Class: Aspera::Api::Node

Inherits:

Rest

• Object
• Rest
• Aspera::Api::Node

Defined in:

lib/aspera/api/node.rb

Overview

Provides additional functions using node API with gen4 extensions (access keys)

Direct Known Subclasses

CosNode

Constant Summary

ACCESS_LEVELS =

permissions

%w[delete list mkdir preview read rename write].freeze

MATCH_EXEC_PREFIX =

prefix for ruby code for filter (deprecated)

'exec:'

MATCH_TYPES =

[String, Proc, Regexp, NilClass].freeze

HEADER_X_ASPERA_ACCESS_KEY =

'X-Aspera-AccessKey'

PATH_SEPARATOR =

'/'

TS_FIELDS_TO_COPY =

%w[remote_host remote_user ssh_port fasp_port wss_enabled wss_port].freeze

SCOPE_USER =

'user:all'

SCOPE_ADMIN =

'admin:all'

SCOPE_PREFIX =

'node.'

SCOPE_SEPARATOR =

':'

SIGNATURE_DELIMITER =

'==SIGNATURE=='

BEARER_TOKEN_VALIDITY_DEFAULT =

86400

BEARER_TOKEN_SCOPE_DEFAULT =

SCOPE_USER

Constants inherited from Rest

Rest::ENTITY_NOT_FOUND, Rest::JSON_DECODE

Class Attribute Summary

• .use_standard_ports ⇒ Object

  Returns the value of attribute use_standard_ports.

Instance Attribute Summary

• #app_info ⇒ Object readonly

  Returns the value of attribute app_info.

Attributes inherited from Rest

#auth_params, #base_url

Class Method Summary

• .bearer_headers(bearer_auth, access_key: nil) ⇒ Object
• .bearer_token(access_key:, payload:, private_key:) ⇒ Object

  Create an Aspera Node bearer token.

• .decode_bearer_token(token) ⇒ Object
• .decode_scope(scope) ⇒ Object
• .file_matcher(match_expression) ⇒ Object

  For access keys: provide expression to match entry in folder.

• .file_matcher_from_argument(options) ⇒ Object
• .token_scope(access_key, scope) ⇒ Object

  node API scopes.

Instance Method Summary

• #add_tspec_info(tspec) ⇒ Object

  update transfer spec with special additional tags.

• #find_files(top_file_id, test_block) ⇒ Object
• #initialize(app_info: nil, add_tspec: nil, **rest_args) ⇒ Node constructor

  A new instance of Node.

• #node_id_to_node(node_id) ⇒ Object
• #process_folder_tree(state:, top_file_id:, top_file_path: '/', &block) ⇒ Object

  Recursively browse in a folder (with non-recursive method) sub folders are processed if the processing method returns true.

• #refreshed_transfer_token ⇒ Object
• #resolve_api_fid(top_file_id, path) ⇒ Hash

  Navigate the path from given file id.

• #transfer_spec_gen4(file_id, direction, ts_merge = nil) ⇒ Object

  Create transfer spec for gen4.

Methods inherited from Rest

array_params, array_params?, basic_token, build_uri, #call, #cancel, #create, decode_query, #delete, io_http_session, #lookup_by_name, #oauth, #oauth_token, #params, #read, remote_certificate_chain, set_parameters, start_http_session, #update, user_agent

Constructor Details

#initialize(app_info: nil, add_tspec: nil, **rest_args) ⇒ Node

Returns a new instance of Node.

Parameters:

• base_url (String) —

  Rest parameters

• auth (String, NilClass) —

  Rest parameters

• headers (String, NilClass) —

  Rest parameters

• app_info (Hash, NilClass) (defaults to: nil) —

  Special processing for AoC

• add_tspec (Hash, NilClass) (defaults to: nil) —

  Additional transfer spec

# File 'lib/aspera/api/node.rb', line 131

def initialize(app_info: nil, add_tspec: nil, **rest_args)
  # init Rest
  super(**rest_args)
  @app_info = app_info
  # this is added to transfer spec, for instance to add tags (COS)
  @add_tspec = add_tspec
  if !@app_info.nil?
    REQUIRED_APP_INFO_FIELDS.each do |field|
      Aspera.assert(@app_info.key?(field)){"app_info lacks field #{field}"}
    end
    REQUIRED_APP_API_METHODS.each do |method|
      Aspera.assert(@app_info[:api].respond_to?(method)){"#{@app_info[:api].class} lacks method #{method}"}
    end
  end
end

Class Attribute Details

.use_standard_ports ⇒ Object

Returns the value of attribute use_standard_ports.

