Allow source local-storage route in upgrades

scripts/admin-upgrade-runner.mjs

@@ -46,7 +46,8 @@ const COLD_ALLOWED_FILES = new Set([
   'ecosystem.config.cjs',
 ]);
 
-const BLOCKED_NAMES = new Set(['.git', 'node_modules', '.next', 'dist', 'backups', 'local-storage', 'upgrade-state']);
+const BLOCKED_TOP_LEVEL_NAMES = new Set(['.git', 'node_modules', '.next', 'dist', 'backups', 'local-storage', 'upgrade-state']);
+const BLOCKED_ANYWHERE_NAMES = new Set(['.git', 'node_modules', '.next']);
 
 let state = readState() || {
   id: jobId,
@@ -380,8 +381,7 @@ function listFiles(root) {
 function validateFiles(files, updateMode) {
   for (const file of files) {
     assertSafeRelativePath(file);
-    const parts = file.split('/');
+    if (isBlockedPackagePath(file)) {
-    if (parts.some(part => BLOCKED_NAMES.has(part) || part.startsWith('.env'))) {
       throw new Error(`升级包包含禁止覆盖的路径: ${file}`);
     }
     if (updateMode === 'hot' && !isHotAllowed(file)) {
@@ -394,6 +394,15 @@ function validateFiles(files, updateMode) {
   return { requiresRestart: files.some(file => !isHotAllowed(file)) };
 }
 
+function isBlockedPackagePath(file) {
+  const parts = file.split('/');
+  return (
+    parts.some(part => part.startsWith('.env')) ||
+    BLOCKED_TOP_LEVEL_NAMES.has(parts[0]) ||
+    parts.some(part => BLOCKED_ANYWHERE_NAMES.has(part))
+  );
+}
+
 function assertSafeRelativePath(file) {
   if (!file || file.startsWith('/') || file.startsWith('\\') || file.includes('\\')) {
     throw new Error(`升级包包含非法路径: ${file}`);