RubyGems - aspera-cli - Versions diffs - 4.14.0 → 4.15.0 - Mend

aspera-cli 4.14.0 → 4.15.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (90) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data/CHANGELOG.md +54 -3
data/CONTRIBUTING.md +7 -7
data/README.md +1457 -880
data/bin/ascli +18 -9
data/bin/asession +12 -14
data/examples/proxy.pac +1 -1
data/lib/aspera/aoc.rb +198 -127
data/lib/aspera/ascmd.rb +24 -14
data/lib/aspera/cli/basic_auth_plugin.rb +9 -6
data/lib/aspera/cli/error.rb +17 -0
data/lib/aspera/cli/extended_value.rb +47 -12
data/lib/aspera/cli/formatter.rb +260 -171
data/lib/aspera/cli/hints.rb +80 -0
data/lib/aspera/cli/main.rb +101 -147
data/lib/aspera/cli/manager.rb +160 -124
data/lib/aspera/cli/plugin.rb +70 -59
data/lib/aspera/cli/plugins/alee.rb +0 -1
data/lib/aspera/cli/plugins/aoc.rb +239 -273
data/lib/aspera/cli/plugins/ats.rb +8 -5
data/lib/aspera/cli/plugins/bss.rb +2 -2
data/lib/aspera/cli/plugins/config.rb +516 -375
data/lib/aspera/cli/plugins/console.rb +40 -0
data/lib/aspera/cli/plugins/cos.rb +4 -5
data/lib/aspera/cli/plugins/faspex.rb +99 -84
data/lib/aspera/cli/plugins/faspex5.rb +179 -148
data/lib/aspera/cli/plugins/node.rb +219 -153
data/lib/aspera/cli/plugins/orchestrator.rb +52 -17
data/lib/aspera/cli/plugins/preview.rb +46 -32
data/lib/aspera/cli/plugins/server.rb +57 -17
data/lib/aspera/cli/plugins/shares.rb +34 -12
data/lib/aspera/cli/sync_actions.rb +68 -0
data/lib/aspera/cli/transfer_agent.rb +45 -55
data/lib/aspera/cli/transfer_progress.rb +74 -0
data/lib/aspera/cli/version.rb +1 -1
data/lib/aspera/colors.rb +3 -1
data/lib/aspera/command_line_builder.rb +14 -11
data/lib/aspera/cos_node.rb +3 -2
data/lib/aspera/environment.rb +17 -6
data/lib/aspera/fasp/agent_aspera.rb +126 -0
data/lib/aspera/fasp/agent_base.rb +31 -77
data/lib/aspera/fasp/agent_connect.rb +21 -22
data/lib/aspera/fasp/agent_direct.rb +88 -102
data/lib/aspera/fasp/agent_httpgw.rb +196 -192
data/lib/aspera/fasp/agent_node.rb +41 -34
data/lib/aspera/fasp/agent_trsdk.rb +75 -34
data/lib/aspera/fasp/error_info.rb +2 -2
data/lib/aspera/fasp/faux_file.rb +52 -0
data/lib/aspera/fasp/installation.rb +43 -184
data/lib/aspera/fasp/management.rb +244 -0
data/lib/aspera/fasp/parameters.rb +59 -26
data/lib/aspera/fasp/parameters.yaml +75 -8
data/lib/aspera/fasp/products.rb +162 -0
data/lib/aspera/fasp/transfer_spec.rb +1 -1
data/lib/aspera/fasp/uri.rb +4 -4
data/lib/aspera/faspex_gw.rb +2 -2
data/lib/aspera/faspex_postproc.rb +2 -2
data/lib/aspera/hash_ext.rb +2 -2
data/lib/aspera/json_rpc.rb +49 -0
data/lib/aspera/line_logger.rb +23 -0
data/lib/aspera/log.rb +57 -16
data/lib/aspera/node.rb +97 -14
data/lib/aspera/oauth.rb +36 -18
data/lib/aspera/open_application.rb +4 -4
data/lib/aspera/persistency_folder.rb +2 -2
data/lib/aspera/preview/file_types.rb +4 -2
data/lib/aspera/preview/generator.rb +22 -35
data/lib/aspera/preview/options.rb +2 -0
data/lib/aspera/preview/terminal.rb +24 -13
data/lib/aspera/preview/utils.rb +19 -26
data/lib/aspera/rest.rb +103 -72
data/lib/aspera/rest_call_error.rb +1 -1
data/lib/aspera/rest_error_analyzer.rb +15 -14
data/lib/aspera/rest_errors_aspera.rb +37 -34
data/lib/aspera/secret_hider.rb +14 -16
data/lib/aspera/ssh.rb +4 -1
data/lib/aspera/sync.rb +128 -122
data/lib/aspera/temp_file_manager.rb +10 -3
data/lib/aspera/web_auth.rb +10 -7
data/lib/aspera/web_server_simple.rb +9 -4
data.tar.gz.sig +0 -0
metadata +33 -15
metadata.gz.sig +0 -0
data/lib/aspera/cli/listener/line_dump.rb +0 -19
data/lib/aspera/cli/listener/logger.rb +0 -22
data/lib/aspera/cli/listener/progress.rb +0 -50
data/lib/aspera/cli/listener/progress_multi.rb +0 -84
data/lib/aspera/cli/plugins/sync.rb +0 -44
data/lib/aspera/fasp/listener.rb +0 -13

