  services:
+    - docker:dind
+  only:
+    - tags
+  before_script:
+    - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN registry.gitlab.com
+  script:
+    - docker build --tag registry.gitlab.com/commento/commento-ce:$(git describe --tags) .
+    - docker push registry.gitlab.com/commento/commento-ce:$(git describe --tags)

api/Makefile

@@ -25,15 +25,15 @@ clean:
 # later down the line).
 
 devel-go:
-	go get .
+	go get -v .
 	go build -i -v -o $(GO_DEVEL_BUILD_BINARY)
 
 prod-go:
-	go get .
+	go get -v .
 	go build -i -v -o $(GO_PROD_BUILD_BINARY)
 
 test-go:
-	go get .
+	go get -v .
 	go test -v .
 
 $(shell mkdir -p $(GO_DEVEL_BUILD_DIR) $(GO_PROD_BUILD_DIR))

api/comment_count.go

@@ -0,0 +1,43 @@
+package main
+
+import (
+	"net/http"
+)
+
+func commentCount(domain string, path string) (int, error) {
+	// path can be empty
+	if domain == "" {
+		return 0, errorMissingField
+	}
+
+	p, err := pageGet(domain, path)
+	if err != nil {
+		return 0, errorInternal
+	}
+
+	return p.CommentCount, nil
+}
+
+func commentCountHandler(w http.ResponseWriter, r *http.Request) {
+	type request struct {
+		Domain *string `json:"domain"`
+		Path   *string `json:"path"`
+	}
+
+	var x request
+	if err := bodyUnmarshal(r, &x); err != nil {
+		bodyMarshal(w, response{"success": false, "message": err.Error()})
+		return
+	}
+
+	domain := domainStrip(*x.Domain)
+	path := *x.Path
+
+	count, err := commentCount(domain, path)
+	if err != nil {
+		bodyMarshal(w, response{"success": false, "message": err.Error()})
+		return
+	}
+
+	bodyMarshal(w, response{"success": true, "count": count})
+}

api/comment_count_test.go

@@ -0,0 +1,54 @@
+package main
+
+import (
+	"testing"
+	"time"
+)
+
+func TestCommentCountBasics(t *testing.T) {
+	failTestOnError(t, setupTestEnv())
+
+	commenterHex, _ := commenterNew("test@example.com", "Test", "undefined", "http://example.com/photo.jpg", "google", "")
+
+	commentNew(commenterHex, "example.com", "/path.html", "root", "**foo**", "approved", time.Now().UTC())
+	commentNew(commenterHex, "example.com", "/path.html", "root", "**bar**", "approved", time.Now().UTC())
+	commentNew(commenterHex, "example.com", "/path.html", "root", "**baz**", "unapproved", time.Now().UTC())
+
+	count, err := commentCount("example.com", "/path.html")
+	if err != nil {
+		t.Errorf("unexpected error counting comments: %v", err)
+		return
+	}
+
+	if count != 2 {
+		t.Errorf("expected count=2 got count=%d", count)
+		return
+	}
+}
+
+func TestCommentCountNewPage(t *testing.T) {
+	failTestOnError(t, setupTestEnv())
+
+	count, err := commentCount("example.com", "/path.html")
+	if err != nil {
+		t.Errorf("unexpected error counting comments: %v", err)
+		return
+	}
+
+	if count != 0 {
+		t.Errorf("expected count=0 got count=%d", count)
+		return
+	}
+}
+
+func TestCommentCountEmpty(t *testing.T) {
+	if _, err := commentCount("example.com", ""); err != nil {
+		t.Errorf("unexpected error counting comments on empty path: %v", err)
+		return
+	}
+
+	if _, err := commentCount("", ""); err == nil {
+		t.Errorf("expected error not found counting comments with empty everything")
+		return
+	}
+}

api/comment_list.go

@@ -6,7 +6,8 @@ import (
 )
 
 func commentList(commenterHex string, domain string, path string, includeUnapproved bool) ([]comment, map[string]commenter, error) {
-	if commenterHex == "" || domain == "" || path == "" {
+	// path can be empty
+	if commenterHex == "" || domain == "" {
 		return nil, nil, errorMissingField
 	}
 
