Update app.py

app.py

@@ -1,4 +1,6 @@
-from flask import Flask, render_template_string, request, redirect, url_for, jsonify, flash
+
+
+from flask import Flask, render_template_string, request, redirect, url_for, jsonify, flash, send_from_directory
 import json
 import os
 import logging
@@ -17,15 +19,30 @@ import requests
 
 load_dotenv()
 
-app = Flask(__name__)
-app.secret_key = os.getenv("FLASK_SECRET_KEY", 'tontalent_secret_key_for_flash_messages_only')
+app = Flask(name)
+app.secret_key = os.getenv("FLASK_SECRET_KEY", 'telegram_wall_secret_key_for_flash_messages_only')
+
+--- CONFIGURATION ---
+
 DATA_FILE = 'wall_data.json'
-SYNC_FILES = [DATA_FILE]
+UPLOAD_FOLDER = 'uploads'
+SYNC_FILES = [DATA_FILE, UPLOAD_FOLDER] # Will be treated as a list of files/folders
+MAX_CONTENT_LENGTH = 16 * 1024 * 1024 # 16 MB limit for file uploads
+ALLOWED_EXTENSIONS = {'png', 'jpg', 'jpeg', 'gif', 'mp4', 'mov', 'avi', 'pdf', 'doc', 'docx', 'txt'}
 
-REPO_ID = os.getenv("HF_REPO_ID", "Kgshop/tontalent2")
+if not os.path.exists(UPLOAD_FOLDER):
+os.makedirs(UPLOAD_FOLDER)
+
+app.config['UPLOAD_FOLDER'] = UPLOAD_FOLDER
+app.config['MAX_CONTENT_LENGTH'] = MAX_CONTENT_LENGTH
+
+REPO_ID = os.getenv("HF_REPO_ID", "Kgshop/telegram-wall-app")
 HF_TOKEN_WRITE = os.getenv("HF_TOKEN_WRITE")
 HF_TOKEN_READ = os.getenv("HF_TOKEN_READ")
 
+NOTE: The provided token is not a real Telegram Bot Token format.
+A real token looks like: <BOT_ID>:<RANDOM_STRING>
+
 TELEGRAM_BOT_TOKEN = os.getenv("TELEGRAM_BOT_TOKEN", "7549355625:AAGYWatM-nUVQirgBiBwoAtWZgzfp3QnQjY")
 
 DOWNLOAD_RETRIES = 3
@@ -33,1082 +50,1122 @@ DOWNLOAD_DELAY = 5
 
 logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')
 