data/lib/aspera/fasp/products.rb ADDED Viewed

@@ -0,0 +1,162 @@
+# frozen_string_literal: true
+# cspell:ignore LOCALAPPDATA
+require 'aspera/environment'
+module Aspera
+  module Fasp
+    # find Aspera standard products installation in standard paths
+    class Products
+      # known product names
+      CONNECT = 'IBM Aspera Connect'
+      ASPERA = 'IBM Aspera (Client)'
+      CLI_V1 = 'Aspera CLI (deprecated)'
+      DRIVE = 'Aspera Drive (deprecated)'
+      HSTS = 'IBM Aspera High-Speed Transfer Server'
+      # product information manifest: XML (part of aspera product)
+      INFO_META_FILE = 'product-info.mf'
+      BIN_SUBFOLDER = 'bin'
+      ETC_SUBFOLDER = 'etc'
+      VAR_RUN_SUBFOLDER = File.join('var', 'run')
+      @@found_products = nil # rubocop:disable Style/ClassVars
+      class << self
+        # @return product folders depending on OS fields
+        # :expected  M app name is taken from the manifest if present, else defaults to this value
+        # :app_root  M main folder for the application
+        # :log_root  O location of log files (Linux uses syslog)
+        # :run_root  O only for Connect Client, location of http port file
+        # :sub_bin   O subfolder with executables, default : bin
+        def product_locations_on_current_os
+          result =
+            case Aspera::Environment.os
+            when Aspera::Environment::OS_WINDOWS then [{
+              expected: CONNECT,
+              app_root: File.join(ENV.fetch('LOCALAPPDATA', nil), 'Programs', 'Aspera', 'Aspera Connect'),
+              log_root: File.join(ENV.fetch('LOCALAPPDATA', nil), 'Aspera', 'Aspera Connect', 'var', 'log'),
+              run_root: File.join(ENV.fetch('LOCALAPPDATA', nil), 'Aspera', 'Aspera Connect')
+            }, {
+              expected: CLI_V1,
+              app_root: File.join('C:', 'Program Files', 'Aspera', 'cli'),
+              log_root: File.join('C:', 'Program Files', 'Aspera', 'cli', 'var', 'log')
+            }, {
+              expected: HSTS,
+              app_root: File.join('C:', 'Program Files', 'Aspera', 'Enterprise Server'),
+              log_root: File.join('C:', 'Program Files', 'Aspera', 'Enterprise Server', 'var', 'log')
+            }]
+            when Aspera::Environment::OS_X then [{
+              expected: CONNECT,
+              app_root: File.join(Dir.home, 'Applications', 'Aspera Connect.app'),
+              log_root: File.join(Dir.home, 'Library', 'Logs', 'Aspera_Connect'),
+              run_root: File.join(Dir.home, 'Library', 'Application Support', 'Aspera', 'Aspera Connect'),
+              sub_bin:  File.join('Contents', 'Resources')
+            }, {
+              expected: CONNECT,
+              app_root: File.join('', 'Applications', 'Aspera Connect.app'),
+              log_root: File.join(Dir.home, 'Library', 'Logs', 'Aspera_Connect'),
+              run_root: File.join(Dir.home, 'Library', 'Application Support', 'Aspera', 'Aspera Connect'),
+              sub_bin:  File.join('Contents', 'Resources')
+            }, {
+              expected: CLI_V1,
+              app_root: File.join(Dir.home, 'Applications', 'Aspera CLI'),
+              log_root: File.join(Dir.home, 'Library', 'Logs', 'Aspera')
+            }, {
+              expected: HSTS,
+              app_root: File.join('', 'Library', 'Aspera'),
+              log_root: File.join(Dir.home, 'Library', 'Logs', 'Aspera')
+            }, {
+              expected: DRIVE,
+              app_root: File.join('', 'Applications', 'Aspera Drive.app'),
+              log_root: File.join(Dir.home, 'Library', 'Logs', 'Aspera_Drive'),
+              sub_bin:  File.join('Contents', 'Resources')
+            }, {
+              expected: ASPERA,
