ayman-fca 1.0.0

package/src/api/messaging/threadColors.js

@@ -0,0 +1,128 @@
+"use strict";
+
+module.exports = function(_defaultFuncs, _api, _ctx) {
+  // Currently the only colors that can be passed to api.changeThreadColor(); may change if Facebook adds more
+  return {
+    //Old hex colors.
+    ////MessengerBlue: null,
+    ////Viking: "#44bec7",
+    ////GoldenPoppy: "#ffc300",
+    ////RadicalRed: "#fa3c4c",
+    ////Shocking: "#d696bb",
+    ////PictonBlue: "#6699cc",
+    ////FreeSpeechGreen: "#13cf13",
+    ////Pumpkin: "#ff7e29",
+    ////LightCoral: "#e68585",
+    ////MediumSlateBlue: "#7646ff",
+    ////DeepSkyBlue: "#20cef5",
+    ////Fern: "#67b868",
+    ////Cameo: "#d4a88c",
+    ////BrilliantRose: "#ff5ca1",
+    ////BilobaFlower: "#a695c7"
+
+    //#region This part is for backward compatibly
+    //trying to match the color one-by-one. kill me plz
+    MessengerBlue: "196241301102133", //DefaultBlue
+    Viking: "1928399724138152", //TealBlue
+    GoldenPoppy: "174636906462322", //Yellow
+    RadicalRed: "2129984390566328", //Red
+    Shocking: "2058653964378557", //LavenderPurple
+    FreeSpeechGreen: "2136751179887052", //Green
+    Pumpkin: "175615189761153", //Orange
+    LightCoral: "980963458735625", //CoralPink
+    MediumSlateBlue: "234137870477637", //BrightPurple
+    DeepSkyBlue: "2442142322678320", //AquaBlue
+    BrilliantRose: "169463077092846", //HotPink
+    DefaultBlue: "196241301102133",
+    HotPink: "169463077092846",
+    AquaBlue: "2442142322678320",
+    BrightPurple: "234137870477637",
+    CoralPink: "980963458735625",
+    Orange: "175615189761153",
+    Green: "2136751179887052",
+    LavenderPurple: "2058653964378557",
+    Red: "2129984390566328",
+    Yellow: "174636906462322",
+    TealBlue: "1928399724138152",
+    Aqua: "417639218648241",
+    Mango: "930060997172551",
+    Berry: "164535220883264",
+    Citrus: "370940413392601",
+    Candy: "205488546921017",
+
+    /**
+     * July 06, 2022
+     * added by @NTKhang
+     */
+    Earth: "1833559466821043",
+    Support: "365557122117011",
+    Music: "339021464972092",
+    Pride: "1652456634878319",
+    DoctorStrange: "538280997628317",
+    LoFi: "1060619084701625",
+    Sky: "3190514984517598",
+    LunarNewYear: "357833546030778",
+    Celebration: "627144732056021",
+    Chill: "390127158985345",
+    StrangerThings: "1059859811490132",
+    Dune: "1455149831518874",
+    Care: "275041734441112",
+    Astrology: "3082966625307060",
+    JBalvin: "184305226956268",
+    Birthday: "621630955405500",
+    Cottagecore: "539927563794799",
+    Ocean: "736591620215564",
+    Love: "741311439775765",
+    TieDye: "230032715012014",
+    Monochrome: "788274591712841",
+    Default: "3259963564026002",
+    Rocket: "582065306070020",
+    Berry2: "724096885023603",
+    Candy2: "624266884847972",
+    Unicorn: "273728810607574",
+    Tropical: "262191918210707",
+    Maple: "2533652183614000",
+    Sushi: "909695489504566",
+    Citrus2: "557344741607350",
+    Lollipop: "280333826736184",
+    Shadow: "271607034185782",
+    Rose: "1257453361255152",
+    Lavender: "571193503540759",
+    Tulip: "2873642949430623",
+    Classic: "3273938616164733",
+    Peach: "3022526817824329",
+    Honey: "672058580051520",
+    Kiwi: "3151463484918004",
+    Grape: "193497045377796",
+
+    /**
+     * July 15, 2022
+     * added by @NTKhang
+     */
+    NonBinary: "737761000603635",
+
+    /**
+     * November 25, 2022
+     * added by @NTKhang
+     */
+    ThankfulForFriends: "1318983195536293",
+    Transgender: "504518465021637",
+    TaylorSwift: "769129927636836",
+    NationalComingOutDay: "788102625833584",
+    Autumn: "822549609168155",
+    Cyberpunk2077: "780962576430091",
+
+    /**
+     * May 13, 2023
+     */
+    MothersDay: "1288506208402340",
+    APAHM: "121771470870245",
+    Parenthood: "810978360551741",
+    StarWars: "1438011086532622",
+    GuardianOfTheGalaxy: "101275642962533",
+    Bloom: "158263147151440",
+    BubbleTea: "195296273246380",
+    Basketball: "6026716157422736",
+    ElephantsAndFlowers: "693996545771691"
+  };
+};

package/src/api/messaging/unsendMessage.js

@@ -0,0 +1,73 @@
+// ============================================================
+//  AYMAN-FCA v2.0 — Unsend Message
+//  © 2025 Ayman. All Rights Reserved.
