RubyGems - aspera-cli - Versions diffs - 4.14.0 → 4.15.0 - Mend

aspera-cli 4.14.0 → 4.15.0

Files changed (90) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data/CHANGELOG.md +54 -3
data/CONTRIBUTING.md +7 -7
data/README.md +1457 -880
data/bin/ascli +18 -9
data/bin/asession +12 -14
data/examples/proxy.pac +1 -1
data/lib/aspera/aoc.rb +198 -127
data/lib/aspera/ascmd.rb +24 -14
data/lib/aspera/cli/basic_auth_plugin.rb +9 -6
data/lib/aspera/cli/error.rb +17 -0
data/lib/aspera/cli/extended_value.rb +47 -12
data/lib/aspera/cli/formatter.rb +260 -171
data/lib/aspera/cli/hints.rb +80 -0
data/lib/aspera/cli/main.rb +101 -147
data/lib/aspera/cli/manager.rb +160 -124
data/lib/aspera/cli/plugin.rb +70 -59
data/lib/aspera/cli/plugins/alee.rb +0 -1
data/lib/aspera/cli/plugins/aoc.rb +239 -273
data/lib/aspera/cli/plugins/ats.rb +8 -5
data/lib/aspera/cli/plugins/bss.rb +2 -2
data/lib/aspera/cli/plugins/config.rb +516 -375
data/lib/aspera/cli/plugins/console.rb +40 -0
data/lib/aspera/cli/plugins/cos.rb +4 -5
data/lib/aspera/cli/plugins/faspex.rb +99 -84
data/lib/aspera/cli/plugins/faspex5.rb +179 -148
data/lib/aspera/cli/plugins/node.rb +219 -153
data/lib/aspera/cli/plugins/orchestrator.rb +52 -17
data/lib/aspera/cli/plugins/preview.rb +46 -32
data/lib/aspera/cli/plugins/server.rb +57 -17
data/lib/aspera/cli/plugins/shares.rb +34 -12
data/lib/aspera/cli/sync_actions.rb +68 -0
data/lib/aspera/cli/transfer_agent.rb +45 -55
data/lib/aspera/cli/transfer_progress.rb +74 -0
data/lib/aspera/cli/version.rb +1 -1
data/lib/aspera/colors.rb +3 -1
data/lib/aspera/command_line_builder.rb +14 -11
data/lib/aspera/cos_node.rb +3 -2
data/lib/aspera/environment.rb +17 -6
data/lib/aspera/fasp/agent_aspera.rb +126 -0
data/lib/aspera/fasp/agent_base.rb +31 -77
data/lib/aspera/fasp/agent_connect.rb +21 -22
data/lib/aspera/fasp/agent_direct.rb +88 -102
data/lib/aspera/fasp/agent_httpgw.rb +196 -192
data/lib/aspera/fasp/agent_node.rb +41 -34
data/lib/aspera/fasp/agent_trsdk.rb +75 -34
data/lib/aspera/fasp/error_info.rb +2 -2
data/lib/aspera/fasp/faux_file.rb +52 -0
data/lib/aspera/fasp/installation.rb +43 -184
data/lib/aspera/fasp/management.rb +244 -0
data/lib/aspera/fasp/parameters.rb +59 -26
data/lib/aspera/fasp/parameters.yaml +75 -8
data/lib/aspera/fasp/products.rb +162 -0
data/lib/aspera/fasp/transfer_spec.rb +1 -1
data/lib/aspera/fasp/uri.rb +4 -4
data/lib/aspera/faspex_gw.rb +2 -2
data/lib/aspera/faspex_postproc.rb +2 -2
data/lib/aspera/hash_ext.rb +2 -2
data/lib/aspera/json_rpc.rb +49 -0
data/lib/aspera/line_logger.rb +23 -0
data/lib/aspera/log.rb +57 -16
data/lib/aspera/node.rb +97 -14
data/lib/aspera/oauth.rb +36 -18
data/lib/aspera/open_application.rb +4 -4
data/lib/aspera/persistency_folder.rb +2 -2
data/lib/aspera/preview/file_types.rb +4 -2
data/lib/aspera/preview/generator.rb +22 -35
data/lib/aspera/preview/options.rb +2 -0
data/lib/aspera/preview/terminal.rb +24 -13
data/lib/aspera/preview/utils.rb +19 -26
data/lib/aspera/rest.rb +103 -72
data/lib/aspera/rest_call_error.rb +1 -1
data/lib/aspera/rest_error_analyzer.rb +15 -14
data/lib/aspera/rest_errors_aspera.rb +37 -34
data/lib/aspera/secret_hider.rb +14 -16
data/lib/aspera/ssh.rb +4 -1
data/lib/aspera/sync.rb +128 -122
data/lib/aspera/temp_file_manager.rb +10 -3
data/lib/aspera/web_auth.rb +10 -7
data/lib/aspera/web_server_simple.rb +9 -4
data.tar.gz.sig +0 -0
metadata +33 -15
metadata.gz.sig +0 -0
data/lib/aspera/cli/listener/line_dump.rb +0 -19
data/lib/aspera/cli/listener/logger.rb +0 -22
data/lib/aspera/cli/listener/progress.rb +0 -50
data/lib/aspera/cli/listener/progress_multi.rb +0 -84
data/lib/aspera/cli/plugins/sync.rb +0 -44
data/lib/aspera/fasp/listener.rb +0 -13

