5824: Add -anonymous-token flag.

diff --git a/services/keep-web/anonymous.go b/services/keep-web/anonymous.go
new file mode 100644 (file)
index 0000000..db40241
--- /dev/null
+++ b/services/keep-web/anonymous.go
@@ -0,0 +1,24 @@
+package main
+
+import (
+       "flag"
+       "fmt"
+)
+
+var anonymousTokens tokenSet
+
+type tokenSet []string
+
+func (ts *tokenSet) Set(t string) error {
+       *ts = append(*ts, t)
+       return nil
+}
+
+func (ts *tokenSet) String() string {
+       return fmt.Sprintf("%+v", (*ts)[:])
+}
+
+func init() {
+       flag.Var(&anonymousTokens, "anonymous-token",
+               "Try using the specified token when a client does not provide a valid token. If this flag is used multiple times, each token will be tried in turn until one works.")
+}

diff --git a/services/keep-web/handler.go b/services/keep-web/handler.go
index 2704263e7172f09f449ec6c6558b9f6740119023..21d58b7e029cae8e1a82b4737831e88addad9847 100644 (file)
--- a/services/keep-web/handler.go
+++ b/services/keep-web/handler.go
@@ -23,15 +23,14 @@ type handler struct{}
 var (
        clientPool         = arvadosclient.MakeClientPool()
        trustAllContent    = false
-       anonymousTokens    []string
        attachmentOnlyHost = ""
 )
 
 func init() {
-       flag.BoolVar(&trustAllContent, "trust-all-content", false,
-               "Serve non-public content from a single origin. Dangerous: read docs before using!")
        flag.StringVar(&attachmentOnlyHost, "attachment-only-host", "",
                "Accept credentials, and add \"Content-Disposition: attachment\" response headers, for requests at this hostname:port. Prohibiting inline display makes it possible to serve untrusted and non-public content from a single origin, i.e., without wildcard DNS or SSL.")
+       flag.BoolVar(&trustAllContent, "trust-all-content", false,
+               "Serve non-public content from a single origin. Dangerous: read docs before using!")
 }
 
 // return a UUID or PDH if s begins with a UUID or URL-encoded PDH;