@@ -111,6 +112,12 @@ func commentListHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	p, err := pageGet(domain, path)
+	if err != nil {
+		bodyMarshal(w, response{"success": false, "message": err.Error()})
+		return
+	}
+
 	commenterHex := "anonymous"
 	isModerator := false
 	if *x.CommenterToken != "anonymous" {
@@ -151,6 +158,7 @@ func commentListHandler(w http.ResponseWriter, r *http.Request) {
 		"requireIdentification": d.RequireIdentification,
 		"isFrozen":              d.State == "frozen",
 		"isModerator":           isModerator,
+		"attributes":            p,
 		"configuredOauths":      configuredOauths,
 	})
 }

api/comment_new.go

@@ -13,6 +13,16 @@ func commentNew(commenterHex string, domain string, path string, parentHex strin
 		return "", errorMissingField
 	}
 
+	p, err := pageGet(domain, path)
+	if err != nil {
+		logger.Errorf("cannot get page attributes: %v", err)
+		return "", errorInternal
+	}
+
+	if p.IsLocked {
+		return "", errorThreadLocked
+	}
+
 	commentHex, err := randomHex(32)
 	if err != nil {
 		return "", err
@@ -31,6 +41,10 @@ func commentNew(commenterHex string, domain string, path string, parentHex strin
 		return "", errorInternal
 	}
 
+	if err = pageNew(domain, path); err != nil {
+		return "", err
+	}
+
 	return commentHex, nil
 }
 

api/comment_new_test.go

@@ -56,3 +56,18 @@ func TestCommentNewUpvoted(t *testing.T) {
 		return
 	}
 }
+
+func TestCommentNewThreadLocked(t *testing.T) {
+	failTestOnError(t, setupTestEnv())
+
+	pageNew("example.com", "/path.html")
+	p, _ := pageGet("example.com", "/path.html")
+	p.IsLocked = true
+	pageUpdate(p)
+
+	_, err := commentNew("temp-commenter-hex", "example.com", "/path.html", "root", "**foo**", "approved", time.Now().UTC())
+	if err == nil {
+		t.Errorf("expected error not found creating a new comment on a locked thread")
+		return
+	}
+}

api/constants.go

@@ -1,4 +1,4 @@
 package main
 
 var edition = "ce"
-var version = "v1.0.0"
+var version = "v1.1.1"

api/errors.go

@@ -41,3 +41,4 @@ var errorSelfVote = errors.New("You cannot vote on your own comment.")
 var errorInvalidConfigFile = errors.New("Invalid config file.")
 var errorInvalidConfigValue = errors.New("Invalid config value.")
 var errorNewOwnerForbidden = errors.New("New user registrations are forbidden and closed.")
+var errorThreadLocked = errors.New("This thread is locked. You cannot add new comments.")

api/page.go

@@ -0,0 +1,10 @@
+package main
+
+import ()
+
+type page struct {
+	Domain       string `json:"domain"`
+	Path         string `json:"path"`
+	IsLocked     bool   `json:"isLocked"`
+	CommentCount int    `json:"commentCount"`
+}

api/page_get.go

@@ -0,0 +1,35 @@
+package main
+
+import (
+	"database/sql"
+)
+
+func pageGet(domain string, path string) (page, error) {
+	// path can be empty
+	if domain == "" {
+		return page{}, errorMissingField
+	}
+
+	statement := `
+		SELECT isLocked, commentCount
+		FROM pages
+		WHERE domain=$1 AND path=$2;
+	`
+	row := db.QueryRow(statement, domain, path)
+
+	p := page{Domain: domain, Path: path}
+	if err := row.Scan(&p.IsLocked, &p.CommentCount); err != nil {
+		if err == sql.ErrNoRows {
+			// If there haven't been any comments, there won't be a record for this
+			// page. The sane thing to do is return defaults.
+			// TODO: the defaults are hard-coded in two places: here and the schema
+			p.IsLocked = false
+			p.CommentCount = 0
+		} else {
+			logger.Errorf("error scanning page: %v", err)
+			return page{}, errorInternal
+		}
+	}
+
+	return p, nil
+}