data/lib/aspera/fasp/products.rb ADDED Viewed

@@ -0,0 +1,162 @@
+# frozen_string_literal: true
+# cspell:ignore LOCALAPPDATA
+require 'aspera/environment'
+module Aspera
+  module Fasp
+    # find Aspera standard products installation in standard paths
+    class Products
+      # known product names
+      CONNECT = 'IBM Aspera Connect'
+      ASPERA = 'IBM Aspera (Client)'
+      CLI_V1 = 'Aspera CLI (deprecated)'
+      DRIVE = 'Aspera Drive (deprecated)'
+      HSTS = 'IBM Aspera High-Speed Transfer Server'
+      # product information manifest: XML (part of aspera product)
+      INFO_META_FILE = 'product-info.mf'
+      BIN_SUBFOLDER = 'bin'
+      ETC_SUBFOLDER = 'etc'
+      VAR_RUN_SUBFOLDER = File.join('var', 'run')
+      @@found_products = nil # rubocop:disable Style/ClassVars
+      class << self
+        # @return product folders depending on OS fields
+        # :expected  M app name is taken from the manifest if present, else defaults to this value
+        # :app_root  M main folder for the application
+        # :log_root  O location of log files (Linux uses syslog)
+        # :run_root  O only for Connect Client, location of http port file
+        # :sub_bin   O subfolder with executables, default : bin
+        def product_locations_on_current_os
+          result =
+            case Aspera::Environment.os
+            when Aspera::Environment::OS_WINDOWS then [{
+              expected: CONNECT,
+              app_root: File.join(ENV.fetch('LOCALAPPDATA', nil), 'Programs', 'Aspera', 'Aspera Connect'),
+              log_root: File.join(ENV.fetch('LOCALAPPDATA', nil), 'Aspera', 'Aspera Connect', 'var', 'log'),
+              run_root: File.join(ENV.fetch('LOCALAPPDATA', nil), 'Aspera', 'Aspera Connect')
+            }, {
+              expected: CLI_V1,
+              app_root: File.join('C:', 'Program Files', 'Aspera', 'cli'),
+              log_root: File.join('C:', 'Program Files', 'Aspera', 'cli', 'var', 'log')
+            }, {
+              expected: HSTS,
+              app_root: File.join('C:', 'Program Files', 'Aspera', 'Enterprise Server'),
+              log_root: File.join('C:', 'Program Files', 'Aspera', 'Enterprise Server', 'var', 'log')
+            }]
+            when Aspera::Environment::OS_X then [{
+              expected: CONNECT,
+              app_root: File.join(Dir.home, 'Applications', 'Aspera Connect.app'),
+              log_root: File.join(Dir.home, 'Library', 'Logs', 'Aspera_Connect'),
+              run_root: File.join(Dir.home, 'Library', 'Application Support', 'Aspera', 'Aspera Connect'),
+              sub_bin:  File.join('Contents', 'Resources')
+            }, {
+              expected: CONNECT,
+              app_root: File.join('', 'Applications', 'Aspera Connect.app'),
+              log_root: File.join(Dir.home, 'Library', 'Logs', 'Aspera_Connect'),
+              run_root: File.join(Dir.home, 'Library', 'Application Support', 'Aspera', 'Aspera Connect'),
+              sub_bin:  File.join('Contents', 'Resources')
+            }, {
+              expected: CLI_V1,
+              app_root: File.join(Dir.home, 'Applications', 'Aspera CLI'),
+              log_root: File.join(Dir.home, 'Library', 'Logs', 'Aspera')
+            }, {
+              expected: HSTS,
+              app_root: File.join('', 'Library', 'Aspera'),
+              log_root: File.join(Dir.home, 'Library', 'Logs', 'Aspera')
+            }, {
+              expected: DRIVE,
+              app_root: File.join('', 'Applications', 'Aspera Drive.app'),
+              log_root: File.join(Dir.home, 'Library', 'Logs', 'Aspera_Drive'),
+              sub_bin:  File.join('Contents', 'Resources')
+            }, {
+              expected: ASPERA,
