QSH Verification, I have tried to verify qsh string but i get a "abc" qsh instead of the "def" qsh from the JWT token - jwt

I have used this video to properly understand how JWT QSH is created from a SHA hashed conical request
https://www.youtube.com/watch?v=5EpEMKPbUjU
I also have gone through, this site Understanding JWT. https://developer.atlassian.com/cloud/jira/platform/understanding-jwt-for-connect-apps/.
I have replicated everything done there, and still confused. I have never been able to reproduce the qsh.
if (verifiedClaims.qsh) {
const { baseUrl } = payload;
const url = JWTHelper.decodeUrlToMatchJWTQueryStringHash(baseUrl);
logger.debug(`url[${url}]`);
const req = jwt.fromMethodAndUrl("GET", url);
logger.debug(`req[${JSON.stringify(req)}]`);
let expectedHash = jwt.createQueryStringHash(req);
logger.debug(`expectedHash[${expectedHash}]`);
let signatureHashVerified = verifiedClaims.qsh === expectedHash;
logger.json("signatureHashVerified", { qsh: verifiedClaims.qsh, expectedHash, signatureHashVerified });
if (!signatureHashVerified) {
// If signatureVerified is false, then check the url if its a PUT/POST
expectedHash = jwt.createQueryStringHash(req, url);
signatureHashVerified = verifiedClaims.qsh === expectedHash;
logger.json("signatureHashVerified", { qsh: verifiedClaims.qsh, expectedHash, signatureHashVerified });
if (verifiedClaims.qsh !== expectedHash && verifiedClaims.qsh !== "context-qsh") {
const canonicalRequest = jwt.createCanonicalRequest(req, true, url);
logger.error(
'Auth failure: Query hash mismatch: Received: "' + verifiedClaims.qsh + '" but calculated "' + expectedHash + '". ' +
'Canonical query was: "' + canonicalRequest);
throw new Error("Authentication failed: query hash does not match.");
}
}
}
The code above is from the Link, understanding jwt. I am using atlassian-jwt npm package
https://www.npmjs.com/package/atlassian-jwt.
Please where am I getting it all wrong, from my codes or from any perspective what can I do to fix the issue and verify qsh

Related

How can I check with the calling URL domain with interceptors.request

I am new in exploring axios.
I would like to append Authorization for specific url I am calling
with ininterceptors.request.
Is it possible to check with what url I am calling ?
Let's take a look of my code right now.
service.interceptors.request.use(
config => {
config.headers["Authorization"] = "bearer " + getTokenA(); <---- Do this only when the api is /ApiA/
config.headers["Authorization"] = "bearer " + getTokenB(); <---- Do this only when the api is /ApiB/
return config;
},
error => {
Promise.reject(error);
}
);

How to wait for Rest API to respond in Protractor

I am using following function to call API in my Protractor test, and sometimes API takes time to respond.
var request = require( "superagent" );
var PostUrl = browser.baseUrl + 'rest/1.0/dev/users';
var CreateTenantUrl = browser.baseUrl + 'rest/1.0/tenant';
exports.CreateTenant = function(body){
var data = '{' + body + '}';
request.post(CreateTenantUrl).set('Content-Type', 'application/json').set('serviceSharedSecret', 'sharedsecret').send(data).end(function(err,res){
if(err){
console.log("CreateTenant post error= ", err )
} else{
console.log("CreateTenant post response = ", res.status)
}
expect(res.status).toEqual(200)
});
};
exports.CreateUsers = function(body){
var data = '{' +body + '}';
request.post( PostUrl ).set('Content-Type', 'application/json').send(data).end(function(err,res){
if(err){
console.log("CreateUsers post error= ", err )
} else{
console.log("CreateUsers post response = ", res.status)
}
expect(res.status).toEqual(202)
});
};
Call these functions in test script:
Common.CreateTenant('"tid": "1","long_name": "test tenant"');
Common.CreateUsers('"userName": "test1", "tenantKey": "1", "password": "Test1", "userID": "1"');
is there any way to put wait for each API call to complete and then execute the next one?

