arangodb
diff --git a/‎arangod/V8Server/V8DealerFeature.cpp‎
Lines changed: 35 additions & 43 deletions b/‎arangod/V8Server/V8DealerFeature.cpp‎
Lines changed: 35 additions & 43 deletions
@@ -296,8 +296,6 @@ void V8DealerFeature::collectOptions(std::shared_ptr<ProgramOptions> options) {
 void V8DealerFeature::validateOptions(std::shared_ptr<ProgramOptions> options) {
   ProgramOptions::ProcessingResult const& result = options->processingResult();
 
-  V8SecurityFeature& v8security = server().getFeature<V8SecurityFeature>();
-
   // a bit of duck typing here to check if we are an agent.
   // the problem is that the server role may be still unclear in this early
   // phase, so we are also looking for startup options that identify an agent
@@ -340,39 +338,8 @@ void V8DealerFeature::validateOptions(std::shared_ptr<ProgramOptions> options) {
   }
 
   ctx->normalizePath(_startupDirectory, "javascript.startup-directory", true);
-  v8security.addToInternalAllowList(_startupDirectory, FSAccessType::READ);
-
   ctx->normalizePath(_moduleDirectories, "javascript.module-directory", false);
 
-  // try to append the current version name to the startup directory,
-  // so instead of "/path/to/js" we will get "/path/to/js/3.4.0"
-  std::string const versionAppendix =
-      std::regex_replace(rest::Version::getServerVersion(), std::regex("-.*$"),
-                         "");
-  std::string versionedPath =
-      basics::FileUtils::buildFilename(_startupDirectory, versionAppendix);
-
-  LOG_TOPIC("604da", DEBUG, Logger::V8)
-      << "checking for existence of version-specific startup-directory '"
-      << versionedPath << "'";
-  if (basics::FileUtils::isDirectory(versionedPath)) {
-    // version-specific js path exists!
-    _startupDirectory = versionedPath;
-  }
-
-  for (auto& it : _moduleDirectories) {
-    versionedPath = basics::FileUtils::buildFilename(it, versionAppendix);
-
-    LOG_TOPIC("8e21a", DEBUG, Logger::V8)
-        << "checking for existence of version-specific module-directory '"
-        << versionedPath << "'";
-    if (basics::FileUtils::isDirectory(versionedPath)) {
-      // version-specific js path exists!
-      it = versionedPath;
-    }
-    v8security.addToInternalAllowList(it, FSAccessType::READ);
-  }
-
   // check whether app-path was specified
   if (_appPath.empty()) {
     LOG_TOPIC("a161b", FATAL, arangodb::Logger::V8)
@@ -383,9 +350,6 @@ void V8DealerFeature::validateOptions(std::shared_ptr<ProgramOptions> options) {
   // Tests if this path is either a directory (ok) or does not exist (we create
   // it in ::start) If it is something else this will throw an error.
   ctx->normalizePath(_appPath, "javascript.app-path", false);
-  v8security.addToInternalAllowList(_appPath, FSAccessType::READ);
-  v8security.addToInternalAllowList(_appPath, FSAccessType::WRITE);
-  v8security.dumpAccessLists();
 
   // use a minimum of 1 second for GC
   if (_gcFrequency < 1) {
@@ -409,26 +373,51 @@ void V8DealerFeature::start() {
     // now check if we have a js directory inside the database directory, and if
     // it looks good
     auto& dbPathFeature = server().getFeature<DatabasePathFeature>();
-    const std::string dbJSPath =
+    std::string const dbJSPath =
         FileUtils::buildFilename(dbPathFeature.directory(), "js");
-    const std::string checksumFile =
+    std::string const checksumFile =
         FileUtils::buildFilename(dbJSPath, StaticStrings::checksumFileJs);
-    const std::string serverPath = FileUtils::buildFilename(dbJSPath, "server");
-    const std::string commonPath = FileUtils::buildFilename(dbJSPath, "common");
+    std::string const serverPath = FileUtils::buildFilename(dbJSPath, "server");
+    std::string const commonPath = FileUtils::buildFilename(dbJSPath, "common");
+    std::string const nodeModulesPath = FileUtils::buildFilename(dbJSPath, "node", "node_modules");
     if (FileUtils::isDirectory(dbJSPath) && FileUtils::exists(checksumFile) &&
         FileUtils::isDirectory(serverPath) && FileUtils::isDirectory(commonPath)) {
-      // only load node modules from original startup path
-      _nodeModulesDirectory = _startupDirectory;
       // js directory inside database directory looks good. now use it!
       _startupDirectory = dbJSPath;
+      // older versions didn't copy node_modules. so check if it exists inside the
+      // database directory or not. 
+      if (FileUtils::isDirectory(nodeModulesPath)) {
+        _nodeModulesDirectory = nodeModulesPath;
+      } else {
+        _nodeModulesDirectory = _startupDirectory;
+      }
     }
   }
-
+  
   LOG_TOPIC("77c97", DEBUG, Logger::V8)
       << "effective startup-directory: " << _startupDirectory
       << ", effective module-directories: " << _moduleDirectories
       << ", node-modules-directory: " << _nodeModulesDirectory;
+  
+  // add all paths to allowlists
+  V8SecurityFeature& v8security = server().getFeature<V8SecurityFeature>();
+  TRI_ASSERT(!_startupDirectory.empty());
+  v8security.addToInternalAllowList(_startupDirectory, FSAccessType::READ);
+
+  if (!_nodeModulesDirectory.empty()) {
+    v8security.addToInternalAllowList(_nodeModulesDirectory, FSAccessType::READ);
+  }
+  for (auto const& it : _moduleDirectories) {
+    if (!it.empty()) {
+      v8security.addToInternalAllowList(it, FSAccessType::READ);
+    }
+  }
 
+  TRI_ASSERT(!_appPath.empty());
+  v8security.addToInternalAllowList(_appPath, FSAccessType::READ);
+  v8security.addToInternalAllowList(_appPath, FSAccessType::WRITE);
+  v8security.dumpAccessLists();
+  
   _startupLoader.setDirectory(_startupDirectory);
 
   // dump paths
@@ -672,7 +661,10 @@ void V8DealerFeature::copyInstallationFiles() {
     LOG_TOPIC("38e1e", INFO, Logger::V8) 
       << "copying " << copied << " JS installation file(s) took " << Logger::FIXED(TRI_microtime() - start, 6) << "s";
   }
+
+  // finally switch over the paths
   _startupDirectory = copyJSPath;
+  _nodeModulesDirectory = basics::FileUtils::buildFilename(copyJSPath, "node", "node_modules");
 }
 
 V8Context* V8DealerFeature::addContext() {