+              app_root: File.join('', 'Applications', 'IBM Aspera.app'),
+              log_root: File.join(Dir.home, 'Library', 'Logs', 'IBM Aspera'),
+              sub_bin:  File.join('Contents', 'Resources', 'sdk', 'aspera', 'bin')
+            }]
+            else [{ # other: Linux and Unix family
+              expected: CONNECT,
+              app_root: File.join(Dir.home, '.aspera', 'connect'),
+              run_root: File.join(Dir.home, '.aspera', 'connect')
+            }, {
+              expected: CLI_V1,
+              app_root: File.join(Dir.home, '.aspera', 'cli')
+            }, {
+              expected: HSTS,
+              app_root: File.join('', 'opt', 'aspera')
+            }]
+            end
+          result # .each {|item| item.deep_do {|h, _k, _v, _m|h.freeze}}.freeze
+        end
+        # @return the list of installed products in format of product_locations_on_current_os
+        def installed_products
+          if @@found_products.nil?
+            scan_locations = product_locations_on_current_os.clone
+            # add SDK as first search path
+            scan_locations.unshift({
+              expected: 'SDK',
+              app_root: Installation.instance.sdk_folder,
+              sub_bin:  ''
+            })
+            # search installed products: with ascp
+            @@found_products = scan_locations.select! do |item| # rubocop:disable Style/ClassVars
+              # skip if not main folder
+              next false unless Dir.exist?(item[:app_root])
+              Log.log.debug{"Found #{item[:app_root]}"}
+              sub_bin = item[:sub_bin] || BIN_SUBFOLDER
+              item[:ascp_path] = File.join(item[:app_root], sub_bin, ascp_filename)
+              # skip if no ascp
+              next false unless File.exist?(item[:ascp_path])
+              # read info from product info file if present
+              product_info_file = "#{item[:app_root]}/#{INFO_META_FILE}"
+              if File.exist?(product_info_file)
+                res_s = XmlSimple.xml_in(File.read(product_info_file), {'ForceArray' => false})
+                item[:name] = res_s['name']
+                item[:version] = res_s['version']
+              else
+                item[:name] = item[:expected]
+              end
+              true # select this version
+            end
+          end
+          return @@found_products
+        end
+        # filename for ascp with optional extension (Windows)
+        def ascp_filename
+          return 'ascp' + Environment.exe_extension
+        end
+        # @return folder paths for specified applications
+        # @param name Connect or CLI
+        def folders(name)
+          found = Products.installed_products.select{|i|i[:expected].eql?(name) || i[:name].eql?(name)}
+          raise "Product: #{name} not found, please install." if found.empty?
+          return found.first
+        end
+        # @return the file path of local connect where API's URI can be read
+        def connect_uri
+          connect = folders(CONNECT)
+          folder = File.join(connect[:run_root], VAR_RUN_SUBFOLDER)
+          ['', 's'].each do |ext|
+            uri_file = File.join(folder, "http#{ext}.uri")
+            Log.log.debug{"checking connect port file: #{uri_file}"}
+            if File.exist?(uri_file)
+              return File.open(uri_file, &:gets).strip
+            end
+          end
+          raise "no connect uri file found in #{folder}"
+        end
+        # @ return path to configuration file of aspera CLI
+        # def cli_conf_file
+        #  connect = folders(PRODUCT_CLI_V1)
+        #  return File.join(connect[:app_root], BIN_SUBFOLDER, '.aspera_cli_conf')
+        # end
+      end
+    end
+  end
+end