api/page_get_test.go

@@ -0,0 +1,43 @@
+package main
+
+import (
+	"testing"
+)
+
+func TestPageGetBasics(t *testing.T) {
+	failTestOnError(t, setupTestEnv())
+
+	pageNew("example.com", "/path.html")
+
+	p, err := pageGet("example.com", "/path.html")
+	if err != nil {
+		t.Errorf("unexpected error getting page: %v", err)
+		return
+	}
+
+	if p.IsLocked != false {
+		t.Errorf("expected p.IsLocked=false got %v", p.IsLocked)
+		return
+	}
+
+	if _, err := pageGet("example.com", "/path2.html"); err != nil {
+		t.Errorf("unexpected error getting page with non-existant record: %v", err)
+		return
+	}
+}
+
+func TestPageGetEmpty(t *testing.T) {
+	failTestOnError(t, setupTestEnv())
+
+	pageNew("example.com", "")
+
+	if _, err := pageGet("example.com", ""); err != nil {
+		t.Errorf("unexpected error getting page with empty path: %v", err)
+		return
+	}
+
+	if _, err := pageGet("", "/path.html"); err == nil {
+		t.Errorf("exepected error not found when getting page with empty domain")
+		return
+	}
+}

api/page_new.go

@@ -0,0 +1,24 @@
+package main
+
+import ()
+
+func pageNew(domain string, path string) error {
+	// path can be empty
+	if domain == "" {
+		return errorMissingField
+	}
+
+	statement := `
+		INSERT INTO
+		pages  (domain, path)
+		VALUES ($1,     $2  )
+		ON CONFLICT DO NOTHING;
+	`
+	_, err := db.Exec(statement, domain, path)
+	if err != nil {
+		logger.Errorf("error inserting new page: %v", err)
+		return errorInternal
+	}
+
+	return nil
+}

api/page_new_test.go

@@ -0,0 +1,43 @@
+package main
+
+import (
+	"testing"
+)
+
+func TestPageNewBasics(t *testing.T) {
+	failTestOnError(t, setupTestEnv())
+
+	if err := pageNew("example.com", "/path.html"); err != nil {
+		t.Errorf("unexpected error creating page: %v", err)
+		return
+	}
+}
+
+func TestPageNewEmpty(t *testing.T) {
+	failTestOnError(t, setupTestEnv())
+
+	if err := pageNew("example.com", ""); err != nil {
+		t.Errorf("unexpected error creating page with empty path: %v", err)
+		return
+	}
+
+	if err := pageNew("", "/path.html"); err == nil {
+		t.Errorf("expected error not found creating page with empty domain")
+		return
+	}
+}
+
+func TestPageNewUnique(t *testing.T) {
+	failTestOnError(t, setupTestEnv())
+
+	if err := pageNew("example.com", "/path.html"); err != nil {
+		t.Errorf("unexpected error creating page: %v", err)
+		return
+	}
+
+	// no error should be returned when trying to duplicate insert
+	if err := pageNew("example.com", "/path.html"); err != nil {
+		t.Errorf("unexpected error creating same page twice: %v", err)
+		return
+	}
+}

api/page_update.go

@@ -0,0 +1,72 @@
+package main
+
+import (
+	"net/http"
+)
+
+func pageUpdate(p page) error {
+	if p.Domain == "" {
+		return errorMissingField
+	}
+
+	// fields to not update:
+	//   commentCount
+	statement := `
+		INSERT INTO
+		pages  (domain, path, isLocked)
+		VALUES ($1,     $2,   $3    )
+		ON CONFLICT (domain, path) DO
+			UPDATE SET isLocked = $3;
+	`
+	_, err := db.Exec(statement, p.Domain, p.Path, p.IsLocked)
+	if err != nil {
+		logger.Errorf("error setting page attributes: %v", err)
+		return errorInternal
+	}
+
+	return nil
+}
+
+func pageUpdateHandler(w http.ResponseWriter, r *http.Request) {
+	type request struct {
+		CommenterToken *string `json:"commenterToken"`
+		Domain         *string `json:"domain"`
+		Path           *string `json:"path"`
+		Attributes     *page   `json:"attributes"`
+	}
+
+	var x request
+	if err := bodyUnmarshal(r, &x); err != nil {
+		bodyMarshal(w, response{"success": false, "message": err.Error()})
+		return
+	}
+
+	c, err := commenterGetByCommenterToken(*x.CommenterToken)
+	if err != nil {
+		bodyMarshal(w, response{"success": false, "message": err.Error()})
+		return
+	}
+
+	domain := domainStrip(*x.Domain)
+
+	isModerator, err := isDomainModerator(domain, c.Email)
+	if err != nil {
+		bodyMarshal(w, response{"success": false, "message": err.Error()})
+		return
+	}
+
+	if !isModerator {
+		bodyMarshal(w, response{"success": false, "message": errorNotModerator.Error()})
+		return
+	}
+
+	(*x.Attributes).Domain = *x.Domain
+	(*x.Attributes).Path = *x.Path
+
+	if err = pageUpdate(*x.Attributes); err != nil {
+		bodyMarshal(w, response{"success": false, "message": err.Error()})
+		return
+	}
+
+	bodyMarshal(w, response{"success": true})
+}