+--- UTILITIES ---
+
+def allowed_file(filename):
+return '.' in filename and
+filename.rsplit('.', 1)[1].lower() in ALLOWED_EXTENSIONS
+
 def download_db_from_hf(specific_file=None, retries=DOWNLOAD_RETRIES, delay=DOWNLOAD_DELAY):
-    if not HF_TOKEN_READ and not HF_TOKEN_WRITE:
-        logging.warning("HF_TOKEN_READ/HF_TOKEN_WRITE not set. Download might fail for private repos.")
-    token_to_use = HF_TOKEN_READ if HF_TOKEN_READ else HF_TOKEN_WRITE
-    files_to_download = [specific_file] if specific_file else SYNC_FILES
-    logging.info(f"Attempting download for {files_to_download} from {REPO_ID}...")
-    all_successful = True
-    for file_name in files_to_download:
-        success = False
-        for attempt in range(retries + 1):
-            try:
-                logging.info(f"Downloading {file_name} (Attempt {attempt + 1}/{retries + 1})...")
-                local_path = hf_hub_download(
-                    repo_id=REPO_ID, filename=file_name, repo_type="dataset",
-                    token=token_to_use, local_dir=".", local_dir_use_symlinks=False,
-                    force_download=True, resume_download=False
-                )
-                logging.info(f"Successfully downloaded {file_name} to {local_path}.")
+token_to_use = HF_TOKEN_READ if HF_TOKEN_READ else HF_TOKEN_WRITE
+files_to_download = [specific_file] if specific_file else SYNC_FILES
+all_successful = True
+for file_name in files_to_download:
+if file_name == UPLOAD_FOLDER:
+logging.info("Skipping UPLOAD_FOLDER direct download as it's typically large. Requires git-lfs/separate process.")
+continue
+
+code
+Code
+download
+content_copy
+expand_less
+success = False
+    for attempt in range(retries + 1):
+        try:
+            logging.info(f"Downloading {file_name} (Attempt {attempt + 1}/{retries + 1})...")
+            local_path = hf_hub_download(
+                repo_id=REPO_ID, filename=file_name, repo_type="dataset",
+                token=token_to_use, local_dir=".", local_dir_use_symlinks=False,
+                force_download=True, resume_download=False
+            )
+            logging.info(f"Successfully downloaded {file_name} to {local_path}.")
+            success = True
+            break
+        except RepositoryNotFoundError:
+             logging.error(f"Repository {REPO_ID} not found. Download cancelled for all files.")
+             return False
+        except HfHubHTTPError as e:
+            if e.response.status_code == 404:
+                logging.warning(f"File {file_name} not found in repo {REPO_ID} (404). Skipping this file.")
+                if attempt == 0 and not os.path.exists(file_name):
+                    try:
+                        if file_name == DATA_FILE:
+                            default_data = {'posts': [], 'users': {}}
+                            with open(file_name, 'w', encoding='utf-8') as f:
+                                json.dump(default_data, f)
+                            logging.info(f"Created empty local file {file_name} because it was not found on HF.")
+                    except Exception as create_e:
+                        logging.error(f"Failed to create empty local file {file_name}: {create_e}")
                 success = True
                 break
-            except RepositoryNotFoundError:
-                 logging.error(f"Repository {REPO_ID} not found. Download cancelled for all files.")
-                 return False
-            except HfHubHTTPError as e:
-                if e.response.status_code == 404:
-                    logging.warning(f"File {file_name} not found in repo {REPO_ID} (404). Skipping this file.")
-                    if attempt == 0 and not os.path.exists(file_name):
-                        try:
-                            if file_name == DATA_FILE:
-                                with open(file_name, 'w', encoding='utf-8') as f:
-                                    json.dump({'posts': [], 'users': {}}, f)
-                                logging.info(f"Created empty local file {file_name} because it was not found on HF.")
-                        except Exception as create_e:
-                            logging.error(f"Failed to create empty local file {file_name}: {create_e}")
-                    success = True
-                    break
-                else:
-                    logging.error(f"HTTP error downloading {file_name} (Attempt {attempt + 1}): {e}. Retrying in {delay}s...")
-            except Exception as e:
-                 logging.error(f"Unexpected error downloading {file_name} (Attempt {attempt + 1}): {e}. Retrying in {delay}s...", exc_info=True)
-            if attempt < retries: time.sleep(delay)
-        if not success:
-            logging.error(f"Failed to download {file_name} after {retries + 1} attempts.")
-            all_successful = False
-    logging.info(f"Download process finished. Overall success: {all_successful}")
-    return all_successful
+            else:
+                logging.error(f"HTTP error downloading {file_name} (Attempt {attempt + 1}): {e}. Retrying in {delay}s...")
+        except Exception as e:
+             logging.error(f"Unexpected error downloading {file_name} (Attempt {attempt + 1}): {e}. Retrying in {delay}s...", exc_info=True)
+        if attempt < retries: time.sleep(delay)
+    if not success:
+        logging.error(f"Failed to download {file_name} after {retries + 1} attempts.")
+        all_successful = False
+return all_successful
 