data/lib/aspera/fasp/transfer_spec.rb CHANGED Viewed

@@ -41,7 +41,7 @@ module Aspera
           return case tspec['direction']
                  when DIRECTION_SEND then :upload
                  when DIRECTION_RECEIVE then :download
-                 else raise 'Error: upload or download only'
+                 else raise "Error: upload or download only, not #{tspec['direction']} (#{tspec['direction'].class})"
                  end
         end
       end

data/lib/aspera/fasp/uri.rb CHANGED Viewed

@@ -1,14 +1,16 @@
 # frozen_string_literal: true
-# cspell:words httpport targetrate minrate bwcap createpath lockpolicy lockminrate
+# cspell:words httpport targetrate minrate bwcap createpath lockpolicy lockminrate faspe
 require 'aspera/log'
+require 'aspera/rest'
 require 'aspera/command_line_builder'
 module Aspera
   module Fasp
     # translates a "faspe:" URI (used in Faspex 4) into transfer spec hash
     class Uri
+      SCHEME = 'faspe'
       def initialize(fasp_link)
         @fasp_uri = URI.parse(fasp_link.gsub(' ', '%20'))
         # TODO: check scheme is faspe
@@ -23,9 +25,7 @@ module Aspera
         # faspex does not encode trailing base64 padding, fix that to be able to decode properly
         fixed_query = @fasp_uri.query.gsub(/(=+)$/){|x|'%3D' * x.length}
-        URI.decode_www_form(fixed_query).each do |i|
-          name = i[0]
-          value = i[1]
+        Rest.decode_query(fixed_query).each do |name, value|
           case name
           when 'cookie'      then result_ts['cookie'] = value
           when 'token'       then result_ts['token'] = value

data/lib/aspera/faspex_gw.rb CHANGED Viewed

@@ -68,9 +68,9 @@ module Aspera
           faspex_pkg_parameters = JSON.parse(request.body)
           Log.log.debug{"faspex pkg create parameters=#{faspex_pkg_parameters}"}
           faspex_package_create_result =
-            if @app_api.is_a?(Aspera::AoC)
+            if @app_api.class.name.eql?('Aspera::AoC')
               faspex4_send_to_aoc(faspex_pkg_parameters)
-            elsif @app_api.is_a?(Aspera::Rest)
+            elsif @app_api.class.name.eql?('Aspera::Rest')
               faspex4_send_to_faspex5(faspex_pkg_parameters)
             else
               raise "No such adapter: #{@app_api.class}"

data/lib/aspera/faspex_postproc.rb CHANGED Viewed

@@ -13,7 +13,7 @@ module Aspera
     def initialize(server, parameters)
       raise 'parameters must be Hash' unless parameters.is_a?(Hash)
       @parameters = parameters.symbolize_keys
-      Log.dump(:post_proc_parameters, @parameters)
+      Log.log.debug{Log.dump(:post_proc_parameters, @parameters)}
       raise "unexpected key in parameters config: only: #{ALLOWED_PARAMETERS.join(', ')}" if @parameters.keys.any?{|k|!ALLOWED_PARAMETERS.include?(k)}
       @parameters[:script_folder] ||= '.'
       @parameters[:fail_on_error] ||= false
@@ -44,7 +44,7 @@ module Aspera
         script_path = File.join(@parameters[:script_folder], script_file)
         Log.log.debug{"script=#{script_path}"}
         webhook_parameters = JSON.parse(request.body)
-        Log.dump(:webhook_parameters, webhook_parameters)
+        Log.log.debug{Log.dump(:webhook_parameters, webhook_parameters)}
         # env expects only strings
         environment = webhook_parameters.each_with_object({}) { |(k, v), h| h[k] = v.to_s }
         post_proc_pid = Process.spawn(environment, [script_path, script_path])

