Update app.py

app.py

@@ -1,3 +1,5 @@
+
+
 import os
 from flask import Flask, request, Response, render_template_string, jsonify, redirect, url_for
 import hmac
@@ -69,9 +71,10 @@ def download_data_from_hf():
         return True
     except RepositoryNotFoundError:
         logging.error(f"Hugging Face repository '{REPO_ID}' not found. Cannot download data.")
+        return False
     except Exception as e:
         logging.error(f"Error downloading data from Hugging Face: {e}")
-    return False
+        return False
 
 def load_visitor_data():
     global visitor_data_cache
@@ -83,28 +86,25 @@ def load_visitor_data():
                 logging.info("Visitor data loaded from local JSON.")
             except FileNotFoundError:
                 logging.warning(f"{DATA_FILE} not found locally. Starting with empty data.")
-                visitor_data_cache = {"organization_details": {}}
+                visitor_data_cache = {}
             except json.JSONDecodeError:
                 logging.error(f"Error decoding {DATA_FILE}. Starting with empty data.")
-                visitor_data_cache = {"organization_details": {}}
+                visitor_data_cache = {}
             except Exception as e:
                 logging.error(f"Unexpected error loading visitor data: {e}")
-                visitor_data_cache = {"organization_details": {}}
+                visitor_data_cache = {}
         
         if "organization_details" not in visitor_data_cache:
             visitor_data_cache["organization_details"] = {}
 
-        return visitor_data_cache
-
 def save_visitor_data():
-    with _data_lock:
-        try:
-            with open(DATA_FILE, 'w', encoding='utf-8') as f:
-                json.dump(visitor_data_cache, f, ensure_ascii=False, indent=4)
-            logging.info(f"Visitor data successfully saved to {DATA_FILE}.")
-            upload_data_to_hf_async()
-        except Exception as e:
-            logging.error(f"Error saving visitor data: {e}")
+    try:
+        with open(DATA_FILE, 'w', encoding='utf-8') as f:
+            json.dump(visitor_data_cache, f, ensure_ascii=False, indent=4)
+        logging.info(f"Visitor data successfully saved to {DATA_FILE}.")
+        upload_data_to_hf_async()
+    except Exception as e:
+        logging.error(f"Error saving visitor data: {e}")
 
 def upload_data_to_hf():
     if not HF_TOKEN_WRITE:
@@ -117,8 +117,7 @@ def upload_data_to_hf():
     try:
         api = HfApi()
         with _data_lock:
-             file_content_exists = os.path.getsize(DATA_FILE) > 0
-             if not file_content_exists:
+             if not os.path.getsize(DATA_FILE) > 0:
                  logging.warning(f"{DATA_FILE} is empty. Skipping upload.")
                  return
 
@@ -156,9 +155,7 @@ def verify_telegram_data(init_data_str):
         if not received_hash:
             return None, False
 
-        data_check_list = []
-        for key, value in sorted(parsed_data.items()):
-            data_check_list.append(f"{key}={value[0]}")
+        data_check_list = [f"{key}={value[0]}" for key, value in sorted(parsed_data.items())]
         data_check_string = "\n".join(data_check_list)
 
         secret_key = hmac.new("WebAppData".encode(), BOT_TOKEN.encode(), hashlib.sha256).digest()
@@ -166,12 +163,11 @@ def verify_telegram_data(init_data_str):
 