+              app_root: File.join('', 'Applications', 'IBM Aspera.app'),
+              log_root: File.join(Dir.home, 'Library', 'Logs', 'IBM Aspera'),
+              sub_bin:  File.join('Contents', 'Resources', 'sdk', 'aspera', 'bin')
+            }]
+            else [{ # other: Linux and Unix family
+              expected: CONNECT,
+              app_root: File.join(Dir.home, '.aspera', 'connect'),
+              run_root: File.join(Dir.home, '.aspera', 'connect')
+            }, {
+              expected: CLI_V1,
+              app_root: File.join(Dir.home, '.aspera', 'cli')
+            }, {
+              expected: HSTS,
+              app_root: File.join('', 'opt', 'aspera')
+            }]
+            end
+          result # .each {|item| item.deep_do {|h, _k, _v, _m|h.freeze}}.freeze
+        end
+        # @return the list of installed products in format of product_locations_on_current_os
+        def installed_products
+          if @@found_products.nil?
+            scan_locations = product_locations_on_current_os.clone
+            # add SDK as first search path
+            scan_locations.unshift({
+              expected: 'SDK',
+              app_root: Installation.instance.sdk_folder,
+              sub_bin:  ''
+            })
+            # search installed products: with ascp
+            @@found_products = scan_locations.select! do |item| # rubocop:disable Style/ClassVars
+              # skip if not main folder
+              next false unless Dir.exist?(item[:app_root])
+              Log.log.debug{"Found #{item[:app_root]}"}
+              sub_bin = item[:sub_bin] || BIN_SUBFOLDER
+              item[:ascp_path] = File.join(item[:app_root], sub_bin, ascp_filename)
+              # skip if no ascp
+              next false unless File.exist?(item[:ascp_path])
+              # read info from product info file if present
+              product_info_file = "#{item[:app_root]}/#{INFO_META_FILE}"
+              if File.exist?(product_info_file)
+                res_s = XmlSimple.xml_in(File.read(product_info_file), {'ForceArray' => false})
+                item[:name] = res_s['name']
+                item[:version] = res_s['version']
+              else
+                item[:name] = item[:expected]
+              end
+              true # select this version
+            end
+          end
+          return @@found_products
+        end
+        # filename for ascp with optional extension (Windows)
+        def ascp_filename
+          return 'ascp' + Environment.exe_extension
+        end
+        # @return folder paths for specified applications
+        # @param name Connect or CLI
+        def folders(name)
+          found = Products.installed_products.select{|i|i[:expected].eql?(name) || i[:name].eql?(name)}
+          raise "Product: #{name} not found, please install." if found.empty?
+          return found.first
+        end
+        # @return the file path of local connect where API's URI can be read
+        def connect_uri
+          connect = folders(CONNECT)
+          folder = File.join(connect[:run_root], VAR_RUN_SUBFOLDER)
+          ['', 's'].each do |ext|
+            uri_file = File.join(folder, "http#{ext}.uri")
+            Log.log.debug{"checking connect port file: #{uri_file}"}
+            if File.exist?(uri_file)
+              return File.open(uri_file, &:gets).strip
+            end
+          end
+          raise "no connect uri file found in #{folder}"
+        end
+        # @ return path to configuration file of aspera CLI
+        # def cli_conf_file
+        #  connect = folders(PRODUCT_CLI_V1)
+        #  return File.join(connect[:app_root], BIN_SUBFOLDER, '.aspera_cli_conf')
+        # end
+      end
+    end
+  end
+end