If you need your second API call to only fire after the first one completes, send the second API call in the callback method of the first API call.
'Waiting' for an API call to complete is tpyically bad practice. An example of what not to do is the following: send one API call wait 10 seconds, check if first call completed, if it has, send second api call, otherwise wait another 10 seconds and repeat the process.
Its almost always a better approach is to use callbacks where you are alerted when the API call completes.
For your example, you should do the following:
var request = require( "superagent" );
var PostUrl = browser.baseUrl + 'rest/1.0/dev/users';
var CreateTenantUrl = browser.baseUrl + 'rest/1.0/tenant';
exports.CreateTenant = function(body){
var data = '{' + body + '}';
request.post(CreateTenantUrl).set('Content-Type', 'application/json').set('serviceSharedSecret', 'sharedsecret').send(data).end(function(err,res){
if(err){
console.log("CreateTenant post error= ", err )
} else{
console.log("CreateTenant post response = ", res.status)
//Create user once tenant has been successfully created
Commons.CreateUsers('"userName": "test1", "tenantKey": "1", "password": "Test1", "userID": "1"');
}
expect(res.status).toEqual(200)
});
};
exports.CreateUsers = function(body){
var data = '{' +body + '}';
request.post( PostUrl ).set('Content-Type', 'application/json').send(data).end(function(err,res){
if(err){
console.log("CreateUsers post error= ", err )
} else{
console.log("CreateUsers post response = ", res.status)
}
expect(res.status).toEqual(202)
});
};

In order to wait for the request to complete you need to wrap it in a promise. See How to make superagent return a promise for more information

SOAP Request to Wemo switch from Pebble returns status 500

Been trying to write a pebble app for wemo switches, currently this is the code i'm using:
function WemoRequest(callback) {
if (SOAPData === false || SOAPData === undefined) {
console.log("Invalid SOAP data: " + JSON.stringify(SOAPData));
return;
}
var url = "http://192.168.1.230:49153/upnp/control/basicevent1";
try {
var request = new XMLHttpRequest();
request.open("POST", url, false);
request.setRequestHeader("SOAPAction", "urn:Belkin:service:basicevent:1#GetBinaryState");
request.setRequestHeader("Content-Type", "text/xml; charset=utf-8");
request.onreadystatechange = function() {
if (request.readyState == 4 && request.status === 200 && callback) {
callback(request, SOAPData);
}else{console.log("Status: "+request.status + " State: "+request.readyState+" Callback: "+callback);}
};
var packet = '<?xml version="1.0" encoding="utf-8"?>'+
'<s:Envelope xmls:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">'+
'<s:Body>'+
'<u:GetBinaryState xmlns:u="urn:Belkin:service:basicevent:1"></u:GetBinaryState>'+
'</s:Body>'+
'</s:Envelope>';
request.send(packet);
} catch (error) {
console.log("Error in XMLHttpRequest: " + error);
}}
I currently get status 500 from OnReadyStateChange and have no idea what I'm doing wrong. If this isn't enough code, app code is available here:https://github.com/dmf444/Webble

So...I know this is from 4 years ago lol, but I found this during a google search and just found the answer, so I figured I would respond for that reason: I think your header just needs an extra set of quotes around "urn:Belkin:service:basicevent:1#SetBinaryState" so that the string specifying the soapaction literally starts and ends with quotes.
I'm working in Python (because that's what all the kids seem to be doing these days), but I too was getting the 500 error until I made a very subtle change (the single quote marks around my double quotes) and almost cried tears of joy when my light turned off:
"SOAPACTION": '"urn:Belkin:service:basicevent:1#SetBinaryState"'
So here's the working version of the code (in Python lol):
import http.client
#Variables (value=on/off, ipaddress=address of your wemo)
value = 0 #1=ON, 0=OFF
ipAddress = "192.168.0.108"
#Build the SOAP Envelope (data)
data = '<?xml version="1.0" encoding="utf-8"?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><s:Body><u:SetBinaryState xmlns:u="urn:Belkin:service:basicevent:1"><BinaryState>' + str(value) + '</BinaryState></u:SetBinaryState></s:Body></s:Envelope>'
#Build the Header (headers)
headers = {"Content-type" : 'text/xml; charset="utf-8"', "SOAPACTION": '"urn:Belkin:service:basicevent:1#SetBinaryState"', "Content-Length": len(data)}
#Send request and check response data (resp_data)
conn = http.client.HTTPConnection(ipAddress, 49153)
conn.request("POST", "/upnp/control/basicevent1", data, headers)
response = conn.getresponse()
resp_data = response.read()
if response.status == 200:
conn.close()
print("SUCCESS!")
elif response.status == 403:
print("ERROR: 403 (FORBIDDEN)")
else:
print("ERROR: " + str(response.status))