 def upload_db_to_hf(specific_file=None):
-    if not HF_TOKEN_WRITE:
-        logging.warning("HF_TOKEN_WRITE not set. Skipping upload to Hugging Face.")
-        return
-    try:
-        api = HfApi()
-        files_to_upload = [specific_file] if specific_file else SYNC_FILES
-        logging.info(f"Starting upload of {files_to_upload} to HF repo {REPO_ID}...")
-        for file_name in files_to_upload:
-            if os.path.exists(file_name):
-                try:
-                    api.upload_file(
-                        path_or_fileobj=file_name, path_in_repo=file_name, repo_id=REPO_ID,
-                        repo_type="dataset", token=HF_TOKEN_WRITE,
-                        commit_message=f"Sync {file_name} {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}"
-                    )
-                    logging.info(f"File {file_name} successfully uploaded to Hugging Face.")
-                except Exception as e:
-                     logging.error(f"Error uploading file {file_name} to Hugging Face: {e}")
-            else:
-                logging.warning(f"File {file_name} not found locally, skipping upload.")
-        logging.info("Finished uploading files to HF.")
-    except Exception as e:
-        logging.error(f"General error during Hugging Face upload initialization or process: {e}", exc_info=True)
+if not HF_TOKEN_WRITE:
+logging.warning("HF_TOKEN_WRITE not set. Skipping upload to Hugging Face.")
+return
+try:
+api = HfApi()
+files_to_upload = [specific_file] if specific_file and specific_file != UPLOAD_FOLDER else []
+
+code
+Code
+download
+content_copy
+expand_less
+if not specific_file:
+        files_to_upload = [DATA_FILE]
+        # Add files from UPLOAD_FOLDER
+        for root, _, files in os.walk(UPLOAD_FOLDER):
+            for file_name in files:
+                local_path = os.path.join(root, file_name)
+                path_in_repo = local_path 
+                files_to_upload.append((local_path, path_in_repo))
+
+    logging.info(f"Starting upload of {len(files_to_upload)} files/paths to HF repo {REPO_ID}...")
+    
+    for item in files_to_upload:
+        local_path = item if isinstance(item, tuple) else item
+        path_in_repo = item if isinstance(item, tuple) else item
+        
+        if os.path.exists(local_path):
+            try:
+                api.upload_file(
+                    path_or_fileobj=local_path, path_in_repo=path_in_repo, repo_id=REPO_ID,
+                    repo_type="dataset", token=HF_TOKEN_WRITE,
+                    commit_message=f"Sync {path_in_repo} {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}"
+                )
+                logging.info(f"File {path_in_repo} successfully uploaded to Hugging Face.")
+            except Exception as e:
+                 logging.error(f"Error uploading file {path_in_repo} to Hugging Face: {e}")
+        else:
+            logging.warning(f"File {local_path} not found locally, skipping upload.")
+    logging.info("Finished uploading files to HF.")
+except Exception as e:
+    logging.error(f"General error during Hugging Face upload initialization or process: {e}", exc_info=True)
 
 def periodic_backup():
-    backup_interval = 1800
-    logging.info(f"Setting up periodic backup every {backup_interval} seconds.")
-    while True:
-        time.sleep(backup_interval)
-        logging.info("Starting periodic backup...")
-        upload_db_to_hf()
-        logging.info("Periodic backup finished.")
+backup_interval = 1800
+logging.info(f"Setting up periodic backup every {backup_interval} seconds.")
+while True:
+time.sleep(backup_interval)
+logging.info("Starting periodic backup...")
+upload_db_to_hf()
+logging.info("Periodic backup finished.")
 