         if calculated_hash == received_hash:
             auth_date = int(parsed_data.get('auth_date', [0])[0])
-            current_time = int(time.time())
-            if current_time - auth_date > 86400:
-                 logging.warning(f"Telegram InitData is older than 24 hours (Auth Date: {auth_date}, Current: {current_time}).")
+            if (int(time.time()) - auth_date) > 86400:
+                 logging.warning(f"Telegram InitData is older than 24 hours.")
             return parsed_data, True
         else:
-            logging.warning(f"Data verification failed. Calculated: {calculated_hash}, Received: {received_hash}")
+            logging.warning(f"Data verification failed.")
             return parsed_data, False
     except Exception as e:
         logging.error(f"Error verifying Telegram data: {e}")
@@ -462,7 +458,7 @@ TEMPLATE = """
                                 {% for phone in org_details.phone_numbers %}
                                     <li class="business-card-phone-item">
                                         <a href="tel:{{ phone }}">
-                                            <img src="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyNCAyNCIgZmlsbD0ibm9uZSIgc3Ryb2tlPSJjdXJyZW50Q29sb3IiIHN0cm9rZS13aWR0aD0iMiIgc3Ryb2tlLWxpbmVjYXA9InJvdW5kIiBzdHJva2UtbGluZWpvaW49InJvdW5kIj48cGF0aCBkPSJtMjIuMDIyIDEuOTY3LTMuMDkgMy41MjNhOC40OCA4LjQ4IDAgMCAwLTEzLjA5OSAwTDEuOTc4IDEuOTY3Yy0uOTc0LTEuMTA3LTIuNTI1LS40MS0yLjUxMiAxLjAzNXYxOC44NjhjLjAwMSAxLjQ0NSAxLjUyOCAyLjEzNiAyLjQ4OCAxLjAzN2wzLjA5LTMuNTIzYTEwLjE2IDEwLjE2IDAgMCAwIDEzLjA5OSAwbDMuMDkgMy41MjNjLjk3NCAxLjEwNyAyLjUyNS40MSAyLjUxMi0xLjAzN1YyLjAwMWMtLjAwMS0xLjQ0NS0xLjUyOC0yLjEzNi0yLjQ4OC0xLjAzN3oiLz48cGF0aCBkPSJtNy41IDIuOTc2YzEuMjI1LjA2MSAyLjQ1LjA5MSAzLjY3NS4wOTFzMi40NS0uMDMxIDMuNjc1LS4wOTFjLjY4Ny0uMDM0IDEuNDMzLjMyNSAxLjcwOS43NDdsMS40NzMgMS42NzhjLjQ5LjU1Ny44MzcgMS4yNjcuODk5IDIuMDgzLjA0MS41NTEuMDYyIDEuMS4wNjIgMS42NnYxLjUwNGMwIC43NzUtLjE3IDEuNTUzLS41MDggMi4yMzMtLjQ3Mi45MjUtMS4xMTcgMS43NDgtMS45MzUgMi4zODhsLS4xMzQuMTA1Yy0uNzU0LjU4My0xLjY0Ny45NzUtMi41NjIgMS4xODQtLjYwMi4xMzYtMS4wMDkuMjA4LTEuNzI1LjIwOC0xLjExNSAwLjc1NC0uMTUzIDMuNjgyLS4xNTMgNS41NDJzLjE1NCA0Ljc4Ni4xNTMgNS41NDJjLjAwMi0uNjU3LS4wNzgtMS4yNy0uMjItMS44MjQtLjE0OC0uNTU4LS40MTctMS4wODgtLjc2NC0xLjU1MS0uNjMyLS44NDUtMS40NDctMS41NTctMi40MTItMi4wNjItLjk2My0uNTA3LTEuOTk0LS44Mi0zLjA0Ni0uOTUyLS44MTMt.MTA0LTEuNTcxLS4xNDUtMi4zMzgtLjA5OS0uNjk0LjAxMS0xLjMzNy4xMDYtMS45MjQuMjg1LS41ODkuMTg0LTEuMTI2LjQyMS0xLjYwMS42OTMtLjQ3Ni4yNzMtLjkwNi41NzQtMS4yOTcuODktLjM4OC4zMTQtLjc0My42NDctMS4wNjcuOTk4LS4zMjYuMzUzLS42NDYuNzIyLS45NTkuMTA1OS0uMzEzLjMyOC0uNjIuNjUzLS45MjEuOTc1LS4yOTQuMzExLS41NzYuNjIzLS44NDQuOTMyLS4yNy4zMDktLjUyMy42MTctLjc1Ny45MTgtLjE5Ny4yNTQtLjM2MS40OTMtLjQ4MS43MjUtLjExOS4yMzItLjE4NS40NTItLjE5My41OTMtLjAwOS4xNDUtLjAxNC4yOTMtLjAxNi40NDF2MS43NmMwIC41NzYtLjE3NSAxLjEyMi0uNDQ3IDEuNTYtLjIyNy4zOTMtLjU2NS41OTktMS4wMTkuNTk5LTEuMTg2LS4wMDEtMS45OTYtMS4zOTctMi4yOTYtMi44NDItLjMyMy0xLjU1OC0uMzIzLTQuNTY5LS4zMjMtNi40MTFzLjAxNS00Ljg1NC4zMjMtNi40MTJjLjI5OS0xLjQ0NSAxLjExLTIuODQxIDIuMjk2LTIuODQyLjQ1NC4wMDcuNzgxLjI1OSAxLjAxOS42MDkuMjE1LjMzNC4zMjMuNzMuMzIzIDEuMTQ3di45NWMuMDMgMS4zMTQtLjAxNSAyLjYxLS4xNDcgMy44NzUtLjEwNiAxLjAzLS4yMzQgMi4wNDYtLjM1MSAyLjk5NmwuNTkzLS4zNzljLjMyNi0uMjA2LjY4Mi0uMzgxIDEuMDQ5LS41NzEuMzg2LS4xOTcgLjc5LS4zNjUgMS4xOTQtLjQ5NC40MDUtLjEyOS43ODctLjIzMyAxLjEyOC0uMjkwLjM0Mi0uMDU4LjYwNC0uMDc0Ljc4Mi0uMDQ3WiIvPjwvc3ZnPg==">
+                                            <img src="data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHZpZXdCb3g9IjAgMCAyNCAyNCIgZmlsbD0ibm9uZSIgc3Ryb2tlPSJjdXJyZW50Q2vb3IiIHN0cm9rZS13aWR0aD0iMiIgc3Ryb2tlLWxpbmVjYXA9InJvdW5kIiBzdHJva2UtbGluZWpvaW49InJvdW5kIj48cGF0aCBkPSJtMjIuMDIyIDEuOTY3LTMuMDkgMy41MjNhOC40OCA4LjQ4IDAgMCAwLTEzLjA5OSAwTDEuOTc4IDEuOTY3Yy0uOTc0LTEuMTA3LTIuNTI1LS40MS0yLjUxMiAxLjAzNXYxOC44NjhjLjAwMSAxLjQ0NSAxLjUyOCAyLjEzNiAyLjQ4OCAxLjAzN2wzLjA5LTMuNTIzYTEwLjE2IDEwLjE2IDAgMCAwIDEzLjA5OSAwbDMuMDkgMy41MjNjLjk3NCAxLjEwNyAyLjUyNS40MSAyLjUxMi0xLjAzN1YyLjAwMWMtLjAwMS0xLjQ0NS0xLjUyOC0yLjEzNi0yLjQ4OC0xLjAzN3oiLz48cGF0aCBkPSJtNy41IDIuOTc2YzEuMjI1LjA2MSAyLjQ1LjA5MSAzLjY3NS4wOTFzMi40NS0uMDMxIDMuNjc1LS4wOTFjLjY4Ny0uMDM0IDEuNDMzLjMyNSAxLjcwOS43NDdsMS40NzMgMS42NzhjLjQ5LjU1Ny44MzcgMS4yNjcuODk5IDIuMDgzLjA0MS41NTEuMDYyIDEuMS4wNjIgMS42NnYxLjUwNGMwIC43NzUtLjE3IDEuNTUzLS41MDggMi4yMzMtLjQ3Mi45MjUtMS4xMTcgMS43NDgtMS45MzUgMi4zODhsLS4xMzQuMTA1Yy0uNzU0LjU4My0xLjY0Ny45NzUtMi41NjIgMS4xODQtLjYwMi4xMzYtMS4wMDkuMjA4LTEuNzI1LjIwOC0xLjExNSAwLjc1NC0uMTUzIDMuNjgyLS4xNTMgNS41NDJzLjE1NCA0Ljc4Ni4xNTMgNS41NDJjLjAwMi0uNjU3LS4wNzgtMS4yNy0uMjItMS44MjQtLjE0OC0uNTU4LS40MTctMS4wODgtLjc2NC0xLjU1MS0uNjMyLS44NDUtMS40NDctMS41NTctMi40MTItMi4wNjItLjk2My0uNTA3LTEuOTk0LS44Mi0zLjA0Ni0uOTUyLS44MTMt.MTA0LTEuNTcxLS4xNDUtMi4zMzgtLjA5OS0uNjk0LjAxMS0xLjMzNy4xMDYtMS45MjQuMjg1LS41ODkuMTg0LTEuMTI2LjQyMS0xLjYwMS42OTMtLjQ3Ni4yNzMtLjkwNi41NzQtMS4yOTcuODktLjM4OC4zMTQtLjc0My42NDctMS4wNjcuOTk4LS4zMjYuMzUzLS42NDYuNzIyLS45NTkuMTA1OS0uMzEzLjMyOC0uNjIuNjUzLS45MjEuOTc1LS4yOTQuMzExLS41NzYuNjIzLS44NDQuOTMyLS4yNy4zMDktLjUyMy42MTctLjc1Ny45MTgtLjE5Ny4yNTQtLjM2MS40OTMtLjQ4MS43MjUtLjExOS4yMzItLjE4NS40NTItLjE5My41OTMtLjAwOS4xNDUtLjAxNC4yOTMtLjAxNi40NDF2MS43NmMwIC41NzYtLjE3NSAxLjEyMi0uNDQ3IDEuNTYtLjIyNy4zOTMtLjU2NS41OTktMS4wMTkuNTk5LTEuMTg2LS4wMDEtMS45OTYtMS4zOTctMi4yOTYtMi44NDItLjMyMy0xLjU1OC0uMzIzLTQuNTY5LS4zMjMtNi40MTFzLjAxNS00Ljg1NC4zMjMtNi40MTJjLjI5OS0xLjQ0NSAxLjExLTIuODQxIDIuMjk2LTIuODQyLjQ1NC4wMDcuNzgxLjI1OSAxLjAxOS42MDkuMjE1LjMzNC4zMjMuNzMuMzIzIDEuMTQ3di45NWMuMDMgMS4zMTQtLjAxNSAyLjYxLS4xNDcgMy44NzUtLjEwNiAxLjAzLS4yMzQgMi4wNDYtLjM1MSAyLjk5NmwuNTkzLS4zNzljLjMyNi0uMjA2LjY4Mi0uMzgxIDEuMDQ5LS41NzEuMzg2LS4xOTcgLjc5LS4zNjUgMS4xOTQtLjQ5NC40MDUtLjEyOS43ODctLjIzMyAxLjEyOC0uMjkwLjM0Mi0uMDU4LjYwNC0uMDc0Ljc4Mi0uMDQ3WiIvPjwvc3ZnPg==">
                                             {{ phone }}
                                         </a>
                                     </li>
@@ -1375,31 +1371,23 @@ ADMIN_TEMPLATE = """
 @app.route('/')
 def index():
     user_id_str = request.args.get('user_id_for_test')
-    all_data = load_visitor_data()
     user_data = {}
     is_first_visit = False
 