data/lib/aspera/fasp/transfer_spec.rb CHANGED Viewed

@@ -41,7 +41,7 @@ module Aspera
           return case tspec['direction']
                  when DIRECTION_SEND then :upload
                  when DIRECTION_RECEIVE then :download
-                 else raise 'Error: upload or download only'
+                 else raise "Error: upload or download only, not #{tspec['direction']} (#{tspec['direction'].class})"
                  end
         end
       end

data/lib/aspera/fasp/uri.rb CHANGED Viewed

@@ -1,14 +1,16 @@
 # frozen_string_literal: true
-# cspell:words httpport targetrate minrate bwcap createpath lockpolicy lockminrate
+# cspell:words httpport targetrate minrate bwcap createpath lockpolicy lockminrate faspe
 require 'aspera/log'
+require 'aspera/rest'
 require 'aspera/command_line_builder'
 module Aspera
   module Fasp
     # translates a "faspe:" URI (used in Faspex 4) into transfer spec hash
     class Uri
+      SCHEME = 'faspe'
       def initialize(fasp_link)
         @fasp_uri = URI.parse(fasp_link.gsub(' ', '%20'))
         # TODO: check scheme is faspe
@@ -23,9 +25,7 @@ module Aspera
         # faspex does not encode trailing base64 padding, fix that to be able to decode properly
         fixed_query = @fasp_uri.query.gsub(/(=+)$/){|x|'%3D' * x.length}
-        URI.decode_www_form(fixed_query).each do |i|
-          name = i[0]
-          value = i[1]
+        Rest.decode_query(fixed_query).each do |name, value|
           case name
           when 'cookie'      then result_ts['cookie'] = value
           when 'token'       then result_ts['token'] = value

data/lib/aspera/faspex_gw.rb CHANGED Viewed

@@ -68,9 +68,9 @@ module Aspera
           faspex_pkg_parameters = JSON.parse(request.body)
           Log.log.debug{"faspex pkg create parameters=#{faspex_pkg_parameters}"}
           faspex_package_create_result =
-            if @app_api.is_a?(Aspera::AoC)
+            if @app_api.class.name.eql?('Aspera::AoC')
               faspex4_send_to_aoc(faspex_pkg_parameters)
-            elsif @app_api.is_a?(Aspera::Rest)
+            elsif @app_api.class.name.eql?('Aspera::Rest')
               faspex4_send_to_faspex5(faspex_pkg_parameters)
             else
               raise "No such adapter: #{@app_api.class}"

data/lib/aspera/faspex_postproc.rb CHANGED Viewed

@@ -13,7 +13,7 @@ module Aspera
     def initialize(server, parameters)
       raise 'parameters must be Hash' unless parameters.is_a?(Hash)
       @parameters = parameters.symbolize_keys
-      Log.dump(:post_proc_parameters, @parameters)
+      Log.log.debug{Log.dump(:post_proc_parameters, @parameters)}
       raise "unexpected key in parameters config: only: #{ALLOWED_PARAMETERS.join(', ')}" if @parameters.keys.any?{|k|!ALLOWED_PARAMETERS.include?(k)}
       @parameters[:script_folder] ||= '.'
       @parameters[:fail_on_error] ||= false
@@ -44,7 +44,7 @@ module Aspera
         script_path = File.join(@parameters[:script_folder], script_file)
         Log.log.debug{"script=#{script_path}"}
         webhook_parameters = JSON.parse(request.body)
-        Log.dump(:webhook_parameters, webhook_parameters)
+        Log.log.debug{Log.dump(:webhook_parameters, webhook_parameters)}
         # env expects only strings
         environment = webhook_parameters.each_with_object({}) { |(k, v), h| h[k] = v.to_s }
         post_proc_pid = Process.spawn(environment, [script_path, script_path])