data/lib/aspera/hash_ext.rb CHANGED Viewed

@@ -24,8 +24,8 @@ end
 unless Hash.method_defined?(:transform_keys)
   class Hash
     def transform_keys
-      return each_with_object({}){|(k, v), memo|memo[yield(k)] = v} if block_given?
-      raise 'missing block'
+      raise 'missing block' unless block_given?
+      return each_with_object({}){|(k, v), memo|memo[yield(k)] = v}
     end
   end
 end

data/lib/aspera/json_rpc.rb ADDED Viewed

@@ -0,0 +1,49 @@
+# frozen_string_literal: true
+# cspell:ignore blankslate
+require 'aspera/rest_error_analyzer'
+require 'blankslate'
+Aspera::RestErrorAnalyzer.instance.add_simple_handler(name: 'JSON RPC', path: %w[error message], always: true)
+module Aspera
+  # a very simple JSON RPC client
+  class JsonRpcClient < BlankSlate
+    JSON_RPC_VERSION = '2.0'
+    reveal :instance_variable_get
+    reveal :inspect
+    reveal :to_s
+    def initialize(api, namespace = nil)
+      super()
+      @api = api
+      @namespace = namespace
+      @request_id = 0
+    end
+    def respond_to_missing?(sym, include_private = false)
+      true
+    end
+    def method_missing(method, *args, &block)
+      args = args.first if args.size == 1 && args.first.is_a?(Hash)
+      data = @api.create('', {
+        jsonrpc: JSON_RPC_VERSION,
+        method:  "#{@namespace}#{method}",
+        params:  args,
+        id:      @request_id += 1
+      })[:data]
+      raise 'response shall be Hash' unless data.is_a?(Hash)
+      raise 'bad version in response' unless data['jsonrpc'] == JSON_RPC_VERSION
+      raise 'missing id in response' unless data.key?('id')
+      raise 'both error and response' if data.key?('error') && data.key?('result')
+      raise 'bad error response' unless
+        !data.key?('error') ||
+          data['error'].is_a?(Hash) &&
+            data['error']['code'].is_a?(Integer) &&
+            data['error']['message'].is_a?(String)
+      return data['result']
+    end
+  end
+end

data/lib/aspera/line_logger.rb ADDED Viewed

@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+require 'aspera/log'
+module Aspera
+  # used for logging http
+  class LineLogger
+    def initialize(level)
+      @level = level
+      @buffer = []
+    end
+    def <<(string)
+      return if string.nil? || string.empty?
+      if !string.end_with?("\n")
+        @buffer.push(string)
+        return
+      end
+      Log.log.send(@level, @buffer.join('') + string.chomp)
+      @buffer.clear
+    end
+  end
+end