-    if user_id_str and user_id_str in all_data:
-        user_data = all_data[user_id_str]
+    if user_id_str and user_id_str in visitor_data_cache:
+        user_data = visitor_data_cache[user_id_str]
         user_data['id'] = user_id_str
-
         is_first_visit = not user_data.get('has_been_welcomed', False)
-
         bonus_history = user_data.get('history', [])
-        for item in bonus_history: item['transaction_type'] = 'bonus'
         debt_history = user_data.get('debt_history', [])
+        for item in bonus_history: item['transaction_type'] = 'bonus'
         for item in debt_history: item['transaction_type'] = 'debt'
-        
-        combined_history = sorted(bonus_history + debt_history, key=lambda x: x['date'], reverse=True)
-        user_data['combined_history'] = combined_history
+        user_data['combined_history'] = sorted(bonus_history + debt_history, key=lambda x: x['date'], reverse=True)
         user_data['invoices'] = user_data.get('invoices', [])
     else:
-        user_data = {
-            "id": "N/A", "bonuses": 0, "debts": 0, "history": [], "debt_history": [],
-            "combined_history": [], "invoices": [], "referral_code": "N/A"
-        }
+        user_data = {"id": "N/A", "bonuses": 0, "debts": 0, "combined_history": [], "invoices": [], "referral_code": "N/A"}
     