data/lib/aspera/hash_ext.rb CHANGED Viewed

@@ -24,8 +24,8 @@ end
 unless Hash.method_defined?(:transform_keys)
   class Hash
     def transform_keys
-      return each_with_object({}){|(k, v), memo|memo[yield(k)] = v} if block_given?
-      raise 'missing block'
+      raise 'missing block' unless block_given?
+      return each_with_object({}){|(k, v), memo|memo[yield(k)] = v}
     end
   end
 end

data/lib/aspera/json_rpc.rb ADDED Viewed

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+# cspell:ignore blankslate
+require 'aspera/rest_error_analyzer'
+require 'blankslate'
+Aspera::RestErrorAnalyzer.instance.add_simple_handler(name: 'JSON RPC', path: %w[error message], always: true)
+module Aspera
+  # a very simple JSON RPC client
+  class JsonRpcClient < BlankSlate
+    JSON_RPC_VERSION = '2.0'
+    reveal :instance_variable_get
+    reveal :inspect
+    reveal :to_s
+    def initialize(api, namespace = nil)
+      super()
+      @api = api
+      @namespace = namespace
+      @request_id = 0
+    end
+    def respond_to_missing?(sym, include_private = false)
+      true
+    end
+    def method_missing(method, *args, &block)
+      args = args.first if args.size == 1 && args.first.is_a?(Hash)
+      data = @api.create('', {
+        jsonrpc: JSON_RPC_VERSION,
+        method:  "#{@namespace}#{method}",
+        params:  args,
+        id:      @request_id += 1
+      })[:data]
+      raise 'response shall be Hash' unless data.is_a?(Hash)
+      raise 'bad version in response' unless data['jsonrpc'] == JSON_RPC_VERSION
+      raise 'missing id in response' unless data.key?('id')
+      raise 'both error and response' if data.key?('error') && data.key?('result')
+      raise 'bad error response' unless
+        !data.key?('error') ||
+          data['error'].is_a?(Hash) &&
+            data['error']['code'].is_a?(Integer) &&
+            data['error']['message'].is_a?(String)
+      return data['result']
+    end
+  end
+end

data/lib/aspera/line_logger.rb ADDED Viewed

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+require 'aspera/log'
+module Aspera
+  # used for logging http
+  class LineLogger
+    def initialize(level)
+      @level = level
+      @buffer = []
+    end
+    def <<(string)
+      return if string.nil? || string.empty?
+      if !string.end_with?("\n")
+        @buffer.push(string)
+        return
+      end
+      Log.log.send(@level, @buffer.join('') + string.chomp)
+      @buffer.clear
+    end
+  end
+end