# File 'lib/aspera/api/node.rb', line 40

def use_standard_ports
  @use_standard_ports
end

Instance Attribute Details

#app_info ⇒ Object (readonly)

Returns the value of attribute app_info.

# File 'lib/aspera/api/node.rb', line 124

def app_info
  @app_info
end

Class Method Details

.bearer_headers(bearer_auth, access_key: nil) ⇒ Object

# File 'lib/aspera/api/node.rb', line 105

def bearer_headers(bearer_auth, access_key: nil)
  # if username is not provided, use the access key from the token
  if access_key.nil?
    access_key = Node.decode_scope(Node.decode_bearer_token(OAuth::Factory.bearer_extract(bearer_auth))['scope'])[:access_key]
    Aspera.assert(!access_key.nil?)
  end
  return {
    Node::HEADER_X_ASPERA_ACCESS_KEY => access_key,
    'Authorization'                  => bearer_auth
  }
end

.bearer_token(access_key:, payload:, private_key:) ⇒ Object

Create an Aspera Node bearer token

Parameters:

• payload (String) —

  JSON payload to be included in the token

• private_key (OpenSSL::PKey::RSA) —

  Private key to sign the token

# File 'lib/aspera/api/node.rb', line 78

def bearer_token(access_key:, payload:, private_key:)
  Aspera.assert_type(payload, Hash)
  Aspera.assert(payload.key?('user_id'))
  Aspera.assert_type(payload['user_id'], String)
  Aspera.assert(!payload['user_id'].empty?)
  Aspera.assert_type(private_key, OpenSSL::PKey::RSA)
  # manage convenience parameters
  expiration_sec = payload['_validity'] || BEARER_TOKEN_VALIDITY_DEFAULT
  payload.delete('_validity')
  scope = payload['_scope'] || BEARER_TOKEN_SCOPE_DEFAULT
  payload.delete('_scope')
  payload['scope'] ||= token_scope(access_key, scope)
  payload['auth_type'] ||= 'access_key'
  payload['expires_at'] ||= (Time.now + expiration_sec).utc.strftime('%FT%TZ')
  payload_json = JSON.generate(payload)
  return Base64.strict_encode64(Zlib::Deflate.deflate([
    payload_json,
    SIGNATURE_DELIMITER,
    Base64.strict_encode64(private_key.sign(OpenSSL::Digest.new('sha512'), payload_json)).scan(/.{1,60}/).join("\n"),
    ''
  ].join("\n")))
end

.decode_bearer_token(token) ⇒ Object

# File 'lib/aspera/api/node.rb', line 101

def decode_bearer_token(token)
  return JSON.parse(Zlib::Inflate.inflate(Base64.decode64(token)).partition(SIGNATURE_DELIMITER).first)
end

.decode_scope(scope) ⇒ Object

# File 'lib/aspera/api/node.rb', line 68

def decode_scope(scope)
  items = scope.split(SCOPE_SEPARATOR, 2)
  Aspera.assert(items.length.eql?(2)){"invalid scope: #{scope}"}
  Aspera.assert(items[0].start_with?(SCOPE_PREFIX)){"invalid scope: #{scope}"}
  return {access_key: items[0][SCOPE_PREFIX.length..-1], scope: items[1]}
end

.file_matcher(match_expression) ⇒ Object

For access keys: provide expression to match entry in folder

# File 'lib/aspera/api/node.rb', line 43

def file_matcher(match_expression)
  case match_expression
  when Proc then return match_expression
  when Regexp then return ->(f){f['name'].match?(match_expression)}
  when String
    if match_expression.start_with?(MATCH_EXEC_PREFIX)
      code = "->(f){#{match_expression[MATCH_EXEC_PREFIX.length..-1]}}"
      Log.log.warn{"Use of prefix #{MATCH_EXEC_PREFIX} is deprecated (4.15), instead use: @ruby:'#{code}'"}
      return Environment.secure_eval(code, __FILE__, __LINE__)
    end
    return lambda{|f|File.fnmatch(match_expression, f['name'], File::FNM_DOTMATCH)}
  when NilClass then return ->(_){true}
  else Aspera.error_unexpected_value(match_expression.class.name, exception_class: Cli::BadArgument)
  end
end

.file_matcher_from_argument(options) ⇒ Object

# File 'lib/aspera/api/node.rb', line 59

def file_matcher_from_argument(options)
  return file_matcher(options.get_next_argument('filter', type: MATCH_TYPES, mandatory: false))
end