-    org_details = all_data.get('organization_details', {})
+    org_details = visitor_data_cache.get('organization_details', {})
     return render_template_string(TEMPLATE, user=user_data, org_details=org_details, is_first_visit=is_first_visit)
 
 @app.route('/verify', methods=['POST'])
@@ -1414,8 +1402,7 @@ def verify_data():
         user_info_dict = {}
         if user_data_parsed and 'user' in user_data_parsed:
             try:
-                user_json_str = unquote(user_data_parsed['user'][0])
-                user_info_dict = json.loads(user_json_str)
+                user_info_dict = json.loads(unquote(user_data_parsed['user'][0]))
             except Exception as e:
                 logging.error(f"Could not parse user JSON: {e}")
         
@@ -1423,38 +1410,39 @@ def verify_data():
             tg_user_id = user_info_dict.get('id')
             if tg_user_id:
                 now = datetime.now(BISHKEK_TZ)
-                all_data = load_visitor_data()
-                
-                existing_user_key = next((key for key, user in all_data.items() if key != "organization_details" and str(user.get('telegram_id')) == str(tg_user_id)), None)
-                
-                if existing_user_key:
-                    user_entry = all_data[existing_user_key]
-                    user_entry.update({
-                        'first_name': user_info_dict.get('first_name'), 'last_name': user_info_dict.get('last_name'),
-                        'username': user_info_dict.get('username'), 'photo_url': user_info_dict.get('photo_url'),
-                        'visited_at': now.timestamp(), 'visited_at_str': now.strftime('%Y-%m-%d %H:%M:%S')
-                    })
-                    user_id_to_save = existing_user_key
-                else:
-                    new_user_id = generate_unique_id(all_data)
-                    user_entry = {
-                        'id': new_user_id, 'telegram_id': tg_user_id,
-                        'first_name': user_info_dict.get('first_name'), 'last_name': user_info_dict.get('last_name'),
-                        'username': user_info_dict.get('username'), 'photo_url': user_info_dict.get('photo_url'),
-                        'is_premium': user_info_dict.get('is_premium', False), 'phone_number': None,
-                        'visited_at': now.timestamp(), 'visited_at_str': now.strftime('%Y-%m-%d %H:%M:%S'),
-                        'bonuses': 0, 'history': [], 'debts': 0, 'debt_history': [], 'invoices': [],
-                        'referral_code': f'PROMO{new_user_id}', 'referred_by': None, 'referrals': [], 'has_been_welcomed': False
-                    }
-                    user_id_to_save = new_user_id
-                
-                all_data[user_id_to_save] = user_entry
-                save_visitor_data()
+                user_id_to_save = None
+
+                with _data_lock:
+                    existing_user_key = next((k for k, u in visitor_data_cache.items() if k != "organization_details" and str(u.get('telegram_id')) == str(tg_user_id)), None)
+                    
+                    if existing_user_key:
+                        user_entry = visitor_data_cache[existing_user_key]
+                        user_entry.update({
+                            'first_name': user_info_dict.get('first_name'), 'last_name': user_info_dict.get('last_name'),
+                            'username': user_info_dict.get('username'), 'photo_url': user_info_dict.get('photo_url'),
+                            'visited_at': now.timestamp(), 'visited_at_str': now.strftime('%Y-%m-%d %H:%M:%S')
+                        })
+                        user_id_to_save = existing_user_key
+                    else:
+                        new_user_id = generate_unique_id(visitor_data_cache)
+                        user_entry = {
+                            'id': new_user_id, 'telegram_id': tg_user_id,
+                            'first_name': user_info_dict.get('first_name'), 'last_name': user_info_dict.get('last_name'),
+                            'username': user_info_dict.get('username'), 'photo_url': user_info_dict.get('photo_url'),
+                            'is_premium': user_info_dict.get('is_premium', False), 'phone_number': None,
+                            'visited_at': now.timestamp(), 'visited_at_str': now.strftime('%Y-%m-%d %H:%M:%S'),
+                            'bonuses': 0, 'history': [], 'debts': 0, 'debt_history': [], 'invoices': [],
+                            'referral_code': f'PROMO{new_user_id}', 'referred_by': None, 'referrals': [], 'has_been_welcomed': False
+                        }
+                        visitor_data_cache[new_user_id] = user_entry
+                        user_id_to_save = new_user_id
+                    
+                    save_visitor_data()
+
                 return jsonify({"status": "ok", "verified": True, "user_id": user_id_to_save})
             else:
                  return jsonify({"status": "error", "verified": True, "message": "User ID not found"}), 400
         else:
-            logging.warning(f"Verification failed for user: {user_info_dict.get('id')}")
             return jsonify({"status": "error", "verified": False, "message": "Invalid data"}), 403
     except Exception as e:
         logging.exception("Error in /verify endpoint")
@@ -1466,36 +1454,32 @@ def submit_referral():
         data = request.get_json()
         user_id = str(data.get('user_id'))
         referral_code = data.get('referral_code')
-        all_data = load_visitor_data()
-
-        if not user_id or user_id not in all_data:
-            return jsonify({"status": "error", "message": "Пользователь не найден."}), 404
 