data/lib/aspera/log.rb CHANGED Viewed

@@ -2,17 +2,53 @@
 require 'aspera/colors'
 require 'aspera/secret_hider'
+require 'aspera/environment'
 require 'logger'
 require 'pp'
 require 'json'
 require 'singleton'
+# extend Ruby logger with trace levels
+class Logger
+  TRACE_MAX = 2
+  # add custom level to logger severity
+  module Severity
+    1.upto(TRACE_MAX).each { |level| const_set("TRACE#{level}", - level)}
+  end
+  # quick access to label
+  SEVERITY_LABEL = Severity.constants.each_with_object({}) { |name, hash| hash[Severity.const_get(name)] = name}
+  def format_severity(severity)
+    SEVERITY_LABEL[severity] || 'ANY'
+  end
+  # define methods for a given level
+  def self.make_methods(str_level) # rubocop:disable Style/ClassMethodsDefinitions
+    int_level = ::Logger.const_get(str_level.upcase)
+    str_level = str_level.downcase
+    Kernel.send('lave'.reverse, <<-EOM, nil, __FILE__, __LINE__ + 1)
+      def #{str_level}(message = nil, &block)
+        add(#{int_level}, message, &block)
+      end
+      def #{str_level}?
+        level <= #{int_level}
+      end
+      def #{str_level}!
+        self.level = #{int_level}
+      end
+    EOM
+  end
+  Logger::Severity.constants.each { |severity| make_methods(severity) }
+end
 module Aspera
   # Singleton object for logging
   class Log
     include Singleton
     # where logs are sent to
     LOG_TYPES = %i[stderr stdout syslog].freeze
+    @@format = :json # rubocop:disable Style/ClassVars
     # class methods
     class << self
       # levels are :debug,:info,:warn,:error,fatal,:unknown
@@ -21,22 +57,20 @@ module Aspera
       # get the logger object of singleton
       def log; instance.logger; end
-      # dump object in debug mode
+      # dump object suitable for Log.log.debug
       # @param name string or symbol
       # @param format either pp or json format
-      def dump(name, object, format=:json)
-        log.debug do
-          result =
-            case format
-            when :json
-              JSON.pretty_generate(object) rescue PP.pp(object, +'')
-            when :ruby
-              PP.pp(object, +'')
-            else
-              raise 'wrong parameter, expect pp or json'
-            end
-          "#{name.to_s.green} (#{format})=\n#{result}"
-        end
+      def dump(name, object)
+        result =
+          case @@format
+          when :json
+            JSON.pretty_generate(object) rescue PP.pp(object, +'')
+          when :ruby
+            PP.pp(object, +'')
+          else
+            raise 'wrong parameter, expect ruby or json'
+          end
+        "#{name.to_s.green} (#{@@format})=\n#{result}"
       end
       # Capture the output of $stderr and log it at debug level
@@ -70,16 +104,23 @@ module Aspera
     # change underlying logger, but keep log level
     def logger_type=(new_log_type)
       current_severity_integer = @logger.level unless @logger.nil?
-      current_severity_integer = ENV['AS_LOG_LEVEL'] if current_severity_integer.nil? && ENV.key?('AS_LOG_LEVEL')
+      current_severity_integer = ENV.fetch('AS_LOG_LEVEL', nil) if current_severity_integer.nil? && ENV.key?('AS_LOG_LEVEL')
       current_severity_integer = Logger::Severity::WARN if current_severity_integer.nil?
       case new_log_type
       when :stderr
-        # typed: Logger
         @logger = Logger.new($stderr)
       when :stdout
         @logger = Logger.new($stdout)
       when :syslog
         require 'syslog/logger'
+        # the syslog class automatically creates methods from the severity names
+        # we just need to add the mapping (but syslog lowest is DEBUG)
+        1.upto(Logger::TRACE_MAX).each do |level|
+          Syslog::Logger.const_get(:LEVEL_MAP)[Logger.const_get("TRACE#{level}")] = Syslog::LOG_DEBUG
+        end
+        Logger::Severity.constants.each do |severity|
+          Syslog::Logger.make_methods(severity.downcase)
+        end
         @logger = Syslog::Logger.new(@program_name, Syslog::LOG_LOCAL2)
       else
         raise "unknown log type: #{new_log_type.class} #{new_log_type}"