data/lib/aspera/log.rb CHANGED Viewed

@@ -2,17 +2,53 @@
 require 'aspera/colors'
 require 'aspera/secret_hider'
+require 'aspera/environment'
 require 'logger'
 require 'pp'
 require 'json'
 require 'singleton'
+# extend Ruby logger with trace levels
+class Logger
+  TRACE_MAX = 2
+  # add custom level to logger severity
+  module Severity
+    1.upto(TRACE_MAX).each { |level| const_set("TRACE#{level}", - level)}
+  end
+  # quick access to label
+  SEVERITY_LABEL = Severity.constants.each_with_object({}) { |name, hash| hash[Severity.const_get(name)] = name}
+  def format_severity(severity)
+    SEVERITY_LABEL[severity] || 'ANY'
+  end
+  # define methods for a given level
+  def self.make_methods(str_level) # rubocop:disable Style/ClassMethodsDefinitions
+    int_level = ::Logger.const_get(str_level.upcase)
+    str_level = str_level.downcase
+    Kernel.send('lave'.reverse, <<-EOM, nil, __FILE__, __LINE__ + 1)
+      def #{str_level}(message = nil, &block)
+        add(#{int_level}, message, &block)
+      end
+      def #{str_level}?
+        level <= #{int_level}
+      end
+      def #{str_level}!
+        self.level = #{int_level}
+      end
+    EOM
+  end
+  Logger::Severity.constants.each { |severity| make_methods(severity) }
+end
 module Aspera
   # Singleton object for logging
   class Log
     include Singleton
     # where logs are sent to
     LOG_TYPES = %i[stderr stdout syslog].freeze
+    @@format = :json # rubocop:disable Style/ClassVars
     # class methods
     class << self
       # levels are :debug,:info,:warn,:error,fatal,:unknown
@@ -21,22 +57,20 @@ module Aspera
       # get the logger object of singleton
       def log; instance.logger; end
-      # dump object in debug mode
+      # dump object suitable for Log.log.debug
       # @param name string or symbol
       # @param format either pp or json format
-      def dump(name, object, format=:json)
-        log.debug do
-          result =
-            case format
-            when :json
-              JSON.pretty_generate(object) rescue PP.pp(object, +'')
-            when :ruby
-              PP.pp(object, +'')
-            else
-              raise 'wrong parameter, expect pp or json'
-            end
-          "#{name.to_s.green} (#{format})=\n#{result}"
-        end
+      def dump(name, object)
+        result =
+          case @@format
+          when :json
+            JSON.pretty_generate(object) rescue PP.pp(object, +'')
+          when :ruby
+            PP.pp(object, +'')
+          else
+            raise 'wrong parameter, expect ruby or json'
+          end
+        "#{name.to_s.green} (#{@@format})=\n#{result}"
       end
       # Capture the output of $stderr and log it at debug level
@@ -70,16 +104,23 @@ module Aspera
     # change underlying logger, but keep log level
     def logger_type=(new_log_type)
       current_severity_integer = @logger.level unless @logger.nil?
-      current_severity_integer = ENV['AS_LOG_LEVEL'] if current_severity_integer.nil? && ENV.key?('AS_LOG_LEVEL')
+      current_severity_integer = ENV.fetch('AS_LOG_LEVEL', nil) if current_severity_integer.nil? && ENV.key?('AS_LOG_LEVEL')
       current_severity_integer = Logger::Severity::WARN if current_severity_integer.nil?
       case new_log_type
       when :stderr
-        # typed: Logger
         @logger = Logger.new($stderr)
       when :stdout
         @logger = Logger.new($stdout)
       when :syslog
         require 'syslog/logger'
+        # the syslog class automatically creates methods from the severity names
+        # we just need to add the mapping (but syslog lowest is DEBUG)
+        1.upto(Logger::TRACE_MAX).each do |level|
+          Syslog::Logger.const_get(:LEVEL_MAP)[Logger.const_get("TRACE#{level}")] = Syslog::LOG_DEBUG
+        end
+        Logger::Severity.constants.each do |severity|
+          Syslog::Logger.make_methods(severity.downcase)
+        end
         @logger = Syslog::Logger.new(@program_name, Syslog::LOG_LOCAL2)
       else
         raise "unknown log type: #{new_log_type.class} #{new_log_type}"