+// ============================================================
+"use strict";
+
+const { generateOfflineThreadingID } = require("../../utils/format");
+const log = require("../../../func/logAdapter");
+
+module.exports = function(defaultFuncs, api, ctx) {
+  return function unsendMessage(messageID, threadID, callback) {
+    return new Promise((resolve, reject) => {
+      if (!ctx.mqttClient) {
+        const err = new Error("AYMAN-FCA: MQTT غير متصل");
+        callback?.(err); return reject(err);
+      }
+
+      const reqID  = ++ctx.wsReqNumber;
+      const taskID = ++ctx.wsTaskNumber;
+
+      const content = {
+        app_id:     "2220391788200892",
+        payload:    JSON.stringify({
+          tasks: [{
+            failure_count: null,
+            label:         "33",
+            payload:       JSON.stringify({ message_id: messageID, thread_key: threadID, sync_group: 1 }),
+            queue_name:    "unsend_message",
+            task_id:       taskID
+          }],
+          epoch_id:   parseInt(generateOfflineThreadingID()),
+          version_id: "25393437286970779"
+        }),
+        request_id: reqID,
+        type:       3
+      };
+
+      let done = false;
+      const timer = setTimeout(() => {
+        if (done) return;
+        done = true;
+        ctx.mqttClient?.removeListener("message", handleRes);
+        callback?.(null, { success: true });
+        resolve({ success: true });
+      }, 10000);
+
+      const handleRes = (topic, message) => {
+        if (topic !== "/ls_resp") return;
+        let msg;
+        try { msg = JSON.parse(message.toString()); msg.payload = JSON.parse(msg.payload); } catch { return; }
+        if (msg.request_id !== reqID) return;
+        if (done) return;
+        done = true;
+        clearTimeout(timer);
+        ctx.mqttClient?.removeListener("message", handleRes);
+        callback?.(null, { success: true });
+        resolve({ success: true });
+      };
+
+      ctx.mqttClient.on("message", handleRes);
+      ctx.mqttClient.publish("/ls_req", JSON.stringify(content), { qos: 1, retain: false }, err => {
+        if (err) {
+          if (done) return;
+          done = true;
+          clearTimeout(timer);
+          ctx.mqttClient?.removeListener("message", handleRes);
+          log.error("unsendMessage", err);
+          callback?.(err); reject(err);
+        }
+      });
+    });
+  };
+};

package/src/api/messaging/uploadAttachment.js

@@ -0,0 +1,492 @@
+"use strict";
+
+const axios = require("axios");
+const { wrapper } = require("axios-cookiejar-support");
+const { CookieJar } = require("tough-cookie");
+const FormData = require("form-data");
+const fs = require("fs");
+const path = require("path");
+const stream = require("stream");
+const { URL } = require("url");
+const log = require("../../../func/logAdapter");
+
+let http = null;
+let cookieJar = new CookieJar();
+let tokenCache = null;
+let tokenCacheTime = 0;
+const TOKEN_CACHE_TTL = 5 * 60 * 1000;
+
+const DEFAULT_UA = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36";
+
+function cleanJSON(x) {
+  if (typeof x !== "string") return x;
+  const s = x.replace(/^for\s*\(;;\);\s*/i, "");
+  try { return JSON.parse(s); } catch { return s; }
+}
+
+function pick(re, html, i = 1) {
+  const m = html && html.match(re);
+  return m ? m[i] : "";
+}
+
+function getFrom(html, a, b) {
+  const i = html.indexOf(a);
+  if (i < 0) return;
+  const start = i + a.length;
+  const j = html.indexOf(b, start);
+  return j < 0 ? undefined : html.slice(start, j);