data/lib/aspera/node.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
+require 'aspera/cli/error'
 require 'aspera/fasp/transfer_spec'
 require 'aspera/rest'
 require 'aspera/oauth'
@@ -13,14 +14,22 @@ module Aspera
   class Node < Aspera::Rest
     # permissions
     ACCESS_LEVELS = %w[delete list mkdir preview read rename write].freeze
-    # prefix for ruby code for filter
+    # prefix for ruby code for filter (deprecated)
     MATCH_EXEC_PREFIX = 'exec:'
+    MATCH_TYPES = [String, Proc, Regexp, NilClass].freeze
     HEADER_X_ASPERA_ACCESS_KEY = 'X-Aspera-AccessKey'
     PATH_SEPARATOR = '/'
     TS_FIELDS_TO_COPY = %w[remote_host remote_user ssh_port fasp_port wss_enabled wss_port].freeze
+    SCOPE_USER = 'user:all'
+    SCOPE_ADMIN = 'admin:all'
+    SCOPE_PREFIX = 'node.'
+    SCOPE_SEPARATOR = ':'
+    SIGNATURE_DELIMITER = '==SIGNATURE=='
+    BEARER_TOKEN_VALIDITY_DEFAULT = 86400
+    BEARER_TOKEN_SCOPE_DEFAULT = SCOPE_USER
     # register node special token decoder
-    Oauth.register_decoder(lambda{|token|JSON.parse(Zlib::Inflate.inflate(Base64.decode64(token)).partition('==SIGNATURE==').first)})
+    Oauth.register_decoder(lambda{|token|Node.decode_bearer_token(token)})
     # class instance variable, access with accessors on class
     @use_standard_ports = true
@@ -28,16 +37,79 @@ module Aspera
     class << self
       attr_accessor :use_standard_ports
-      # for access keys: provide expression to match entry in folder
-      # if no prefix: regex
-      # if prefix: ruby code
-      # if expression is nil, then always match
+      # For access keys: provide expression to match entry in folder
       def file_matcher(match_expression)
-        match_expression ||= "#{MATCH_EXEC_PREFIX}true"
-        if match_expression.start_with?(MATCH_EXEC_PREFIX)
-          return Environment.secure_eval("lambda{|f|#{match_expression[MATCH_EXEC_PREFIX.length..-1]}}")
+        case match_expression
+        when Proc then return match_expression
+        when Regexp then return ->(f){f['name'].match?(match_expression)}
+        when String
+          if match_expression.start_with?(MATCH_EXEC_PREFIX)
+            code = "->(f){#{match_expression[MATCH_EXEC_PREFIX.length..-1]}}"
+            Log.log.warn{"Use of prefix #{MATCH_EXEC_PREFIX} is deprecated (4.15), instead use: @ruby:'#{code}'"}
+            return Environment.secure_eval(code, __FILE__, __LINE__)
+          end
+          return lambda{|f|File.fnmatch(match_expression, f['name'], File::FNM_DOTMATCH)}
+        when NilClass then return ->(_){true}
+        else raise Cli::BadArgument, "Invalid match expression type: #{match_expression.class}"
+        end
+      end
+      def file_matcher_from_argument(options)
+        return file_matcher(options.get_next_argument('filter', type: MATCH_TYPES, mandatory: false))
+      end
+      # node API scopes
+      def token_scope(access_key, scope)
+        return [SCOPE_PREFIX, access_key, SCOPE_SEPARATOR, scope].join('')
+      end
+      def decode_scope(scope)
+        items = scope.split(SCOPE_SEPARATOR, 2)
+        raise "invalid scope: #{scope}" unless items.length.eql?(2)
+        raise "invalid scope: #{scope}" unless items[0].start_with?(SCOPE_PREFIX)
+        return {access_key: items[0][SCOPE_PREFIX.length..-1], scope: items[1]}
+      end
+      # Create an Aspera Node bearer token
+      # @param payload [String] JSON payload to be included in the token
+      # @param private_key [OpenSSL::PKey::RSA] Private key to sign the token
+      def bearer_token(access_key:, payload:, private_key:)
+        raise 'payload shall be Hash' unless payload.is_a?(Hash)
+        raise 'missing user_id' unless payload.key?('user_id')
+        raise 'user_id must be a String' unless payload['user_id'].is_a?(String)
+        raise 'user_id must not be empty' if payload['user_id'].empty?
+        raise 'private_key shall be OpenSSL::PKey::RSA' unless private_key.is_a?(OpenSSL::PKey::RSA)
+        # manage convenience parameters
+        expiration_sec = payload['_validity'] || BEARER_TOKEN_VALIDITY_DEFAULT
+        payload.delete('_validity')
+        scope = payload['_scope'] || BEARER_TOKEN_SCOPE_DEFAULT
+        payload.delete('_scope')
+        payload['scope'] ||= token_scope(access_key, scope)
+        payload['auth_type'] ||= 'access_key'
+        payload['expires_at'] ||= (Time.now + expiration_sec).utc.strftime('%FT%TZ')
+        payload_json = JSON.generate(payload)