api/page_update_test.go

@@ -0,0 +1,43 @@
+package main
+
+import (
+	"testing"
+	"time"
+)
+
+func TestPageUpdateBasics(t *testing.T) {
+	failTestOnError(t, setupTestEnv())
+
+	commenterHex, _ := commenterNew("test@example.com", "Test", "undefined", "https://example.com/photo.jpg", "google", "")
+
+	commentNew(commenterHex, "example.com", "/path.html", "root", "**foo**", "unapproved", time.Now().UTC())
+
+	p, _ := pageGet("example.com", "/path.html")
+	if p.IsLocked != false {
+		t.Errorf("expected IsLocked=false got %v", p.IsLocked)
+		return
+	}
+
+	p.IsLocked = true
+
+	if err := pageUpdate(p); err != nil {
+		t.Errorf("unexpected error updating page: %v", err)
+		return
+	}
+
+	p, _ = pageGet("example.com", "/path.html")
+	if p.IsLocked != true {
+		t.Errorf("expected IsLocked=true got %v", p.IsLocked)
+		return
+	}
+}
+
+func TestPageUpdateEmpty(t *testing.T) {
+	failTestOnError(t, setupTestEnv())
+
+	p := page{Domain: "", Path: "", IsLocked: false}
+	if err := pageUpdate(p); err == nil {
+		t.Errorf("expected error not found updating page with empty everything")
+		return
+	}
+}

api/router_api.go

@@ -31,9 +31,12 @@ func apiRouterInit(router *mux.Router) error {
 
 	router.HandleFunc("/api/comment/new", commentNewHandler).Methods("POST")
 	router.HandleFunc("/api/comment/list", commentListHandler).Methods("POST")
+	router.HandleFunc("/api/comment/count", commentCountHandler).Methods("POST")
 	router.HandleFunc("/api/comment/vote", commentVoteHandler).Methods("POST")
 	router.HandleFunc("/api/comment/approve", commentApproveHandler).Methods("POST")
 	router.HandleFunc("/api/comment/delete", commentDeleteHandler).Methods("POST")
 
+	router.HandleFunc("/api/page/update", pageUpdateHandler).Methods("POST")
+
 	return nil
 }

api/router_static.go

@@ -27,6 +27,8 @@ type staticHtmlPlugs struct {
 }
 
 func staticRouterInit(router *mux.Router) error {
+	subdir := pathStrip(os.Getenv("ORIGIN"))
+
 	asset := make(map[string][]byte)
 	gzippedAsset := make(map[string][]byte)
 
@@ -57,8 +59,6 @@ func staticRouterInit(router *mux.Router) error {
 
 			gzip := (os.Getenv("GZIP_STATIC") == "true")
 
-			subdir := pathStrip(os.Getenv("ORIGIN"))
-
 			asset[subdir+p] = []byte(prefix + string(contents))
 			if gzip {
 				gzippedAsset[subdir+p], err = gzipStatic(asset[subdir+p])
@@ -101,6 +101,10 @@ func staticRouterInit(router *mux.Router) error {
 	}
 
 	html := make(map[string]string)
+	for _, page := range pages {
+		html[subdir+page] = ""
+	}
+
 	for _, page := range pages {
 		sl := string(os.PathSeparator)
 		page = sl + page
@@ -112,22 +116,30 @@ func staticRouterInit(router *mux.Router) error {
 			return err
 		}
 
-		t, err := template.New(page).Delims("[[[", "]]]").Parse(string(contents))
-		if err != nil {
-			logger.Errorf("cannot parse %s%s template: %v", os.Getenv("STATIC"), file, err)
-			return err
+		result := string(contents)
+
+		for {
+			t, err := template.New(page).Delims("[[[", "]]]").Parse(result)
+			if err != nil {
+				logger.Errorf("cannot parse %s%s template: %v", os.Getenv("STATIC"), file, err)
+				return err
+			}
+
+			var buf bytes.Buffer
+			t.Execute(&buf, &staticHtmlPlugs{
+				Origin:    os.Getenv("ORIGIN"),
+				CdnPrefix: os.Getenv("CDN_PREFIX"),
+				Footer:    template.HTML(string(footer)),
+			})
+
+			result = buf.String()
+			if result == html[subdir+page] {
+				break
+			} else {
+				html[subdir+page] = result
+				continue
+			}
 		}
-
-		var buf bytes.Buffer
-		t.Execute(&buf, &staticHtmlPlugs{
-			Origin:    os.Getenv("ORIGIN"),
-			CdnPrefix: os.Getenv("CDN_PREFIX"),
-			Footer:    template.HTML(string(footer)),
-		})
-
-		subdir := pathStrip(os.Getenv("ORIGIN"))
-
-		html[subdir+page] = buf.String()
 	}
 