+}
+
+function respFinalUrl(res) {
+  return (res && (res.url || res.requestUrl)) || "";
+}
+
+function detectCheckpoint(res) {
+  const url = String(respFinalUrl(res) || "");
+  const body = typeof res?.body === "string" ? res.body : "";
+  const hit =
+    /\/checkpoint\//i.test(url) ||
+    /(?:href|action)\s*=\s*["']https?:\/\/[^"']*\/checkpoint\//i.test(body) ||
+    /"checkpoint"|checkpoint_title|checkpointMain|id="checkpoint"/i.test(body) ||
+    (/login\.php/i.test(url) && /checkpoint/i.test(body));
+  return { hit, url: url || (body.match(/https?:\/\/[^"']*\/checkpoint\/[^"'<>]*/i)?.[0] || "") };
+}
+
+function checkpointError(res) {
+  const d = detectCheckpoint(res);
+  if (!d.hit) return null;
+  const e = new Error("Checkpoint required");
+  e.code = "CHECKPOINT";
+  e.checkpoint = true;
+  e.url = d.url || "https://www.facebook.com/checkpoint/";
+  e.status = res?.statusCode || res?.status;
+  return e;
+}
+
+async function httpGet(pageUrl, ua, headers = {}) {
+  const host = new URL(pageUrl).hostname;
+  const referer = `https://${host}/`;
+  const baseHeaders = {
+    Accept: "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8",
+    "Accept-Language": "vi-VN,vi;q=0.9,en-US;q=0.8,en;q=0.7",
+    "Accept-Encoding": "gzip, deflate, br",
+    "Cache-Control": "max-age=0",
+    Connection: "keep-alive",
+    Host: host,
+    Origin: `https://${host}`,
+    Referer: referer,
+    "Sec-Ch-Prefers-Color-Scheme": "dark",
+    "Sec-Ch-Ua": '"Google Chrome";v="143", "Chromium";v="143", "Not A(Brand";v="24"',
+    "Sec-Ch-Ua-Full-Version-List": '"Google Chrome";v="143.0.7499.182", "Chromium";v="143.0.7499.182", "Not A(Brand";v="24.0.0.0"',
+    "Sec-Ch-Ua-Mobile": "?0",
+    "Sec-Ch-Ua-Model": '""',
+    "Sec-Ch-Ua-Platform": '"Windows"',
+    "Sec-Ch-Ua-Platform-Version": '"19.0.0"',
+    "Sec-Fetch-Dest": "document",
+    "Sec-Fetch-Mode": "navigate",
+    "Sec-Fetch-Site": "same-origin",
+    "Sec-Fetch-User": "?1",
+    "Upgrade-Insecure-Requests": "1",
+    "User-Agent": ua || DEFAULT_UA,
+    "x-fb-rlafr": "0"
+  };
+  const res = await http.get(pageUrl, {
+    headers: { ...baseHeaders, ...headers },
+    timeout: 30000
+  });
+  const cp = checkpointError(res);
+  if (cp) throw cp;
+  return typeof res.data === "string" ? res.data : String(res.data || "");
+}
+
+async function getTokens(ua, forceRefresh = false) {
+  const now = Date.now();
+  if (!forceRefresh && tokenCache && (now - tokenCacheTime) < TOKEN_CACHE_TTL) {
+    return tokenCache;
+  }
+  try {
+    const html = await httpGet("https://www.facebook.com/", ua, { Referer: "https://www.facebook.com/" });
+    const fb_dtsg = getFrom(html, '"DTSGInitData",[],{"token":"', '",') || html.match(/name="fb_dtsg"\s+value="([^"]+)"/)?.[1] || "";
+    const jazoest = getFrom(html, 'name="jazoest" value="', '"') || getFrom(html, "jazoest=", '",') || html.match(/name="jazoest"\s+value="([^"]+)"/)?.[1] || "";
+    const lsd = getFrom(html, '["LSD",[],{"token":"', '"}') || html.match(/name="lsd"\s+value="([^"]+)"/)?.[1] || "";
+    const spin_r = pick(/"__spin_r":(\d+)/, html) || "";
+    const spin_t = pick(/"__spin_t":(\d+)/, html) || "";
+    const rev = pick(/"__rev":(\d+)/, html) || "";
+
+    if (!fb_dtsg || !lsd) {
+      // Cố gắng fallback nếu regex fail, nhưng thường là do cookie die
+      if (!tokenCache) throw new Error("Failed to fetch fb_dtsg or LSD from Facebook");
+    }
+
+    tokenCache = { lsd, fb_dtsg, jazoest, spin_r, spin_t, rev };
+    tokenCacheTime = now;
+    return tokenCache;