Problems uploading jpg with OneDrive Rest Api

For this HTML5 phone App I have to use the OneDrive REST API.
I managed to upload the file, but the file up on the server is not in .jpg format and won't display in a jpg viewer. After logging in through the REST API and getting a token back, I used XMLHttpRequest to PUT the file. I've tried passing it up as an ArrayBuffer and as a base64 encoded string. In each case the file makes it there, but is not decoded properly. I figured I needed to tell the webserver how to decode the file with "request.setRequestHeader('Content-Type', 'image/jpg')" ,but I get back the following error message from the OneDrive server:
"error": {
"code": "request_body_invalid_media_type",
"message": "The Content-Type header 'text/plain' isn't supported."
}
this.uploadFile = function (token, fileUri,fileName, fileTools, success, fail) {
var me = app.log('||Microsoft.uploadFile||');
fileTools.readFileContent(fileUri, 'dataUrl', gotData, fileError);
function fileError(err) {
app.logError(me + '::fileError:::' + err);
}
function gotData(base64String) {
var request = new XMLHttpRequest;
app.log(me + '::token::' + token);
request.open("PUT", "https://apis.live.net/v5.0/me/skydrive/files/" + fileName + "?access_token=" + token, true);
request.setRequestHeader('Content-Type', 'text/plain');
//request.setRequestHeader('Content-Type', 'image/jpg');
//request.setRequestHeader('Content-Transfer-Encoding', 'base64;charset=utf-8');
request.onload = function (e) {
app.log(request.responseText);
success(e);
};
request.onerror = function (e) {
app.log(me + '::7::');
fail(e.error.message);
};
app.log(me + '::8::' + base64String.substr(0,100));
var b = new Base64Stuff();
var aBuffer = b.base64ToBuffer(b.removeBase64jpgHeader(base64String));
request.send(aBuffer);
//request.send(base64String);
}
}

try
request.setRequestHeader('Content-Type', '');