+        return Base64.strict_encode64(Zlib::Deflate.deflate([
+          payload_json,
+          SIGNATURE_DELIMITER,
+          Base64.strict_encode64(private_key.sign(OpenSSL::Digest.new('sha512'), payload_json)).scan(/.{1,60}/).join("\n"),
+          ''
+        ].join("\n")))
+      end
+      def decode_bearer_token(token)
+        return JSON.parse(Zlib::Inflate.inflate(Base64.decode64(token)).partition(SIGNATURE_DELIMITER).first)
+      end
+      def bearer_headers(bearer_auth, access_key: nil)
+        # if username is not provided, use the access key from the token
+        if access_key.nil?
+          access_key = Aspera::Node.decode_scope(Aspera::Node.decode_bearer_token(Oauth.bearer_extract(bearer_auth))['scope'])[:access_key]
+          raise "internal error #{access_key}" if access_key.nil?
         end
-        return lambda{|f|f['name'].match(/#{match_expression}/)}
+        return {
+          Aspera::Node::HEADER_X_ASPERA_ACCESS_KEY => access_key,
+          'Authorization'                          => bearer_auth
+        }
       end
     end
@@ -52,6 +124,7 @@ module Aspera
     # @param params [Hash] Rest parameters
     # @param app_info [Hash,NilClass] special processing for AoC
     def initialize(params:, app_info: nil, add_tspec: nil)
+      # init Rest
       super(params)
       @app_info = app_info
       # this is added to transfer spec, for instance to add tags (COS)
@@ -90,13 +163,13 @@ module Aspera
     # @param state [Object] state object sent to processing method
     # @param top_file_id [String] file id to start at (default = access key root file id)
     # @param top_file_path [String] path of top folder (default = /)
-    # @param block [Proc] processing method, args: entry, path, state
+    # @param block [Proc] processing method, arguments: entry, path, state
     def process_folder_tree(state:, top_file_id:, top_file_path: '/', &block)
       raise 'INTERNAL ERROR: top_file_path not set' if top_file_path.nil?
       raise 'INTERNAL ERROR: Missing block' unless block
       # start at top folder
       folders_to_explore = [{id: top_file_id, path: top_file_path}]
-      Log.dump(:folders_to_explore, folders_to_explore)
+      Log.log.debug{Log.dump(:folders_to_explore, folders_to_explore)}
       until folders_to_explore.empty?
         current_item = folders_to_explore.shift
         Log.log.debug{"searching #{current_item[:path]}".bg_green}
@@ -108,7 +181,7 @@ module Aspera
             Log.log.warn{"#{current_item[:path]}: #{e.class} #{e.message}"}
             []
           end
-        Log.dump(:folder_contents, folder_contents)
+        Log.log.debug{Log.dump(:folder_contents, folder_contents)}
         folder_contents.each do |entry|
           relative_path = File.join(current_item[:path], entry['name'])
           Log.log.debug{"process_folder_tree checking #{relative_path}"}
@@ -204,7 +277,7 @@ module Aspera
       when :basic
         ak_name = params[:auth][:username]
         raise 'ERROR: no secret in node object' unless params[:auth][:password]
-        ak_token = Rest.basic_creds(params[:auth][:username], params[:auth][:password])
+        ak_token = Rest.basic_token(params[:auth][:username], params[:auth][:password])
       when :oauth2
         ak_name = params[:headers][HEADER_X_ASPERA_ACCESS_KEY]
         # TODO: token_generation_lambda = lambda{|do_refresh|oauth_token(force_refresh: do_refresh)}
@@ -235,9 +308,19 @@ module Aspera
         transfer_spec.merge!(Fasp::TransferSpec::AK_TSPEC_BASE)
         # by default: same address as node API
         transfer_spec['remote_host'] = URI.parse(params[:base_url]).host
+        # AoC allows specification of other url
         if !@app_info.nil? && !@app_info[:node_info]['transfer_url'].nil? && !@app_info[:node_info]['transfer_url'].empty?
           transfer_spec['remote_host'] = @app_info[:node_info]['transfer_url']
         end
+        info = read('info')[:data]
+        # get the transfer user from info on access key
+        transfer_spec['remote_user'] = info['transfer_user'] if info['transfer_user']
+        # get settings from name.value array to hash key.value
+        settings = info['settings']&.each_with_object({}){|i, h|h[i['name']] = i['value']}
+        # check WSS ports
+        %w[wss_enabled wss_port].each do |i|
+          transfer_spec[i] = settings[i] if settings.key?(i)
+        end if settings.is_a?(Hash)
       else
         # retrieve values from API (and keep a copy/cache)
         @std_t_spec_cache ||= create(