+  } catch (e) {
+    if (tokenCache) {
+      log.warn("[uploadAttachment] Token fetch failed, using cached tokens: " + (e.message || e));
+      return tokenCache;
+    }
+    throw e;
+  }
+}
+
+function getType(obj) { return Object.prototype.toString.call(obj).slice(8, -1); }
+function isReadableStream(obj) { return obj instanceof stream.Readable && (getType(obj._read) === "Function" || getType(obj._read) === "AsyncFunction") && getType(obj._readableState) === "Object"; }
+function fromBuffer(buf) { return stream.Readable.from(buf); }
+function parseDataUrl(s) { const m = /^data:([^;,]+)?(;base64)?,(.*)$/i.exec(s); if (!m) return null; const mime = m[1] || "application/octet-stream"; const isB64 = !!m[2]; const data = isB64 ? Buffer.from(m[3], "base64") : Buffer.from(decodeURIComponent(m[3]), "utf8"); return { mime, data }; }
+
+function filenameFromUrl(u, headers) {
+  try {
+    const urlObj = new URL(u);
+    let filename = path.basename(urlObj.pathname) || `file-${Date.now()}`;
+    const cd = headers && (headers["content-disposition"] || headers["Content-Disposition"]);
+    if (cd) {
+      const m = /filename\*?=(?:UTF-8''|")?([^";\n]+)/i.exec(cd);
+      if (m) filename = decodeURIComponent(m[1].replace(/"/g, ""));
+    }
+    return filename;
+  } catch {
+    return `file-${Date.now()}`;
+  }
+}
+
+async function normalizeOne(input, ua) {
+  if (!input) throw new Error("Invalid input");
+  if (Buffer.isBuffer(input)) return { stream: fromBuffer(input), filename: `file-${Date.now()}.bin`, contentType: "application/octet-stream" };
+  if (typeof input === "string") {
+    if (/^https?:\/\//i.test(input)) {
+      const resp = await http.get(input, {
+        headers: {
+          "User-Agent": ua,
+          Accept: "*/*",
+          "Accept-Encoding": "gzip, deflate, br",
+          "Cache-Control": "no-cache"
+        },
+        timeout: 30000,
+        responseType: "stream"
+      });
+      const s = resp.data;
+      const filename = filenameFromUrl(input, resp.headers);
+      return { stream: s, filename };
+    }
+    if (input.startsWith("data:")) {
+      const p = parseDataUrl(input);
+      if (!p) throw new Error("Bad data URL");
+      return { stream: fromBuffer(p.data), filename: `file-${Date.now()}`, contentType: p.mime };
+    }
+    if (fs.existsSync(input) && fs.statSync(input).isFile()) {
+      return { stream: fs.createReadStream(input), filename: path.basename(input) };
+    }
+    throw new Error(`Unsupported string input: ${input}`);
+  }
+  if (isReadableStream(input)) {
+    return { stream: input, filename: `file-${Date.now()}` };
+  }
+  if (typeof input === "object") {
+    if (input.buffer && Buffer.isBuffer(input.buffer)) {
+      const filename = input.filename || `file-${Date.now()}.bin`;
+      const contentType = input.contentType || "application/octet-stream";
+      return { stream: fromBuffer(input.buffer), filename, contentType };
+    }
+    if (input.data && Buffer.isBuffer(input.data)) {
+      const filename = input.filename || `file-${Date.now()}.bin`;
+      const contentType = input.contentType || "application/octet-stream";
+      return { stream: fromBuffer(input.data), filename, contentType };
+    }
+    if (input.stream && isReadableStream(input.stream)) {
+      const filename = input.filename || `file-${Date.now()}`;
+      const contentType = input.contentType;
+      return { stream: input.stream, filename, contentType };
+    }
+    if (input.url) {
+      return normalizeOne(String(input.url), ua);
+    }