Photo upload with facebook-node-sdk Module / (#324) Requires upload file

I'm trying to send a photo using facebook node sdk module to a page. https://github.com/Thuzi/facebook-node-sdk/
I'm able to post to the page wall or to uplaod from an url. But i have a problem trying to uplaod photo from data.
That is how i connected :
FB.api('oauth/access_token', {
client_id: clientid,
client_secret: clientsecret,
redirect_uri: redirecturi,
code: code,
scope: scope,
fileUpload : true,
}, function (resf) { ...}
I get the good access token like this :
FB.api('/me/accounts', function (resf) {
if (!resf || resf.error) {
console.log(!resf ? 'error occurred' : resf.error);
return;
}
for (var i = 0; i < resf.data.length; i++) {
if (resf.data[i].id == pageid)
{
resf.data[i]. access_token
}
});
And i try to upload the photo :
var buff = "data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAkGBg8SEBQQEBQUEBQUFRQVERYUFhMYGBYVFBUVFBUVEhQYHCYgFxkkGhUVHy8gIycpLSwuFR4xNTAqNSYtLCkBCQoKDgwOFw8PFzUcHSQwKS01NTUsNTUpNS8sNCwsKS4pNDUuLTUsLC8pLCwpNTUvNSkpNSkvLCwsKikpKSksNv/AABEIAK8BHwMBIgACEQEDEQH/xAAcAAEAAgIDAQAAAAAAAAAAAAAABwgFBgEDBAL/xABKEAABAwICBgYECgULBQAAAAABAAIDBBEFIQYHEjFBcRMiUWGBsTI0kaEjQlJyc3SCkrKzCBQkYsEVFhczNVNUVZPR0mODoqPC/8QAGwEBAQADAQEBAAAAAAAAAAAAAAECAwUEBgf/xAAoEQEAAgIBAwIFBQAAAAAAAAAAAQIDEQQFEiExcRMyQZHRUYGh8PH/2gAMAwEAAhEDEQA/AJxREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQEREBERAREQdFbWxQxulme2NjRdznkBoG65J3LtjkDgHNIIIBBG4g5ghaJrtxMRYRLH8adzI2j7XSO9zD7Vt2CuApYScgIY7/cag96LScX1p0sTiyFjqi29wIazwcczzsvLh+tuFzgJoXRA/Ga4PA5iwPsWv4tN626MdL5dqd8Y51/P29UgIumkrI5WNkicHscLtc03BC7lsc+YmJ1IiIiCIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAuCV8VFQxjS+RwY1ou5ziAAO0k5AKEdZetzp2uo6AkRG7ZpswZBxZFxDO1288Mt4YHW7pm2uq9iE7UFOHMjI3Pef6yQd2QA7m34qUdNcSfHhNOxpt0zYWOI+SItojxsB7VXZ+48j5Ky+kOAPqsKhbGLyRxwyMHyrRgFo7yCfGywvvtnT28G1K8nHOT03CIUXLmkEgggjIg5EHsI4Lhc5+mw3vVVjTmzupSbska57B2PbYm3Nt/uqVFEeqzDnPrDNbqxMdc/vP6oHs2j4KXF7sO+zy+A65FI5c9v6Rv3/zQiItziCIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgLxYzi0dNBJUS7RZE3adsjadYdg4le1EEeu14YWB6NSf+yR7yVgcW/SBZYikpXE8HTuAA+wy5P3gpK0sH7BV/Vp/wAp6qcEVndJdNq+vP7TKXNBu2NvVjHJg3nvNysGiIr5k3HkfJWjfpRT0dLTdNtnbiZs7DC7cxt7ncN6q5JuPI+St1gg/ZYPoYvwNUlaTWLRNo3Hvr8tIxXSrCKg3dSSTyd0Wy483A3WBpNCamrmL44P1KA2ttlxsO4O6zifAKYrLla5x93q6uLqk4KzGGuve0zr2jxDHYFgcVJCIYhkM3OO9zjvc7vWRRYTSzS+lw+Dpqh2ZuIo2+nI4cGjzJyC2xGnJve17Ta07mWZfIGglxAAzJOQA7SVo2P65MLpiWMe6reMrQgFoPfISG+y6hvTDWHW4i4iV3Rw36sLCdgdhfxkd3nLsAWsImkyU2uuvqp2wUNCxz3+iHyOce8usGhoHE3WS0k000ioIxPUUtG+K4DnRGY7JOQD7uuM8r2IXTqF0faynlrXDrSvMcZ7I4/Stzff7gUk41hjKinlp3i7ZY3MN/3gQD4Gx8EEXYT+kDGSBVUrmDi6F4f/AODg0+9SPo/pZRVrNqlmbJb0m7nt+cw5jyVUXsLSWneCQeYNiu2irZYZGywvdFI03a9hIcOR/ghpcBFG2rPWqK21LVlrKn4jhk2YAcB8WTu47x2CSUQREQFgtItNqChH7TM1rrXEbetIeTG5+JsFHmsvW85j3UeHOs5pLZpxY2O4sh4XG4u4cO1Q3LK5zi5xLnON3OcSST2knMlF0mTFNf7b7NJSufnZrpX2v2WjYCfC62rRDEMfqJGy1sVPS05BJjs/pjcdWw2js529LPuUfaiNH45qqWqkAd+rhgiB4Pk2uvzAabfOU7ojXMWo8X23Opp6cMv1GSROuB2F4JvzstPrtZOKUkvQ1cEJcM8ttu0ODmuBII8FIuNYvHSwPqJfRYL2G8k5Bo7ySB4qBNJNIpq2czS2GWyxo3MYCSGjt33J4rpcPH8X5qxMOfyr/D+W07SdhGt2jkIbO19MTxPXZ4uGY8Qt3p6lkjQ+NzXtcLtc0ggjuIVZlsWhel8tDMMyYHuHTM4AHIvaODhv79y3Z+nxreP7NWHnTvWRPaLhjwQCMwcwe4rlcd1RERAREQEREGJ0s9Qq/q1R+U9VOCtjpZ6hV/Vqj8p6qcEWHKIiK+ZNx5HyVusD9Vg+hi/A1VFk3HkfJW6wP1WD6GL8DUSXuRERGN0hx6GjppKmY2ZGL2G9zjk1je0k2CrBpPpLPX1Dqic5nJjR6MbL5MZ3Dt4nNbxrx0qM1U2hYfg6exkscnTOF8/mtIHNzlGSLAiLgjKyKtJq7oOhwqkZuPQse750nwh97lsa82GQbEETPkxsb91oH8F6UYqlaSQ7FbUs+TUTj/2OWOWa02bbEqwD/EzfjKwqMn1FK5rg9hLXNILXA2IINwQeBBVl9WumYxCjD326eKzKgDi62UgHY4Z87jgqzLdtUGkBpsTjYTaOoHQv+cc4zz2svtlEWQWk62tKnUVAREdmac9FGRvaCLveO8NyB7XBbsoN/SAqyaumi4Nhc/xe+3kwIiK0REZJG1I6Sx09a+nlIa2pa1rCd3SsJLAT3hzhzt2qwCpypJ0R111VM1sNW01cYsA+9pWjvccpPGx70RJWtiF7sOJbubJG5/zbkeZaoVU34XrEweuYYumY3bBa6Kf4MkHIt62TvAlabpBqoqGOL6IieM5taSA9o7ATk8d+RXW4PIpSvZadOXzMFrT318tCXGyTkMyd3is6zQbEybfqso5hoHtJst60K1XmGRtRWFrnNO1HE3MNcNznu4kcAMu8r35eVjpXe9vFj4+S861pveDwOZTwsd6TYo2u5tYAfeF7ERfNzO5278RqNCIiiiIiAiIgxOlnqFX9WqPynqpwVsdLPUKv6tUflPVTgiw5RERXzJuPI+St1gfqsH0MX4Gqosm48j5K3WB+qwfQxfgaiS9y6a2qbFG+V3osY57uTQXH3Bdy1rWRUlmE1jhkehc379mf/SIrLiFc+aWSd+bpXukdzeS4+a6ERGQuylj2pGN7XNHtcAutd9A4iaMtbtuEkZa35RDxZvicvFBb4BcqPv57Y5/k7/8AXZ/sn89sc/yd/wDrs/2RihTTf+0636zN+MrCrdMb0DxmoqZqg0UjOmkfJs7UZ2ds3tfazXi/oxxn/By+2P8A5IrWF2U1SY3tkbkWOa8c2EOHktj/AKMcZ/wcvtj/AOS4dqxxmx/Y5dx4x/8AJBZ2GTaaHdoB9ouoN/SApyKynk4OgLRzZISfxhTbh8ZbFG0ixDGAjsIaAVouuvRt1TQCeMbT6VxksN5icLSW5Wa77JRFe0REZCIiDghZfBdLa+kP7NUSRD5N7s8Y3Xb7liUQS7o3r6eCGV8IcN3SwCxHe6Imx8COSlnBcepquITU0jZWHi3eD2Oac2nuKqSsro1pNU0M4npnbJy22m+xI35MjeI7944ImlsUWH0U0lhr6VlVFkHZPad7Hj0mO5e8EHiswiCIiAiIgIiIMTpZ6hV/Vqj8p6qcFbHSz1Cr+rVH5T1U4IsOUREV8ybjyPkrdYH6rB9DF+BqqLJuPI+St1gfqsH0MX4GokvctW1oRk4PWAf3V/uua4+SzGM49DS9D0u18PMyCPZF/hJL7O12DI5r7x3D+npZoP72KRni5pAPtKIqOi5fGWktcLEEhw7CMiPauEZC9uBet0/08H5rF4l6cMfszxO7JYz7HtKC3i5RfMjw0FxyABJ5DMoxYrSDSWCkYDJ1nO9BjbbTu/uHeVolZrKrHH4MRxDgLFx8Sf8AZa/jGKPqJ3zPPpHqjsaPRaOQXiXktlmZ8Pl+T1HJe0xSdQ26j1lVjT8I2OUcRYtPgRl7lvWj+ksFWwmPquHpsdbab3947woXXuwTFXU87Jmm2yesO1h9IHw8grXLMT5ON1HJS0RedwnFa7TaTbeKT4a9rQGQRyxnO7tokSBwOWV27u0rYWOBAI3HMKENPNIDRaSR1XxWRwiQDjG4Oa8ew35gL1PqHm1k6pZad76qhYZICS58bRd0PE7IGbo+WY5ZqMlcOGVr2h7SHNcAWkbiCLgjwWo6UaqsOrSZCw08p3yQ2aSe17PRdztfvRdq1IpGx3UdiMJJpyyrZwsRG+3e1xsfBy0PEcJqKd2xURSQO7JGubfkTkfBFeVERAREQShqGxxzKyWkJ6k0Ze0dkkVt3NhP3Qp2VZtU7yMYpLcXSA8jDJdWZRJEREQREQEREGJ0s9Qq/q1R+U9VOCttpJA59HUsbmXQTNbzdG4DzVSW7giw5RERXzJuPI+St1gfqsH0MX4Gqosm48j5K3WB+qwfQxfgaiS1fWEdqpwqHi6vbJ4Qsc4+a3ZaNO/9a0gjY3NmH073vPATVNmtbz2BdbyiK4639FzSYg+VotFUkysPAPP9azntHa5PWjq1OmeicWIUrqeTqn0on2zZINzh2jeCOIJVZMbwSeknfT1DCx7Dn2EcHMPFp4FFeFNq2fZn7ERFW+w+pEkMcg3PYxw+00H+K5rYS+J7BvcxzRzIIWs6q8XFRhVOb3dG3oX9xi6ovzbsnxW2owmN+EAuYQbHIjI8xkVwt+020JeXuqaZu1tZyxjffi5g434haE5pBsRYjeDkRzC8NqzWXxvI498F5raHCBpOQ3nIczki2XQXATPUiRw+DiIc48C4Ztb7c/DvUrG5014cc5bxSv1StTMsxrTwaB7BZV512/2u/wChh8nKxSrrrt/td/0MPk5e99vHhvOpLTMTQfyfK74SAXhv8eG+4d7Cbci3sUoqoeFYpLTTMqIHbEkbg5p8wRxBFwR2FWd0M0vgxGmbPF1XCzZo75xvtmD2g7weI8UVn101VHHK0slY2Rp3te0OB5g5LuRERzpPqSoJwXUv7HJwDbmIn96M+j9kjkVCWkWjlTQzmnqW7Lhm0jNr28HMdxHluKtmtA114MyXDHzEDbp3Mew8bOcGPbyIcD9kIqvCIiK3nUvQGTF43WuIY5ZD93ox75FY1RrqR0UNPSOq5RaSptsA7xC2+x94ku5bKkpGIiIgIiICIiAVXDWfoDJQ1D5o2k0sri6Nw3RucbmJ/ZmcjxHeFY9dc9Ox7Sx7Wva4Wc1wBBB4EHIhBT1FYPG9SGGTEuh6SkceEZBZ/puvbwIWtz/o9v8AiVg+1Cf4PRdofUuYDrqlFJFSR0r56sMbFEQQWvIGy1xaOtewFwO/MBeuj/R8Zf4arcRxEcQafa5xt7Fv+i+gVBQZ08fXIsZXnakI7No+iO4WCDq0C0YfSQOdUO6SqqHmarfvvI7c0HsaDb2rZkREFgNLtC6TEYujqG2c2/RSNsHxk/JPEdrTkVn0QVo0s1XYhQku2DUQjdLECbD/AKjN7PeO9aerjrXMb1eYXVkumpmbZ3vZeN/MuZa/jdF2hnVPp6ygndDUG1PORtO39HIMg8j5JGR5A8FYWnqWPaHxua9rhdrmkEEdoIyKjKt1A0LjeGeeLudsPA5XAPvXGG6lqinPwGJ1ELeIjaW58hJb3IJRWGx+qw+Nu1VCIngHNa55+aN69k2GbcAgfJIeq1pkDtl7tm3WLhxNs+ZXkw/RCjhO02MOd8qQl7va7csZ20ZYvPisR+/4aLR6LS107pmx/qlO49XIDqgAdRvEm2/dmpIwzDIqeJsUTdlrfaTxLjxJXrsilaRVr4/Fph3MeZn6/wB9BV61yUz5MZMcbXSPdFCGtaCXE2dkAMyrCrFx6OUwrH12zed8bYi4kmzG8Gj4pPE8bLN6lfItUuNObtfqpHc6SIO+6XLz4fJiuDVAnMUlOdzhI09HI2+bXOHVI7wbg7lZ9fEsTXAtcA4HIggEEd4O9F21rQzWHR4iwdG7o5gLvheRtDtLPlt7x42W0LS8Z1SYXO7pGRupJL3D6Z3R2Pbs+jfkAviDR3HafqwV8VUwbm1kLtrxljNz4ojd1HOu/SCOLDzS3HSVLmgN4iNjg97j3XaB4r21Q0ocNln8mxfvt6ckd4Drj3LVX6kq+pmM+IVzXvd6RY1z3ZbgC7ZDQOwCyCG1J+rbVLLUPbVVzDHALOZE4EOm4jaG9sfPN3LNSRozqrw2iIe2Pp5Rukms4g9rG22W8wL963BF24a0AWGQG5coiIIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiIP/Z";
var body = 'My firstdfsfsfd';
FB.api(pageid + '/photos', 'post', { message: body, source: buff, }, function (resf) {
if (!resf || resf.error) {
console.log(!resf ? 'error occurred' : resf.error);
return;
}
console.log( resf);
res.send(resf);
});
And i have this error :
{
"error": {
"message": "(#324) Requires upload file",
"type": "OAuthException",
"code": 324
}
}
This call is working :
var body = 'My firstdfsfsfd';
FB.api(pageid + '/photos', 'post', { message: body, url: 'url_image', }, function (resf) {
if (!resf || resf.error) {
console.log(!resf ? 'error occurred' : resf.error);
return;
}
console.log( resf);
res.send(resf);
});
What did i forget ?
Does multipart upload is allowing with this module : https://github.com/Thuzi/facebook-node-sdk/