-        user = all_data[user_id]
-        if user.get('has_been_welcomed', False):
-            return jsonify({"status": "ok", "message": "Вы уже прошли этот шаг."}), 200
+        with _data_lock:
+            if not user_id or user_id not in visitor_data_cache:
+                return jsonify({"status": "error", "message": "Пользователь не найден."}), 404
 
-        user['has_been_welcomed'] = True
+            user = visitor_data_cache[user_id]
+            if user.get('has_been_welcomed', False):
+                return jsonify({"status": "ok", "message": "Вы уже прошли этот шаг."}), 200
 
-        if referral_code:
-            referrer_id = next((u_id for u_id, u in all_data.items() if u_id != "organization_details" and u.get('referral_code') == referral_code), None)
-            
-            if not referrer_id:
-                return jsonify({"status": "error", "message": "Промокод не найден."}), 404
-            
-            if referrer_id == user_id:
-                return jsonify({"status": "error", "message": "Нельзя использовать свой промокод."}), 400
+            user['has_been_welcomed'] = True
 
-            user['referred_by'] = referrer_id
-            referrer = all_data[referrer_id]
-            if 'referrals' not in referrer: referrer['referrals'] = []
-            referrer['referrals'].append(user_id)
+            if referral_code:
+                referrer = next((u for u_id, u in visitor_data_cache.items() if u_id != "organization_details" and u.get('referral_code') == referral_code), None)
+                
+                if not referrer:
+                    return jsonify({"status": "error", "message": "Промокод не найден."}), 404
+                if referrer['id'] == user_id:
+                    return jsonify({"status": "error", "message": "Нельзя использовать свой промокод."}), 400
+
+                user['referred_by'] = referrer['id']
+                if 'referrals' not in referrer: referrer['referrals'] = []
+                referrer['referrals'].append(user_id)
             
             save_visitor_data()
-            return jsonify({"status": "ok", "message": "Промокод успешно применен!"}), 200
-        else:
-            save_visitor_data()
-            return jsonify({"status": "ok", "message": "Добро пожаловать!"}), 200
+            message = "Промокод успешно применен!" if referral_code else "Добро пожаловать!"
+            return jsonify({"status": "ok", "message": message}), 200
 
     except Exception as e:
         logging.exception("Error in /submit_referral endpoint")
@@ -1503,20 +1487,17 @@ def submit_referral():
 
 @app.route('/admin')
 def admin_panel():
-    all_data = load_visitor_data()
     users_list = []
-    
-    user_name_map = {uid: f"{ud.get('first_name', '')} {ud.get('last_name', '')}".strip() or f"ID: {uid}" for uid, ud in all_data.items() if uid != "organization_details"}
+    user_name_map = {uid: f"{ud.get('first_name', '')} {ud.get('last_name', '')}".strip() or f"ID: {uid}" for uid, ud in visitor_data_cache.items() if uid != "organization_details"}
 
-    for user_id, user_data in all_data.items():
+    for user_id, user_data in visitor_data_cache.items():
         if user_id == "organization_details": continue
-        user_data['id'] = user_id
-        
-        user_data['referrals_count'] = len(user_data.get('referrals', []))
-        referrer_id = user_data.get('referred_by')
-        user_data['referrer_info'] = user_name_map.get(referrer_id, None)
-        
-        users_list.append(user_data)
+        user_data_copy = user_data.copy()
+        user_data_copy['id'] = user_id
+        user_data_copy['referrals_count'] = len(user_data_copy.get('referrals', []))
+        referrer_id = user_data_copy.get('referred_by')
+        user_data_copy['referrer_info'] = user_name_map.get(referrer_id, None)
+        users_list.append(user_data_copy)
     
     total_users = len(users_list)
     total_bonuses = sum(u.get('bonuses', 0) for u in users_list)
@@ -1535,25 +1516,24 @@ def add_client():
         data = request.get_json()
         phone_number = data.get('phone_number')
         first_name = data.get('first_name')
-
         if not phone_number or not first_name:
             return jsonify({"status": "error", "message": "Имя и номер телефона обязательны."}), 400
         