+    if (input.path && fs.existsSync(input.path) && fs.statSync(input.path).isFile()) {
+      return { stream: fs.createReadStream(input.path), filename: input.filename || path.basename(input.path), contentType: input.contentType };
+    }
+  }
+  throw new Error("Unrecognized input");
+}
+
+function mapAttachmentDetails(data) {
+  const out = [];
+  if (!data || typeof data !== "object") return out;
+
+  const stack = [data];
+  while (stack.length) {
+    const cur = stack.pop();
+    if (!cur || typeof cur !== "object") continue;
+    const id = cur.video_id || cur.image_id || cur.audio_id || cur.file_id || cur.fbid || cur.id || cur.upload_id || cur.gif_id;
+    const idKey =
+      cur.video_id ? "video_id" :
+        cur.image_id ? "image_id" :
+          cur.audio_id ? "audio_id" :
+            cur.file_id ? "file_id" :
+              cur.gif_id ? "gif_id" :
+                cur.fbid ? "fbid" :
+                  id ? "id" : null;
+    const filename = cur.filename || cur.file_name || cur.name || cur.original_filename;
+    const filetype = cur.filetype || cur.mime_type || cur.type || cur.content_type;
+    let thumbnail = cur.thumbnail_src || cur.thumbnail_url || cur.preview_url || cur.thumbSrc || cur.thumb_url || cur.image_preview_url || cur.large_preview_url;
+    if (!thumbnail) {
+      const m = cur.media || cur.thumbnail || cur.thumb || cur.image_data || cur.video_data || cur.preview;
+      thumbnail = m?.thumbnail_src || m?.thumbnail_url || m?.src || m?.uri || m?.url;
+    }
+    if (idKey) {
+      const o = {};
+      o[idKey] = id;
+      if (filename) o.filename = filename;
+      if (filetype) o.filetype = filetype;
+      if (thumbnail) o.thumbnail_src = thumbnail;
+      out.push(o);
+    }
+    if (Array.isArray(cur)) {
+      for (const v of cur) stack.push(v);
+    } else {
+      for (const k of Object.keys(cur)) stack.push(cur[k]);
+    }
+  }
+
+  if (!out.length && data.payload && Array.isArray(data.payload.metadata)) {
+    return data.payload.metadata.slice();
+  }
+
+  return out;
+}
+
+function pLimit(n) {
+  let active = 0;
+  const queue = [];
+  const next = () => {
+    active--;
+    if (queue.length) queue.shift()();
+  };
+  return fn => new Promise((resolve, reject) => {
+    const run = () => {
+      active++;
+      fn().then(v => { resolve(v); next(); }).catch(e => { reject(e); next(); });
+    };
+    if (active < n) run(); else queue.push(run);
+  });
+}
+
+// Hàm upload core xử lý request
+async function singleUpload(urlBase, file, ua, tokens, retries = 2) {
+  const form = new FormData();
+  // QUAN TRỌNG: Chỉ append file, KHÔNG append fb_dtsg vào body nữa
+  form.append("farr", file.stream, { filename: file.filename, contentType: file.contentType });
+
+  const headers = {
+    ...form.getHeaders(),
+    Accept: "*/*",
+    "Accept-Language": "vi,en-US;q=0.9,en;q=0.8,fr-FR;q=0.7,fr;q=0.6",
+    "Accept-Encoding": "gzip, deflate, br",
+    "User-Agent": ua,
+    "x-asbd-id": "359341",
+    "x-fb-lsd": tokens.lsd || "",
+    "x-fb-friendly-name": "MercuryUpload",
+    "x-fb-request-analytics-tags": JSON.stringify({
+      network_tags: {
+        product: "256002347743983",
+        purpose: "none",
+        request_category: "graphql",
+        retry_attempt: "0"
+      },
+      application_tags: "graphservice"
+    }),
+    "sec-ch-prefers-color-scheme": "dark",
+    "sec-ch-ua": '"Google Chrome";v="143", "Chromium";v="143", "Not A(Brand";v="24"',
+    "sec-ch-ua-mobile": "?0",
+    "sec-ch-ua-platform": '"Windows"',
