diff --git a/apps/server/src/routes/custom.ts b/apps/server/src/routes/custom.ts index 093a0e6eb..e4494a6cd 100644 --- a/apps/server/src/routes/custom.ts +++ b/apps/server/src/routes/custom.ts @@ -8,9 +8,26 @@ import type { Request, Response, Router } from "express"; import { safeExtractMessageAndStackFromError } from "../services/utils.js"; function handleRequest(req: Request, res: Response) { - // express puts content after first slash into 0 index element - const path = req.params.path + req.params[0]; + // handle path from "*path" route wildcard + // in express v4, you could just add + // req.params.path + req.params[0], but with v5 + // we get a split array that we have to join ourselves again + + // @TriliumNextTODO: remove typecasting once express types are fixed + // they currently only treat req.params as string, while in reality + // it can also be a string[], when using wildcards + const splitPath = req.params.path as unknown as string[]; + + //const path = splitPath.map(segment => encodeURIComponent(segment)).join("/") + // naively join the "decoded" paths using a slash + // this is to mimick handleRequest behaviour + // as with the previous express v4. + // @TriliumNextTODO: using something like => + // splitPath.map(segment => encodeURIComponent(segment)).join("/") + // might be safer + + const path = splitPath.join("/") const attributeIds = sql.getColumn("SELECT attributeId FROM attributes WHERE isDeleted = 0 AND type = 'label' AND name IN ('customRequestHandler', 'customResourceProvider')"); @@ -70,7 +87,7 @@ function handleRequest(req: Request, res: Response) { function register(router: Router) { // explicitly no CSRF middleware since it's meant to allow integration from external services - router.all("/custom/:path*", (req: Request, res: Response, _next) => { + router.all("/custom/*path", (req: Request, res: Response, _next) => { cls.namespace.bindEmitter(req); cls.namespace.bindEmitter(res);