-        all_data = load_visitor_data()
-        if any(u.get('phone_number') == phone_number for k, u in all_data.items() if k != "organization_details"):
-            return jsonify({"status": "error", "message": "Клиент с таким номером телефона уже существует."}), 409
-
-        now = datetime.now(BISHKEK_TZ)
-        new_id = generate_unique_id(all_data)
-        new_client = {
-            'id': new_id, 'telegram_id': None, 'first_name': first_name, 'last_name': None,
-            'username': None, 'photo_url': None, 'is_premium': False, 'phone_number': phone_number,
-            'visited_at': now.timestamp(), 'visited_at_str': now.strftime('%Y-%m-%d %H:%M:%S'),
-            'bonuses': 0, 'history': [], 'debts': 0, 'debt_history': [], 'invoices': [],
-            'referral_code': f'PROMO{new_id}', 'referred_by': None, 'referrals': [], 'has_been_welcomed': True
-        }
-        all_data[new_id] = new_client
-        save_visitor_data()
+        with _data_lock:
+            if any(u.get('phone_number') == phone_number for k, u in visitor_data_cache.items() if k != "organization_details"):
+                return jsonify({"status": "error", "message": "Клиент с таким номером телефона уже существует."}), 409
+
+            now = datetime.now(BISHKEK_TZ)
+            new_id = generate_unique_id(visitor_data_cache)
+            new_client = {
+                'id': new_id, 'telegram_id': None, 'first_name': first_name, 'last_name': None,
+                'username': None, 'photo_url': None, 'is_premium': False, 'phone_number': phone_number,
+                'visited_at': now.timestamp(), 'visited_at_str': now.strftime('%Y-%m-%d %H:%M:%S'),
+                'bonuses': 0, 'history': [], 'debts': 0, 'debt_history': [], 'invoices': [],
+                'referral_code': f'PROMO{new_id}', 'referred_by': None, 'referrals': [], 'has_been_welcomed': True
+            }
+            visitor_data_cache[new_id] = new_client
+            save_visitor_data()
         return jsonify({"status": "ok", "message": "Client added successfully"}), 201
     except Exception as e:
         logging.exception("Error in /admin/add_client endpoint")
@@ -1568,31 +1548,29 @@ def add_transaction():
         deduct_amount = float(data.get('deduct_amount', 0))
         add_debt_amount = float(data.get('add_debt_amount', 0))
         repay_debt_amount = float(data.get('repay_debt_amount', 0))
-
         if not user_id: return jsonify({"status": "error", "message": "User ID is required"}), 400
-        all_data = load_visitor_data()
-        if user_id not in all_data: return jsonify({"status": "error", "message": "User not found"}), 404
-
-        user = all_data[user_id]
-        now = datetime.now(BISHKEK_TZ)
-        now_iso, now_str = now.isoformat(), now.strftime('%Y-%m-%d %H:%M:%S')
         
-        if deduct_amount > user.get('bonuses', 0): return jsonify({"status": "error", "message": "Недостаточно бонусов для списания"}), 400
-        if repay_debt_amount > user.get('debts', 0): return jsonify({"status": "error", "message": "Сумма погашения превышает текущий долг"}), 400
-
-        accrual_amount = purchase_amount * 0.02
-        user['bonuses'] = round(user.get('bonuses', 0) + accrual_amount - deduct_amount, 2)
-        if 'history' not in user: user['history'] = []
-        if accrual_amount > 0: user['history'].append({"type": "accrual", "amount": round(accrual_amount, 2), "description": f"Начисление с покупки {round(purchase_amount, 2)}", "date": now_iso, "date_str": now_str})
-        if deduct_amount > 0: user['history'].append({"type": "deduction", "amount": round(deduct_amount, 2), "description": "Списание бонусов", "date": now_iso, "date_str": now_str})
-
-        user['debts'] = round(user.get('debts', 0) + add_debt_amount - repay_debt_amount, 2)
-        if 'debt_history' not in user: user['debt_history'] = []
-        if add_debt_amount > 0: user['debt_history'].append({"type": "accrual", "amount": round(add_debt_amount, 2), "description": "Добавление долга", "date": now_iso, "date_str": now_str})
-        if repay_debt_amount > 0: user['debt_history'].append({"type": "payment", "amount": round(repay_debt_amount, 2), "description": "Погашение долга", "date": now_iso, "date_str": now_str})
-        
-        save_visitor_data()
-        return jsonify({"status": "ok", "message": "Transaction successful", "new_balance": user['bonuses'], "new_debt": user['debts']}), 200
+        with _data_lock:
+            if user_id not in visitor_data_cache: return jsonify({"status": "error", "message": "User not found"}), 404
+            user = visitor_data_cache[user_id]
+            now = datetime.now(BISHKEK_TZ)
+            now_iso, now_str = now.isoformat(), now.strftime('%Y-%m-%d %H:%M:%S')
+            if deduct_amount > user.get('bonuses', 0): return jsonify({"status": "error", "message": "Недостаточно бонусов для списания"}), 400
+            if repay_debt_amount > user.get('debts', 0): return jsonify({"status": "error", "message": "Сумма погашения превышает текущий долг"}), 400
+
+            accrual_amount = purchase_amount * 0.02
+            user['bonuses'] = round(user.get('bonuses', 0) + accrual_amount - deduct_amount, 2)
+            if 'history' not in user: user['history'] = []
+            if accrual_amount > 0: user['history'].append({"type": "accrual", "amount": round(accrual_amount, 2), "description": f"Начисление с покупки {round(purchase_amount, 2)}", "date": now_iso, "date_str": now_str})
+            if deduct_amount > 0: user['history'].append({"type": "deduction", "amount": round(deduct_amount, 2), "description": "Списание бонусов", "date": now_iso, "date_str": now_str})
+
+            user['debts'] = round(user.get('debts', 0) + add_debt_amount - repay_debt_amount, 2)
+            if 'debt_history' not in user: user['debt_history'] = []
+            if add_debt_amount > 0: user['debt_history'].append({"type": "accrual", "amount": round(add_debt_amount, 2), "description": "Добавление долга", "date": now_iso, "date_str": now_str})
+            if repay_debt_amount > 0: user['debt_history'].append({"type": "payment", "amount": round(repay_debt_amount, 2), "description": "Погашение долга", "date": now_iso, "date_str": now_str})
+            
+            save_visitor_data()
+            return jsonify({"status": "ok", "message": "Transaction successful", "new_balance": user['bonuses'], "new_debt": user['debts']}), 200
     except Exception as e:
         logging.exception("Error in /admin/add_transaction endpoint")
         return jsonify({"status": "error", "message": str(e)}), 500
@@ -1604,25 +1582,20 @@ def add_invoice():
         user_id = str(data.get('user_id'))
         total_amount = float(data.get('total_amount', 0))
         items = data.get('items', [])
-
         if not user_id: return jsonify({"status": "error", "message": "User ID is required"}), 400
         if not items: return jsonify({"status": "error", "message": "Необходимо добавить товары в накладную."}), 400
         