It does not appear to support multipart. You could do it manually with the request module:
var request = require('request');
// ....
var access_token = 'abc123',
pageid = 'me',
fburl = 'https://graph.facebook.com/'
+ pageid
+ '/photos?access_token='
+ access_token,
req,
form;
req = request.post(fburl, function(err, res, body) {
if (err)
return console.error('Upload failed:', err);
console.log('Upload successful! Server responded with:', body);
});
form = req.form()
// append a normal literal text field ...
form.append('message', 'My photo!');
// append a file field by streaming a file from disk ...
form.append('source', fs.createReadStream(path.join(__dirname, 'photo.jpg')));
// or append a Buffer ...
form.append('source', someBuffer);
// or append the contents of a remote url ...
form.append('source', request('http://google.com/doodle.png'));

Example (from mscdex) above works for:
form.append('source', requestLib('<imageURL>'));
Gives response:
{"id":"756317401077924","post_id":"100000990137087_756310827745248"}
Also works for:
form.append('source', fs.createReadStream('<imagepath>'));
Gives response:
{"id":"756328687743462","post_id":"100000990137087_756310827745248"}
This is probably all I need. Thanks mscdex, very helpful. But out of curiosity, when I replaced it with an image buffer:
form.append('source', imageBuffer);
It gives the same error as OP (even when using the same image string as OP):
{"error":{"message":"(#324) Requires upload file","type":"OAuthException","code":324}}
Why? My guess is Facebook wants a specific format for an encoded image.