 def load_data():
-    default_data = {'posts': [], 'users': {}}
+default_data = {'posts': [], 'users': {}}
+try:
+with open(DATA_FILE, 'r', encoding='utf-8') as file:
+data = json.load(file)
+logging.info(f"Local data loaded successfully from {DATA_FILE}")
+if not isinstance(data, dict): raise FileNotFoundError
+for key in default_data:
+if key not in data: data[key] = default_data[key]
+return data
+except (FileNotFoundError, json.JSONDecodeError) as e:
+logging.warning(f"Error loading local data ({e}). Attempting download from HF.")
+
+code
+Code
+download
+content_copy
+expand_less
+if download_db_from_hf(specific_file=DATA_FILE):
     try:
         with open(DATA_FILE, 'r', encoding='utf-8') as file:
             data = json.load(file)
-        logging.info(f"Local data loaded successfully from {DATA_FILE}")
-        if not isinstance(data, dict):
-             logging.warning(f"Local {DATA_FILE} is not a dictionary. Attempting download.")
-             raise FileNotFoundError
+        logging.info(f"Data loaded successfully from {DATA_FILE} after download.")
+        if not isinstance(data, dict): return default_data
         for key in default_data:
             if key not in data: data[key] = default_data[key]
         return data
-    except (FileNotFoundError, json.JSONDecodeError) as e:
-        logging.warning(f"Error loading local data ({e}). Attempting download from HF.")
-
-    if download_db_from_hf(specific_file=DATA_FILE):
-        try:
-            with open(DATA_FILE, 'r', encoding='utf-8') as file:
-                data = json.load(file)
-            logging.info(f"Data loaded successfully from {DATA_FILE} after download.")
-            if not isinstance(data, dict):
-                 logging.error(f"Downloaded {DATA_FILE} is not a dictionary. Using default.")
-                 return default_data
-            for key in default_data:
-                if key not in data: data[key] = default_data[key]
-            return data
-        except Exception as load_e:
-            logging.error(f"Error loading downloaded {DATA_FILE}: {load_e}. Using default.", exc_info=True)
-            return default_data
-    else:
-        logging.error(f"Failed to download {DATA_FILE} from HF. Using empty default data structure.")
-        if not os.path.exists(DATA_FILE):
-            try:
-                with open(DATA_FILE, 'w', encoding='utf-8') as f: json.dump(default_data, f)
-                logging.info(f"Created empty local file {DATA_FILE} after failed download.")
-            except Exception as create_e:
-                logging.error(f"Failed to create empty local file {DATA_FILE}: {create_e}")
+    except Exception as load_e:
+        logging.error(f"Error loading downloaded {DATA_FILE}: {load_e}. Using default.", exc_info=True)
         return default_data
+else:
+    logging.error(f"Failed to download {DATA_FILE} from HF. Using empty default data structure.")
+    if not os.path.exists(DATA_FILE):
+        try:
+            with open(DATA_FILE, 'w', encoding='utf-8') as f: json.dump(default_data, f)
+            logging.info(f"Created empty local file {DATA_FILE} after failed download.")
+        except Exception as create_e:
+            logging.error(f"Failed to create empty local file {DATA_FILE}: {create_e}")
+    return default_data
 
 def save_data(data):
-    try:
-        if not isinstance(data, dict):
-            logging.error("Attempted to save invalid data structure (not a dict). Aborting save.")
-            return
-        default_keys = {'posts': [], 'users': {}}
-        for key in default_keys:
-            if key not in data: data[key] = default_keys[key]
-
-        with open(DATA_FILE, 'w', encoding='utf-8') as file:
-            json.dump(data, file, ensure_ascii=False, indent=4)
-        logging.info(f"Data successfully saved to {DATA_FILE}")
-        upload_db_to_hf(specific_file=DATA_FILE)
-    except Exception as e:
-        logging.error(f"Error saving data to {DATA_FILE}: {e}", exc_info=True)
+try:
+if not isinstance(data, dict):
+logging.error("Attempted to save invalid data structure (not a dict). Aborting save.")
+return
+default_keys = {'posts': [], 'users': {}}
+for key in default_keys:
+if key not in data: data[key] = default_keys[key]
+
+code
+Code
+download
+content_copy
+expand_less
+with open(DATA_FILE, 'w', encoding='utf-8') as file:
+        json.dump(data, file, ensure_ascii=False, indent=4)
+    logging.info(f"Data successfully saved to {DATA_FILE}")
+    threading.Thread(target=upload_db_to_hf, args=(DATA_FILE,), daemon=True).start()
+except Exception as e:
+    logging.error(f"Error saving data to {DATA_FILE}: {e}", exc_info=True)
 