-        all_data = load_visitor_data()
-        if user_id not in all_data: return jsonify({"status": "error", "message": "User not found"}), 404
-
-        user = all_data[user_id]
-        now = datetime.now(BISHKEK_TZ)
-        now_iso, now_str = now.isoformat(), now.strftime('%Y-%m-%d %H:%M:%S')
-        invoice_id = str(uuid.uuid4().hex[:8]).upper()
-
-        processed_items = [{"product_name": item.get('product_name'), "quantity": float(item.get('quantity', 0)), "unit_price": float(item.get('unit_price', 0)), "item_total": round(float(item.get('quantity', 0)) * float(item.get('unit_price', 0)), 2)} for item in items]
-        new_invoice = {"invoice_id": invoice_id, "date": now_iso, "date_str": now_str, "total_amount": round(total_amount, 2), "items": processed_items}
-
-        if 'invoices' not in user: user['invoices'] = []
-        user['invoices'].append(new_invoice)
-        
-        save_visitor_data()
+        with _data_lock:
+            if user_id not in visitor_data_cache: return jsonify({"status": "error", "message": "User not found"}), 404
+            user = visitor_data_cache[user_id]
+            now = datetime.now(BISHKEK_TZ)
+            now_iso, now_str = now.isoformat(), now.strftime('%Y-%m-%d %H:%M:%S')
+            invoice_id = str(uuid.uuid4().hex[:8]).upper()
+            processed_items = [{"product_name": item.get('product_name'), "quantity": float(item.get('quantity', 0)), "unit_price": float(item.get('unit_price', 0)), "item_total": round(float(item.get('quantity', 0)) * float(item.get('unit_price', 0)), 2)} for item in items]
+            new_invoice = {"invoice_id": invoice_id, "date": now_iso, "date_str": now_str, "total_amount": round(total_amount, 2), "items": processed_items}
+            if 'invoices' not in user: user['invoices'] = []
+            user['invoices'].append(new_invoice)
+            save_visitor_data()
         return jsonify({"status": "ok", "message": "Invoice added successfully", "invoice_id": invoice_id}), 200
     except Exception as e:
         logging.exception("Error in /admin/add_invoice endpoint")
@@ -1635,17 +1608,14 @@ def delete_invoice():
         user_id, invoice_id = str(data.get('user_id')), data.get('invoice_id')
         if not user_id or not invoice_id: return jsonify({"status": "error", "message": "User ID and Invoice ID are required"}), 400
         
-        all_data = load_visitor_data()
-        if user_id not in all_data: return jsonify({"status": "error", "message": "User not found"}), 404
-
-        user = all_data[user_id]
-        if 'invoices' not in user: return jsonify({"status": "error", "message": "User has no invoices"}), 404
-
-        original_count = len(user['invoices'])
-        user['invoices'] = [inv for inv in user['invoices'] if inv.get('invoice_id') != invoice_id]
-        if len(user['invoices']) == original_count: return jsonify({"status": "error", "message": "Invoice not found for this user"}), 404
-        
-        save_visitor_data()
+        with _data_lock:
+            if user_id not in visitor_data_cache: return jsonify({"status": "error", "message": "User not found"}), 404
+            user = visitor_data_cache[user_id]
+            if 'invoices' not in user: return jsonify({"status": "error", "message": "User has no invoices"}), 404
+            original_count = len(user['invoices'])
+            user['invoices'] = [inv for inv in user['invoices'] if inv.get('invoice_id') != invoice_id]
+            if len(user['invoices']) == original_count: return jsonify({"status": "error", "message": "Invoice not found for this user"}), 404
+            save_visitor_data()
         return jsonify({"status": "ok", "message": "Invoice deleted successfully"}), 200
     except Exception as e:
         logging.exception("Error in /admin/delete_invoice endpoint")
@@ -1655,21 +1625,21 @@ def delete_invoice():
 def delete_client():
     try:
         user_id = str(request.get_json().get('user_id'))
-        if not user_id:
-            return jsonify({"status": "error", "message": "User ID is required"}), 400
-
-        all_data = load_visitor_data()
-
-        if user_id not in all_data:
-            return jsonify({"status": "error", "message": "User not found"}), 404
-        
-        if all_data[user_id].get('telegram_id') is not None:
-            return jsonify({"status": "error", "message": "Cannot delete a Telegram-linked user"}), 403
-
-        del all_data[user_id]
-        
-        save_visitor_data()
+        if not user_id: return jsonify({"status": "error", "message": "User ID is required"}), 400
 