+    "sec-fetch-dest": "empty",
+    "sec-fetch-mode": "cors",
+    "sec-fetch-site": "same-origin",
+    Origin: "https://www.facebook.com",
+    Referer: "https://www.facebook.com/",
+    "x-fb-rlafr": "0",
+    Connection: "keep-alive"
+  };
+
+  // Build URL với query string tokens
+  const finalUrl = new URL(urlBase);
+  finalUrl.searchParams.set("fb_dtsg", tokens.fb_dtsg);
+  finalUrl.searchParams.set("jazoest", tokens.jazoest);
+  finalUrl.searchParams.set("lsd", tokens.lsd);
+  finalUrl.searchParams.set("__aaid", "0");
+  finalUrl.searchParams.set("__ccg", "EXCELLENT");
+
+  for (let attempt = 0; attempt <= retries; attempt++) {
+    try {
+      const res = await http.post(finalUrl.toString(), form, {
+        headers,
+        timeout: 120000,
+        maxContentLength: Infinity,
+        maxBodyLength: Infinity
+      });
+      return res;
+    } catch (e) {
+      if (attempt === retries) throw e;
+      if (e.code === "ETIMEDOUT" || e.code === "ECONNRESET" || (e.response && e.response.status >= 500)) {
+        await new Promise(r => setTimeout(r, (attempt + 1) * 1000));
+        continue;
+      }
+      throw e;
+    }
+  }
+}
+
+module.exports = function (defaultFuncs, api, ctx) {
+  const ua = ctx?.options?.userAgent || DEFAULT_UA;
+  cookieJar = ctx.jar instanceof CookieJar ? ctx.jar : new CookieJar();
+
+  // Axios instance
+  http = wrapper(axios.create({
+    timeout: 60000,
+    headers: {
+      "User-Agent": ua,
+      "Accept-Language": "vi-VN,vi;q=0.9,en-US;q=0.8,en;q=0.7",
+      "Accept-Encoding": "gzip, deflate, br",
+      Connection: "keep-alive"
+    },
+    maxRedirects: 5,
+    validateStatus: () => true
+  }));
+  http.defaults.withCredentials = true;
+  http.defaults.jar = cookieJar;
+
+  async function uploadCore(link, opts, callback) {
+    if (typeof opts === "function") { callback = opts; opts = undefined; }
+    const options = {
+      concurrency: Math.max(1, Math.min(5, Number(opts?.concurrency || 3))),
+      mode: opts?.mode === "single" ? "single" : "parallel"
+    };
+
+    let resolveFunc = function () { };
+    let rejectFunc = function () { };
+    const returnPromise = new Promise(function (resolve, reject) {
+      resolveFunc = resolve;
+      rejectFunc = reject;
+    });
+    if (!callback) {
+      callback = function (err, data) {
+        if (err) return rejectFunc(err);
+        resolveFunc(data);
+      };
+    }
+
+    (async () => {
+      try {
+        const inputsArr = Array.isArray(link) ? link : [link];
+        if (!inputsArr.length) {
+          const e = new Error("No files to upload");
+          callback(e);
+          return;
+        }
+
+        let tokens = await getTokens(ua);
+        const normAll = await Promise.all(inputsArr.map(x => normalizeOne(x, ua)));
+
+        // Base QS setup
+        const qs = [];
+        const userId = (ctx && (ctx.userID || ctx.userId)) ? String(ctx.userID || ctx.userId) : "";
+        if (userId) qs.push(`__user=${encodeURIComponent(userId)}`);
+        qs.push("__a=1");
+        qs.push("dpr=1");
+        const reqId = Math.floor(Math.random() * 36 ** 2).toString(36);
+        qs.push(`__req=${encodeURIComponent(reqId)}`);
+        if (tokens.spin_r) qs.push(`__spin_r=${encodeURIComponent(tokens.spin_r)}`);
+        if (tokens.spin_t) qs.push(`__spin_t=${encodeURIComponent(tokens.spin_t)}`);
+        if (tokens.rev) qs.push(`__rev=${encodeURIComponent(tokens.rev)}`);
+        qs.push("__spin_b=trunk");
+        qs.push("__comet_req=15");
+
