refactor(routes/custom): update path "/custom/*path" for express v5

apps/server/src/routes/custom.ts

@@ -8,9 +8,26 @@ import type { Request, Response, Router } from "express";
 import { safeExtractMessageAndStackFromError } from "../services/utils.js";
 
 function handleRequest(req: Request, res: Response) {
-    // express puts content after first slash into 0 index element
 
-    const path = req.params.path + req.params[0];
+    // handle path from "*path" route wildcard
+    // in express v4, you could just add
+    // req.params.path + req.params[0], but with v5
+    // we get a split array that we have to join ourselves again
+
+    // @TriliumNextTODO: remove typecasting once express types are fixed
+    // they currently only treat req.params as string, while in reality
+    // it can also be a string[], when using wildcards
+    const splitPath = req.params.path as unknown as string[];
+
+    //const path = splitPath.map(segment => encodeURIComponent(segment)).join("/")
+    // naively join the "decoded" paths using a slash
+    // this is to mimick handleRequest behaviour
+    // as with the previous express v4.
+    // @TriliumNextTODO: using something like =>
+    // splitPath.map(segment => encodeURIComponent(segment)).join("/")
+    // might be safer
+
+    const path = splitPath.join("/")
 
     const attributeIds = sql.getColumn<string>("SELECT attributeId FROM attributes WHERE isDeleted = 0 AND type = 'label' AND name IN ('customRequestHandler', 'customResourceProvider')");
 
@@ -70,7 +87,7 @@ function handleRequest(req: Request, res: Response) {
 function register(router: Router) {
     // explicitly no CSRF middleware since it's meant to allow integration from external services
 
-    router.all("/custom/:path*", (req: Request, res: Response, _next) => {
+    router.all("/custom/*path", (req: Request, res: Response, _next) => {
         cls.namespace.bindEmitter(req);
         cls.namespace.bindEmitter(res);