+        with _data_lock:
+            if user_id not in visitor_data_cache: return jsonify({"status": "error", "message": "User not found"}), 404
+            if visitor_data_cache[user_id].get('telegram_id') is not None: return jsonify({"status": "error", "message": "Cannot delete a Telegram-linked user"}), 403
+            
+            user_to_delete = visitor_data_cache[user_id]
+            referrer_id = user_to_delete.get('referred_by')
+            if referrer_id and referrer_id in visitor_data_cache:
+                referrer = visitor_data_cache[referrer_id]
+                if 'referrals' in referrer and user_id in referrer['referrals']:
+                    referrer['referrals'].remove(user_id)
+            
+            del visitor_data_cache[user_id]
+            save_visitor_data()
         return jsonify({"status": "ok", "message": "Client deleted successfully"}), 200
     except Exception as e:
         logging.exception("Error in /admin/delete_client endpoint")
@@ -1678,8 +1648,7 @@ def delete_client():
 @app.route('/admin/organization_details', methods=['GET'])
 def get_organization_details():
     try:
-        all_data = load_visitor_data()
-        return jsonify(all_data.get('organization_details', {})), 200
+        return jsonify(visitor_data_cache.get('organization_details', {})), 200
     except Exception as e:
         logging.exception("Error getting organization details")
         return jsonify({"status": "error", "message": str(e)}), 500
@@ -1688,14 +1657,13 @@ def get_organization_details():
 def save_organization_details():
     try:
         data = request.get_json()
-        new_org_details = {
-            "name": data.get("name", ""), "phone_numbers": data.get("phone_numbers", []),
-            "address": data.get("address", ""), "whatsapp_link": data.get("whatsapp_link", ""),
-            "telegram_link": data.get("telegram_link", "")
-        }
-        all_data = load_visitor_data()
-        all_data['organization_details'] = new_org_details
-        save_visitor_data()
+        with _data_lock:
+            visitor_data_cache['organization_details'] = {
+                "name": data.get("name", ""), "phone_numbers": data.get("phone_numbers", []),
+                "address": data.get("address", ""), "whatsapp_link": data.get("whatsapp_link", ""),
+                "telegram_link": data.get("telegram_link", "")
+            }
+            save_visitor_data()
         return jsonify({"status": "ok", "message": "Organization details saved successfully"}), 200
     except Exception as e:
         logging.exception("Error saving organization details")
@@ -1705,26 +1673,29 @@ if __name__ == '__main__':
     print("--- BONUS SYSTEM SERVER ---")
     print(f"Server starting on http://{HOST}:{PORT}")
 
-    print("Loading local data file...")
+    print("Attempting to load local data file...")
     load_visitor_data()
 
-    if (not visitor_data_cache or len(visitor_data_cache) <= 1) and HF_TOKEN_READ:
-        print("Local data not found or empty. Attempting to restore from Hugging Face backup...")
-        download_data_from_hf()
-    elif not visitor_data_cache or len(visitor_data_cache) <= 1:
-        print("Starting with a fresh, empty database.")
+    if not visitor_data_cache or len(visitor_data_cache) <= 1:
+        print("Local data file not found or is empty.")
+        if HF_TOKEN_READ:
+            print("Attempting to restore data from Hugging Face...")
+            if not download_data_from_hf():
+                 print("Failed to restore from Hugging Face. Starting fresh.")
+        else:
+            print("HF_TOKEN_READ not set. Cannot restore from backup. Starting fresh.")
     else:
-        print("Successfully loaded data from local file.")
+        user_count = len([k for k in visitor_data_cache if k != 'organization_details'])
+        print(f"Successfully loaded data for {user_count} users from local file.")
 
-    if not HF_TOKEN_READ or not HF_TOKEN_WRITE:
-         print("WARNING: Hugging Face token(s) not set. Backup/restore functionality will be limited.")
-    
     print("WARNING: The /admin route is NOT protected. Implement proper authentication for production.")
-    
+
     if HF_TOKEN_WRITE:
         backup_thread = threading.Thread(target=periodic_backup, daemon=True)
         backup_thread.start()
         print("Periodic backup thread started (every hour).")
+    else:
+        print("WARNING: HF_TOKEN_WRITE not set. Periodic backups to Hugging Face are disabled.")
 
     print("--- Server Ready ---")
     app.run(host=HOST, port=PORT, debug=False)