From 5659e49033ae013f31054a993ae6cd0a60c6c28c Mon Sep 17 00:00:00 2001
From: Thomas Sunde Nielsen <me@thomassnielsen.com>
Date: Mon, 21 Oct 2024 13:54:47 +0200
Subject: [PATCH 1/2] URI decode path before matching

---
 packages/server/src/api/rest/index.ts | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/packages/server/src/api/rest/index.ts b/packages/server/src/api/rest/index.ts
index 4bf2dcfe3..1dba46210 100644
--- a/packages/server/src/api/rest/index.ts
+++ b/packages/server/src/api/rest/index.ts
@@ -266,6 +266,8 @@ class RequestHandler extends APIHandlerBase {
             path = '/' + path;
         }
 
+        path = decodeURIComponent(path);
+
         try {
             switch (method) {
                 case 'GET': {

From b29205551cdd4cb1d09b3715a2404b93fbe301f6 Mon Sep 17 00:00:00 2001
From: Thomas Sunde Nielsen <me@thomassnielsen.com>
Date: Mon, 21 Oct 2024 14:10:23 +0200
Subject: [PATCH 2/2] =?UTF-8?q?Move=20decoding=20to=20where=20it=E2=80=99s?=
 =?UTF-8?q?=20needed?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 packages/server/src/api/rest/index.ts | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/packages/server/src/api/rest/index.ts b/packages/server/src/api/rest/index.ts
index 1dba46210..42bf0ef5c 100644
--- a/packages/server/src/api/rest/index.ts
+++ b/packages/server/src/api/rest/index.ts
@@ -266,8 +266,6 @@ class RequestHandler extends APIHandlerBase {
             path = '/' + path;
         }
 
-        path = decodeURIComponent(path);
-
         try {
             switch (method) {
                 case 'GET': {
@@ -1233,15 +1231,16 @@ class RequestHandler extends APIHandlerBase {
     }
 
     private makePrismaIdFilter(idFields: FieldInfo[], resourceId: string) {
+        const decodedId = decodeURIComponent(resourceId);
         if (idFields.length === 1) {
-            return { [idFields[0].name]: this.coerce(idFields[0].type, resourceId) };
+            return { [idFields[0].name]: this.coerce(idFields[0].type, decodedId) };
         } else {
             return {
                 // TODO: support `@@id` with custom name
                 [idFields.map((idf) => idf.name).join(prismaIdDivider)]: idFields.reduce(
                     (acc, curr, idx) => ({
                         ...acc,
-                        [curr.name]: this.coerce(curr.type, resourceId.split(this.idDivider)[idx]),
+                        [curr.name]: this.coerce(curr.type, decodedId.split(this.idDivider)[idx]),
                     }),
                     {}
                 ),