 	for _, page := range pages {

db/20180922181651-page-attributes.sql

@@ -0,0 +1,9 @@
+-- Introduces page attributes
+
+CREATE TABLE IF NOT EXISTS pages (
+  domain                   TEXT          NOT NULL                           ,
+  path                     TEXT          NOT NULL                           ,
+  isLocked                 BOOLEAN       NOT NULL  DEFAULT false
+);
+
+CREATE UNIQUE INDEX pagesUniqueIndex ON pages(domain, path);

db/20180923002745-comment-count.sql

@@ -0,0 +1,15 @@
+ALTER TABLE pages
+  ADD commentCount INTEGER NOT NULL DEFAULT 0;
+
+CREATE OR REPLACE FUNCTION commentsInsertTriggerFunction() RETURNS TRIGGER AS $trigger$
+BEGIN
+  UPDATE pages
+  SET commentCount = commentCount + 1
+  WHERE domain = new.domain AND path = new.path;
+
+  RETURN NEW;
+END;
+$trigger$ LANGUAGE plpgsql;
+
+CREATE TRIGGER commentsInsertTrigger AFTER INSERT ON comments
+FOR EACH ROW EXECUTE PROCEDURE commentsInsertTriggerFunction();

db/20180923004309-comment-count-build.sql

@@ -0,0 +1,10 @@
+-- Build the comments count column
+
+UPDATE pages
+SET commentCount = subquery.commentCount
+FROM (
+  SELECT COUNT(commentHex) as commentCount
+  FROM comments
+  WHERE state = 'approved'
+  GROUP BY (domain, path)
+) as subquery;

frontend/dashboard.html

@@ -175,12 +175,12 @@
         </div>
       </div>
 
-      <!-- General Settings -->
+      <!-- Configure Domain -->
       <div id="general-view" class="view hidden">
         <div class="view-inside">
           <div class="small-mid-view">
             <div class="center center-title">
-              General Settings
+              Configure Domain
             </div>
             <div class="box">
               <div class="row">
@@ -365,7 +365,7 @@
           </div>
           <div class="row">
             <div class="label">Website Name</div>
-            <input class="input gray-input" id="new-domain-name" type="text" placeholder="Billie Joe's Blog">
+            <input class="input gray-input" id="new-domain-name" type="text" placeholder="My Blog">
           </div>
           <div class="row">
             <div class="label">Website Domain</div>

frontend/js/commento.js

@@ -27,6 +27,8 @@
   var ID_LOGIN_BOX_HR = "commento-login-box-hr";
   var ID_LOGIN_BOX_OAUTH_PRETEXT = "commento-login-box-oauth-pretext";
   var ID_LOGIN_BOX_OAUTH_BUTTONS_CONTAINER = "commento-login-box-oauth-buttons-container";
+  var ID_MOD_TOOLS = "commento-mod-tools";
+  var ID_MOD_TOOLS_LOCK_BUTTON = "commento-mod-tools-lock-button";
   var ID_ERROR = "commento-error";
   var ID_LOGGED_CONTAINER = "commento-logged-container";
   var ID_COMMENTS_AREA = "commento-comments-area";
@@ -62,8 +64,9 @@
   var requireModeration = true;
   var isModerator = false;
   var isFrozen = false;
-  var chosenAnonymous = false;
   var shownSubmitButton = {"root": false};
+  var chosenAnonymous = false;
+  var isLocked = false;
   var shownReply = {};
   var configuredOauths = [];
   var loginBoxType = "signup";
@@ -336,6 +339,9 @@
       requireIdentification = resp.requireIdentification;
       isModerator = resp.isModerator;
       isFrozen = resp.isFrozen;
+
+      isLocked = resp.attributes.isLocked;
+
       comments = resp.comments;
       commenters = resp.commenters;
       configuredOauths = resp.configuredOauths;
@@ -443,7 +449,11 @@
 
     commentsArea.innerHTML = "";
 