.token_scope(access_key, scope) ⇒ Object

node API scopes

# File 'lib/aspera/api/node.rb', line 64

def token_scope(access_key, scope)
  return [SCOPE_PREFIX, access_key, SCOPE_SEPARATOR, scope].join('')
end

Instance Method Details

#add_tspec_info(tspec) ⇒ Object

update transfer spec with special additional tags

# File 'lib/aspera/api/node.rb', line 148

def add_tspec_info(tspec)
  tspec.deep_merge!(@add_tspec) unless @add_tspec.nil?
  return tspec
end

#find_files(top_file_id, test_block) ⇒ Object

# File 'lib/aspera/api/node.rb', line 262

def find_files(top_file_id, test_block)
  Log.log.debug{"find_files: file id=#{top_file_id}"}
  find_state = {found: [], test_block: test_block}
  process_folder_tree(state: find_state, top_file_id: top_file_id) do |entry, path, state|
    state[:found].push(entry.merge({'path' => path})) if state[:test_block].call(entry)
    # test all files deeply
    true
  end
  return find_state[:found]
end

#node_id_to_node(node_id) ⇒ Object

# File 'lib/aspera/api/node.rb', line 154

def node_id_to_node(node_id)
  if !@app_info.nil?
    return self if node_id.eql?(@app_info[:node_info]['id'])
    return @app_info[:api].node_api_from(
      node_id: node_id,
      workspace_id: @app_info[:workspace_id],
      workspace_name: @app_info[:workspace_name])
  end
  Log.log.warn{"cannot resolve link with node id #{node_id}"}
  return nil
end

#process_folder_tree(state:, top_file_id:, top_file_path: '/', &block) ⇒ Object

Recursively browse in a folder (with non-recursive method) sub folders are processed if the processing method returns true

Parameters:

• state (Object) —

  state object sent to processing method

• top_file_id (String) —

  file id to start at (default = access key root file id)

• top_file_path (String) (defaults to: '/') —

  path of top folder (default = /)

• block (Proc) —

  processing method, arguments: entry, path, state

# File 'lib/aspera/api/node.rb', line 172

def process_folder_tree(state:, top_file_id:, top_file_path: '/', &block)
  Aspera.assert(!top_file_path.nil?){'top_file_path not set'}
  Aspera.assert(block){'Missing block'}
  # start at top folder
  folders_to_explore = [{id: top_file_id, path: top_file_path}]
  Log.log.debug{Log.dump(:folders_to_explore, folders_to_explore)}
  until folders_to_explore.empty?
    current_item = folders_to_explore.shift
    Log.log.debug{"searching #{current_item[:path]}".bg_green}
    # get folder content
    folder_contents =
      begin
        read("files/#{current_item[:id]}/files")[:data]
      rescue StandardError => e
        Log.log.warn{"#{current_item[:path]}: #{e.class} #{e.message}"}
        []
      end
    Log.log.debug{Log.dump(:folder_contents, folder_contents)}
    folder_contents.each do |entry|
      relative_path = File.join(current_item[:path], entry['name'])
      Log.log.debug{"process_folder_tree checking #{relative_path}"}
      # continue only if method returns true
      next unless yield(entry, relative_path, state)
      # entry type is file, folder or link
      case entry['type']
      when 'folder'
        folders_to_explore.push({id: entry['id'], path: relative_path})
      when 'link'
        node_id_to_node(entry['target_node_id'])&.process_folder_tree(
          state:         state,
          top_file_id:   entry['target_id'],
          top_file_path: relative_path,
          &block)
      end
    end
  end
end

#refreshed_transfer_token ⇒ Object

# File 'lib/aspera/api/node.rb', line 273

def refreshed_transfer_token
  return oauth_token(force_refresh: true)
end

#resolve_api_fid(top_file_id, path) ⇒ Hash

Navigate the path from given file id

Parameters:

• top_file_id (String) —

  id initial file id

• path (String) —

  file path

Returns:

• (Hash) —

  Aspera::Api::Node.api,.api,.file_id

# File 'lib/aspera/api/node.rb', line 214

def resolve_api_fid(top_file_id, path)
  Aspera.assert_type(top_file_id, String)
  process_last_link = path.end_with?(PATH_SEPARATOR)
  path_elements = path.split(PATH_SEPARATOR).reject(&:empty?)
  return {api: self, file_id: top_file_id} if path_elements.empty?
  resolve_state = {path: path_elements, result: nil}
  process_folder_tree(state: resolve_state, top_file_id: top_file_id) do |entry, _path, state|
    # this block is called recursively for each entry in folder
    # stop digging here if not in right path
    next false unless entry['name'].eql?(state[:path].first)
    # ok it matches, so we remove the match
    state[:path].shift
    case entry['type']
    when 'file'
      # file must be terminal
      raise "#{entry['name']} is a file, expecting folder to find: #{state[:path]}" unless state[:path].empty?
      # it's terminal, we found it
      state[:result] = {api: self, file_id: entry['id']}
      next false
    when 'folder'
      if state[:path].empty?
        # we found it
        state[:result] = {api: self, file_id: entry['id']}
        next false
      end
    when 'link'
      if state[:path].empty?
        if process_last_link
          # we found it
          other_node = node_id_to_node(entry['target_node_id'])
          raise 'cannot resolve link' if other_node.nil?
          state[:result] = {api: other_node, file_id: entry['target_id']}
        else
          # we found it but we do not process the link
          state[:result] = {api: self, file_id: entry['id']}
        end
        next false
      end
    else
      Log.log.warn{"Unknown element type: #{entry['type']}"}
    end
    # continue to dig folder
    next true
  end
  raise "entry not found: #{resolve_state[:path]}" if resolve_state[:result].nil?
  return resolve_state[:result]
end

#transfer_spec_gen4(file_id, direction, ts_merge = nil) ⇒ Object

Create transfer spec for gen4

# File 'lib/aspera/api/node.rb', line 278

def transfer_spec_gen4(file_id, direction, ts_merge=nil)
  ak_name = nil
  ak_token = nil
  case auth_params[:type]
  when :basic
    ak_name = auth_params[:username]
    Aspera.assert(auth_params[:password]){'no secret in node object'}
    ak_token = Rest.basic_token(auth_params[:username], auth_params[:password])
  when :oauth2
    ak_name = params[:headers][HEADER_X_ASPERA_ACCESS_KEY]
    # TODO: token_generation_lambda = lambda{|do_refresh|oauth_token(force_refresh: do_refresh)}
    # get bearer token, possibly use cache
    ak_token = oauth_token(force_refresh: false)
  else Aspera.error_unexpected_value(auth_params[:type])
  end
  transfer_spec = {
    'direction' => direction,
    'token'     => ak_token,
    'tags'      => {
      Transfer::Spec::TAG_RESERVED => {
        'node' => {
          'access_key' => ak_name,
          'file_id'    => file_id
        } # node
      } # aspera
    } # tags
  }
  # add specials tags (cos)
  add_tspec_info(transfer_spec)
  transfer_spec.deep_merge!(ts_merge) unless ts_merge.nil?
  # add application specific tags (AoC)
  app_info[:api].add_ts_tags(transfer_spec: transfer_spec, app_info: app_info) unless app_info.nil?
  # add remote host info
  if self.class.use_standard_ports
    # get default TCP/UDP ports and transfer user
    transfer_spec.merge!(Transfer::Spec::AK_TSPEC_BASE)
    # by default: same address as node API
    transfer_spec['remote_host'] = URI.parse(base_url).host
    # AoC allows specification of other url
    if !@app_info.nil? && !@app_info[:node_info]['transfer_url'].nil? && !@app_info[:node_info]['transfer_url'].empty?
      transfer_spec['remote_host'] = @app_info[:node_info]['transfer_url']
    end
    info = read('info')[:data]
    # get the transfer user from info on access key
    transfer_spec['remote_user'] = info['transfer_user'] if info['transfer_user']
    # get settings from name.value array to hash key.value
    settings = info['settings']&.each_with_object({}){|i, h|h[i['name']] = i['value']}
    # check WSS ports
    %w[wss_enabled wss_port].each do |i|
      transfer_spec[i] = settings[i] if settings.key?(i)
    end if settings.is_a?(Hash)
  else
    # retrieve values from API (and keep a copy/cache)
    @std_t_spec_cache ||= create(
      'files/download_setup',
      {transfer_requests: [{ transfer_request: {paths: [{'source' => '/'}] } }] }
    )[:data]['transfer_specs'].first['transfer_spec']
    # copy some parts
    TS_FIELDS_TO_COPY.each {|i| transfer_spec[i] = @std_t_spec_cache[i] if @std_t_spec_cache.key?(i)}
  end
  Log.log.warn{"Expected transfer user: #{Transfer::Spec::ACCESS_KEY_TRANSFER_USER}, but have #{transfer_spec['remote_user']}"} \
    unless transfer_spec['remote_user'].eql?(Transfer::Spec::ACCESS_KEY_TRANSFER_USER)
  return transfer_spec
end