+        const baseUrl = `https://www.facebook.com/ajax/mercury/upload.php?${qs.join("&")}`;
+
+        if (options.mode === "single") {
+          const f = normAll[0];
+          const res = await singleUpload(baseUrl, f, ua, tokens);
+
+          const cp = checkpointError(res);
+          if (cp) { tokenCache = null; throw cp; }
+
+          const data = cleanJSON(res.data);
+          const ids = mapAttachmentDetails(data);
+
+          if (!ids.length) {
+            const e = new Error("UploadFb returned no metadata/ids");
+            e.code = "NO_METADATA";
+            e.status = res.status;
+            e.body = typeof data === "string" ? data.slice(0, 500) : data;
+            throw e;
+          }
+          log.info(`[uploadAttachment] success ${ids.length} item(s) status ${res.status}`);
+          callback(null, { status: res.status, ids, raw: data });
+          return;
+        }
+
+        // Parallel mode
+        const limit = pLimit(options.concurrency);
+        const tasks = normAll.map(f => () => singleUpload(baseUrl, f, ua, tokens));
+        const results = await Promise.all(tasks.map(t => limit(t)));
+
+        const ids = [];
+        const errors = [];
+        for (let i = 0; i < results.length; i++) {
+          const res = results[i];
+          try {
+            const cp = checkpointError(res);
+            if (cp) { tokenCache = null; throw cp; }
+
+            const data = cleanJSON(res.data);
+            const fileIds = mapAttachmentDetails(data);
+            if (!fileIds.length) {
+              log.warn(`[uploadAttachment] File ${i + 1} returned no metadata/ids`);
+              continue;
+            }
+            ids.push(...fileIds);
+          } catch (e) {
+            errors.push({ index: i, error: e });
+            log.error(`[uploadAttachment] Upload ${i + 1} failed: ${e.message || e}`);
+          }
+        }
+
+        if (ids.length === 0 && errors.length > 0) {
+          throw errors[0].error;
+        }
+
+        log.info(`[uploadAttachment] success ${ids.length}/${normAll.length} item(s)`);
+        callback(null, { status: 200, ids, raw: null, errors: errors.length > 0 ? errors : undefined });
+      } catch (e) {
+        if (e.code === "CHECKPOINT" || (e.response && [401, 403].includes(e.response.status))) {
+          tokenCache = null;
+          try {
+            await getTokens(ua, true);
+            log.info("[uploadAttachment] Tokens refreshed after error");
+          } catch (refreshErr) {
+            log.error("[uploadAttachment] Token refresh failed: " + (refreshErr.message || refreshErr));
+          }
+        }
+        log.error(`[uploadAttachment] error ${e.code || e.status || ""} ${e.message || e}`);
+        callback(e);
+      }
+    })().catch(err => {
+      log.error("[uploadAttachment] Unhandled promise rejection: " + (err.message || err));
+      rejectFunc(err);
+    });
+
+    return returnPromise;
+  }
+
+  return function uploadAttachment(attachments, callback) {
+    if (!attachments) throw { error: "Please pass an attachment or an array of attachments." };
+
+    if (typeof callback === "function") {
+      return uploadCore(attachments, { mode: "parallel" }, (err, result) => {
+        if (err) return callback(err);
+        callback(null, result && Array.isArray(result.ids) ? result.ids : []);
+      }).then(result => (result && Array.isArray(result.ids) ? result.ids : []));
+    }
+
+    return uploadCore(attachments, { mode: "parallel" }).then(result => result && Array.isArray(result.ids) ? result.ids : []);
+  };
+};