-    append(mainArea, textareaCreate("root"));
+    if (!isLocked)
+      append(mainArea, textareaCreate("root"));
+    else
+      append(mainArea, messageCreate("This thread is locked. You cannot create new comments."));
+
     append(mainArea, commentsArea);
     append(root, mainArea);
 
@@ -462,7 +472,7 @@
   }
 
 
-  global.postComment = function(id) {
+  global.commentNew = function(id) {
     var textarea = $(ID_TEXTAREA + id);
 
     var comment = textarea.value;
@@ -577,6 +587,10 @@
       return null;
     }
 
+    cur.sort(function(a, b) {
+      return a.score - b.score;
+    });
+
     var cards = create("div");
     cur.forEach(function(comment) {
       var commenter = commenters[comment.commenterHex];
@@ -590,8 +604,8 @@
       var edit = create("button");
       var reply = create("button");
       var collapse = create("button");
-      var upvote = create("div");
-      var downvote = create("div");
+      var upvote = create("button");
+      var downvote = create("button");
       var approve = create("button");
       var remove = create("button");
       var children = commentsRecurse(parentMap, comment.commentHex);
@@ -715,7 +729,10 @@
       // append(options, edit); // uncomment when implemented
       append(options, downvote);
       append(options, upvote);
-      append(options, reply);
+
+      if (!isLocked)
+        append(options, reply);
+
       if (isModerator) {
         append(options, remove);
         if (comment.state == "unapproved")
@@ -940,7 +957,7 @@
     classAdd(submit, "submit-button");
     classAdd(el, "button-margin");
 
-    attrSet(submit, "onclick", "postComment('" + id + "')");
+    attrSet(submit, "onclick", "commentNew('" + id + "')");
 
     append(el, submit);
   }
@@ -1037,6 +1054,7 @@
     classAdd(oauthButtonsContainer, "oauth-buttons-container");
     classAdd(oauthButtons, "oauth-buttons");
     classAdd(close, "login-box-close");
+    classAdd(root, "root-min-height");
 
     emailButton.innerText = "Continue";
     loginLink.innerText = "Already have an account? Log in.";
@@ -1257,6 +1275,45 @@
   }
 
 
+  function pageUpdate(callback) {
+    var attributes = {
+      "isLocked": isLocked,
+    };
+
+    var json = {
+      "commenterToken": commenterTokenGet(),
+      "domain": location.host,
+      "path": location.pathname,
+      "attributes": attributes,
+    };
+
+    post(origin + "/api/page/update", json, function(resp) {
+      if (!resp.success) {
+        errorShow(resp.message);
+        return
+      }
+
+      call(callback);
+    });
+  }
+
+
+  global.threadLockToggle = function() {
+    var lock = $(ID_MOD_TOOLS_LOCK_BUTTON);
+
+    isLocked = !isLocked;
+
+    lock.disabled = true;
+    pageUpdate(function(success) {
+      lock.disabled = false;
+      if (isLocked)
+        lock.innerHTML = "Unlock Thread";
+      else
+        lock.innerHTML = "Lock Thread";
+    });
+  }
+
+
   function mainAreaCreate() {
     var mainArea = create("div");
 
@@ -1270,6 +1327,29 @@
   }
 
 
+  function modToolsCreate() {
+    var modTools = create("div");
+    var lock = create("button");
+
+    modTools.id = ID_MOD_TOOLS;
+    lock.id = ID_MOD_TOOLS_LOCK_BUTTON;
+
+    classAdd(modTools, "mod-tools");
+    classAdd(lock, "mod-tools-lock-button");
+
+    if (isLocked)
+      lock.innerHTML = "Unlock Thread";
+    else
+      lock.innerHTML = "Lock Thread";
+
+    attrSet(modTools, "style", "display: none");
+    attrSet(lock, "onclick", "threadLockToggle()");
+
+    append(modTools, lock);
+    append(root, modTools);
+  }
+
+
   global.loadCssOverride = function() {
     if (cssOverride === undefined)
       global.allShow();
@@ -1280,12 +1360,18 @@
 
   global.allShow = function() {
     var mainArea = $(ID_MAIN_AREA);
+    var modTools = $(ID_MOD_TOOLS);
     var loggedContainer = $(ID_LOGGED_CONTAINER);
     var footer = $(ID_FOOTER);
 