data/lib/aspera/node.rb CHANGED Viewed

@@ -1,5 +1,6 @@
 # frozen_string_literal: true
+require 'aspera/cli/error'
 require 'aspera/fasp/transfer_spec'
 require 'aspera/rest'
 require 'aspera/oauth'
@@ -13,14 +14,22 @@ module Aspera
   class Node < Aspera::Rest
     # permissions
     ACCESS_LEVELS = %w[delete list mkdir preview read rename write].freeze
-    # prefix for ruby code for filter
+    # prefix for ruby code for filter (deprecated)
     MATCH_EXEC_PREFIX = 'exec:'
+    MATCH_TYPES = [String, Proc, Regexp, NilClass].freeze
     HEADER_X_ASPERA_ACCESS_KEY = 'X-Aspera-AccessKey'
     PATH_SEPARATOR = '/'
     TS_FIELDS_TO_COPY = %w[remote_host remote_user ssh_port fasp_port wss_enabled wss_port].freeze
+    SCOPE_USER = 'user:all'
+    SCOPE_ADMIN = 'admin:all'
+    SCOPE_PREFIX = 'node.'
+    SCOPE_SEPARATOR = ':'
+    SIGNATURE_DELIMITER = '==SIGNATURE=='
+    BEARER_TOKEN_VALIDITY_DEFAULT = 86400
+    BEARER_TOKEN_SCOPE_DEFAULT = SCOPE_USER
     # register node special token decoder
-    Oauth.register_decoder(lambda{|token|JSON.parse(Zlib::Inflate.inflate(Base64.decode64(token)).partition('==SIGNATURE==').first)})
+    Oauth.register_decoder(lambda{|token|Node.decode_bearer_token(token)})
     # class instance variable, access with accessors on class
     @use_standard_ports = true
@@ -28,16 +37,79 @@ module Aspera
     class << self
       attr_accessor :use_standard_ports
-      # for access keys: provide expression to match entry in folder
-      # if no prefix: regex
-      # if prefix: ruby code
-      # if expression is nil, then always match
+      # For access keys: provide expression to match entry in folder
       def file_matcher(match_expression)
-        match_expression ||= "#{MATCH_EXEC_PREFIX}true"
-        if match_expression.start_with?(MATCH_EXEC_PREFIX)
-          return Environment.secure_eval("lambda{|f|#{match_expression[MATCH_EXEC_PREFIX.length..-1]}}")
+        case match_expression
+        when Proc then return match_expression
+        when Regexp then return ->(f){f['name'].match?(match_expression)}
+        when String
+          if match_expression.start_with?(MATCH_EXEC_PREFIX)
+            code = "->(f){#{match_expression[MATCH_EXEC_PREFIX.length..-1]}}"
+            Log.log.warn{"Use of prefix #{MATCH_EXEC_PREFIX} is deprecated (4.15), instead use: @ruby:'#{code}'"}
+            return Environment.secure_eval(code, __FILE__, __LINE__)
+          end
+          return lambda{|f|File.fnmatch(match_expression, f['name'], File::FNM_DOTMATCH)}
+        when NilClass then return ->(_){true}
+        else raise Cli::BadArgument, "Invalid match expression type: #{match_expression.class}"
+        end
+      end
+      def file_matcher_from_argument(options)
+        return file_matcher(options.get_next_argument('filter', type: MATCH_TYPES, mandatory: false))
+      end
+      # node API scopes
+      def token_scope(access_key, scope)
+        return [SCOPE_PREFIX, access_key, SCOPE_SEPARATOR, scope].join('')
+      end
+      def decode_scope(scope)
+        items = scope.split(SCOPE_SEPARATOR, 2)
+        raise "invalid scope: #{scope}" unless items.length.eql?(2)
+        raise "invalid scope: #{scope}" unless items[0].start_with?(SCOPE_PREFIX)
+        return {access_key: items[0][SCOPE_PREFIX.length..-1], scope: items[1]}
+      end
+      # Create an Aspera Node bearer token
+      # @param payload [String] JSON payload to be included in the token
+      # @param private_key [OpenSSL::PKey::RSA] Private key to sign the token
+      def bearer_token(access_key:, payload:, private_key:)
+        raise 'payload shall be Hash' unless payload.is_a?(Hash)
+        raise 'missing user_id' unless payload.key?('user_id')
+        raise 'user_id must be a String' unless payload['user_id'].is_a?(String)
+        raise 'user_id must not be empty' if payload['user_id'].empty?
+        raise 'private_key shall be OpenSSL::PKey::RSA' unless private_key.is_a?(OpenSSL::PKey::RSA)
+        # manage convenience parameters
+        expiration_sec = payload['_validity'] || BEARER_TOKEN_VALIDITY_DEFAULT
+        payload.delete('_validity')
+        scope = payload['_scope'] || BEARER_TOKEN_SCOPE_DEFAULT
+        payload.delete('_scope')
+        payload['scope'] ||= token_scope(access_key, scope)
+        payload['auth_type'] ||= 'access_key'
+        payload['expires_at'] ||= (Time.now + expiration_sec).utc.strftime('%FT%TZ')
+        payload_json = JSON.generate(payload)