     attrSet(mainArea, "style", "");
+
+    if (isModerator)
+      attrSet(modTools, "style", "");
+
     if (loggedContainer)
       attrSet(loggedContainer, "style", "");
+
     attrSet(footer, "style", "");
 
     nameWidthFix();
@@ -1297,6 +1383,7 @@
     var loginBoxContainer = $(ID_LOGIN_BOX_CONTAINER);
 
     classRemove(mainArea, "blurred");
+    classRemove(root, "root-min-height");
 
     attrSet(loginBoxContainer, "style", "display: none");
   }
@@ -1346,6 +1433,7 @@
 
     selfGet(function() {
       commentsGet(function() {
+        modToolsCreate();
         rootCreate(function() {
           commentsRender();
           footerLoad();

frontend/js/dashboard.js

@@ -27,7 +27,7 @@
       },
       {
         "id": "general",
-        "text": "General Settings",
+        "text": "Configure Domain",
         "meaning": "Names, domains and the rest",
         "selected": false,
         "open": generalOpen,
@@ -35,13 +35,13 @@
       {
         "id": "moderation",
         "text": "Moderation Settings",
-        "meaning": "Approve and delete comments",
+        "meaning": "Manage list of moderators",
         "selected": false,
         "open": moderationOpen,
       },
       {
         "id": "statistics",
-        "text": "Statistics",
+        "text": "View Activity",
         "meaning": "Usage and comment statistics",
         "selected": false,
         "open": statisticsOpen,

frontend/js/utils.js

@@ -71,7 +71,11 @@
     date.setTime(date.getTime() + (365*24*60*60*1000));
     expires = "; expires=" + date.toUTCString();
 
-    document.cookie = name + "=" + value + expires + "; path=/";
+    var cookieString = name + "=" + value + expires + "; path=/";
+    if (/^https:\/\//i.test(commentoOrigin))
+      cookieString += "; secure";
+
+    document.cookie = cookieString;
   }
 
 

frontend/sass/commento-input.scss

@@ -177,3 +177,18 @@ textarea {
 .commento-button-margin {
   padding-bottom: 60px;
 }
+
+.commento-mod-tools-lock-button {
+  color: $gray-6;
+  background: none;
+  border: none;
+  font-weight: bold;
+  font-size: 12px;
+  text-transform: uppercase;
+  margin-left: 12px;
+  padding: 2px;
+}
+
+.commento-mod-tools-lock-button:hover {
+  cursor: pointer;
+}

frontend/sass/commento.scss

@@ -1,5 +1,9 @@
 @import url('https://fonts.googleapis.com/css?family=Source+Sans+Pro');
 
+.commento-root-min-height {
+  min-height: 350px;
+}
+
 .commento-root {
   font-family: "Source Sans Pro", "Segoe UI", Roboto, "Helvetica Neue", sans-serif;
   font-size: 15px;
@@ -8,7 +12,6 @@
   overflow-x: hidden;
   text-rendering: optimizeLegibility;
   padding: 8px;
-  min-height: 350px;
 
   @import "colors-main.scss";
   @import "common-main.scss";
@@ -41,6 +44,18 @@
     font-weight: bold;
   }
 
+  .commento-mod-tools {
+    margin-bottom: 16px;
+  }
+
+  .commento-mod-tools::before {
+    content: "Moderators";
+    text-transform: uppercase;
+    color: $indigo-8;
+    font-size: 12px;
+    font-weight: bold;
+  }
+
   .commento-moderation-notice {
     width: 100%;
     border-radius: 4px;
@@ -87,7 +102,7 @@
     border-top: 1px solid #f0f0f0;
 
     .commento-header {
-      padding-bottom: 12px;
+      padding-bottom: 4px;
     }
 
     .commento-avatar::after {

frontend/sass/email-main.scss

@@ -21,7 +21,7 @@
       outline: none;
       padding: 5px;
       padding-left: 10px;
-      width: calc(100% - 120px);
+      width: calc(100% - 150px);
     }
 
     .commento-input::placeholder {

frontend/signup.html

@@ -34,7 +34,7 @@
 
       <div class="row">
         <div class="label">Full Name</div>
-        <input class="input" type="text" name="name" id="name" placeholder="Billie Joe Armstrong">
+        <input class="input" type="text" name="name" id="name" placeholder="Full Name">
       </div>
 
       <div class="row">