+        return Base64.strict_encode64(Zlib::Deflate.deflate([
+          payload_json,
+          SIGNATURE_DELIMITER,
+          Base64.strict_encode64(private_key.sign(OpenSSL::Digest.new('sha512'), payload_json)).scan(/.{1,60}/).join("\n"),
+          ''
+        ].join("\n")))
+      end
+      def decode_bearer_token(token)
+        return JSON.parse(Zlib::Inflate.inflate(Base64.decode64(token)).partition(SIGNATURE_DELIMITER).first)
+      end
+      def bearer_headers(bearer_auth, access_key: nil)
+        # if username is not provided, use the access key from the token
+        if access_key.nil?
+          access_key = Aspera::Node.decode_scope(Aspera::Node.decode_bearer_token(Oauth.bearer_extract(bearer_auth))['scope'])[:access_key]
+          raise "internal error #{access_key}" if access_key.nil?
         end
-        return lambda{|f|f['name'].match(/#{match_expression}/)}
+        return {
+          Aspera::Node::HEADER_X_ASPERA_ACCESS_KEY => access_key,
+          'Authorization'                          => bearer_auth
+        }
       end
     end
@@ -52,6 +124,7 @@ module Aspera
     # @param params [Hash] Rest parameters
     # @param app_info [Hash,NilClass] special processing for AoC
     def initialize(params:, app_info: nil, add_tspec: nil)
+      # init Rest
       super(params)
       @app_info = app_info
       # this is added to transfer spec, for instance to add tags (COS)
@@ -90,13 +163,13 @@ module Aspera
     # @param state [Object] state object sent to processing method
     # @param top_file_id [String] file id to start at (default = access key root file id)
     # @param top_file_path [String] path of top folder (default = /)
-    # @param block [Proc] processing method, args: entry, path, state
+    # @param block [Proc] processing method, arguments: entry, path, state
     def process_folder_tree(state:, top_file_id:, top_file_path: '/', &block)
       raise 'INTERNAL ERROR: top_file_path not set' if top_file_path.nil?
       raise 'INTERNAL ERROR: Missing block' unless block
       # start at top folder
       folders_to_explore = [{id: top_file_id, path: top_file_path}]
-      Log.dump(:folders_to_explore, folders_to_explore)
+      Log.log.debug{Log.dump(:folders_to_explore, folders_to_explore)}
       until folders_to_explore.empty?
         current_item = folders_to_explore.shift
         Log.log.debug{"searching #{current_item[:path]}".bg_green}
@@ -108,7 +181,7 @@ module Aspera
             Log.log.warn{"#{current_item[:path]}: #{e.class} #{e.message}"}
             []
           end
-        Log.dump(:folder_contents, folder_contents)
+        Log.log.debug{Log.dump(:folder_contents, folder_contents)}
         folder_contents.each do |entry|
           relative_path = File.join(current_item[:path], entry['name'])
           Log.log.debug{"process_folder_tree checking #{relative_path}"}
@@ -204,7 +277,7 @@ module Aspera
       when :basic
         ak_name = params[:auth][:username]
         raise 'ERROR: no secret in node object' unless params[:auth][:password]
-        ak_token = Rest.basic_creds(params[:auth][:username], params[:auth][:password])
+        ak_token = Rest.basic_token(params[:auth][:username], params[:auth][:password])
       when :oauth2
         ak_name = params[:headers][HEADER_X_ASPERA_ACCESS_KEY]
         # TODO: token_generation_lambda = lambda{|do_refresh|oauth_token(force_refresh: do_refresh)}
@@ -235,9 +308,19 @@ module Aspera
         transfer_spec.merge!(Fasp::TransferSpec::AK_TSPEC_BASE)
         # by default: same address as node API
         transfer_spec['remote_host'] = URI.parse(params[:base_url]).host
+        # AoC allows specification of other url
         if !@app_info.nil? && !@app_info[:node_info]['transfer_url'].nil? && !@app_info[:node_info]['transfer_url'].empty?
           transfer_spec['remote_host'] = @app_info[:node_info]['transfer_url']
         end
+        info = read('info')[:data]
+        # get the transfer user from info on access key
+        transfer_spec['remote_user'] = info['transfer_user'] if info['transfer_user']
+        # get settings from name.value array to hash key.value
+        settings = info['settings']&.each_with_object({}){|i, h|h[i['name']] = i['value']}
+        # check WSS ports
+        %w[wss_enabled wss_port].each do |i|
+          transfer_spec[i] = settings[i] if settings.key?(i)
+        end if settings.is_a?(Hash)
       else
         # retrieve values from API (and keep a copy/cache)
         @std_t_spec_cache ||= create(