 def verify_telegram_auth_data(auth_data_str, bot_token):
-    if not auth_data_str:
-        return False, None
-    
-    params = dict(urllib.parse.parse_qsl(auth_data_str))
-    if 'hash' not in params:
+if not auth_data_str:
+return False, None
+
+code
+Code
+download
+content_copy
+expand_less
+params = dict(urllib.parse.parse_qsl(auth_data_str))
+if 'hash' not in params:
+    return False, None
+
+received_hash = params.pop('hash')
+
+sorted_params = sorted(params.items())
+data_check_string_parts = []
+for key, value in sorted_params:
+    data_check_string_parts.append(f"{key}={value}")
+
+data_check_string = "\n".join(data_check_string_parts)
+
+secret_key = hmac.new("WebAppData".encode(), bot_token.encode(), hashlib.sha256).digest()
+calculated_hash = hmac.new(secret_key, data_check_string.encode(), hashlib.sha256).hexdigest()
+
+if calculated_hash == received_hash:
+    try:
+        user_data = json.loads(params.get('user', '{}'))
+        # Get chat_id if available (often same as user_id in private chats)
+        chat_id = params.get('chat_id', user_data.get('id')) 
+        user_data['chat_id'] = chat_id
+        return True, user_data
+    except json.JSONDecodeError:
         return False, None
+return False, None
 
-    received_hash = params.pop('hash')
+def get_authenticated_user_details(request_headers):
+auth_data_str = request_headers.get('X-Telegram-Auth')
+if not auth_data_str:
+return None
+is_valid, user_data_from_auth = verify_telegram_auth_data(auth_data_str, TELEGRAM_BOT_TOKEN)
+if is_valid and user_data_from_auth:
+data = load_data()
+user_id_str = str(user_data_from_auth.get('id'))
+return data.get('users', {}).get(user_id_str)
+return None
+
+def send_telegram_notification(chat_id, message):
+if not TELEGRAM_BOT_TOKEN:
+logging.warning("TELEGRAM_BOT_TOKEN not set. Cannot send notification.")
+return
+
+code
+Code
+download
+content_copy
+expand_less
+url = f"https://api.telegram.org/bot{TELEGRAM_BOT_TOKEN}/sendMessage"
+payload = {
+    'chat_id': chat_id,
+    'text': message,
+    'parse_mode': 'HTML'
+}
+
+try:
+    response = requests.post(url, data=payload, timeout=5)
+    response.raise_for_status()
+    logging.info(f"Notification sent to {chat_id}.")
+    return response.json()
+except requests.exceptions.RequestException as e:
+    logging.error(f"Error sending Telegram notification to {chat_id}: {e}")
+    return None
+--- API ROUTES ---
+
+@app.route('/api/auth_user', methods=['POST'])
+def auth_user():
+auth_data_str = request.headers.get('X-Telegram-Auth')
+if not auth_data_str:
+init_data_payload = request.json.get('init_data')
+if init_data_payload:
+auth_data_str = init_data_payload
+else:
+return jsonify({"error": "Authentication data not provided"}), 401
+
+code
+Code
+download
+content_copy
+expand_less
+is_valid, user_data_from_auth = verify_telegram_auth_data(auth_data_str, TELEGRAM_BOT_TOKEN)
+
+if not is_valid or not user_data_from_auth:
+    return jsonify({"error": "Invalid authentication data"}), 403
+
+data = load_data()
+users = data.get('users', {})
+user_id_str = str(user_data_from_auth.get('id'))
+
+# Update/Create user record
+user_record = users.get(user_id_str, {})
+
+# Store chat_id (assuming it is available or fallback to user_id)
+# Note: In a real-world bot, the chat_id should be captured during the /start command.
+user_record.update({
+    'id': user_data_from_auth.get('id'),
+    'chat_id': user_data_from_auth.get('chat_id') or user_data_from_auth.get('id'), # Critical for notifications
+    'first_name': user_data_from_auth.get('first_name'),
+    'last_name': user_data_from_auth.get('last_name'),
+    'username': user_data_from_auth.get('username'),
+    'language_code': user_data_from_auth.get('language_code'),
+    'photo_url': user_data_from_auth.get('photo_url'),
+    'last_seen': datetime.now().isoformat()
+})
+
+if 'first_seen' not in user_record:
+    user_record['first_seen'] = datetime.now().isoformat()
+
+users[user_id_str] = user_record
+data['users'] = users
+save_data(data)
+
+return jsonify({"message": "User authenticated", "user": users[user_id_str]}), 200
+
+@app.route('/api/users', methods=['GET'])
+def get_users():
+# Only authenticated users can view the list
+if not get_authenticated_user_details(request.headers):
+return jsonify({"error": "Authentication required"}), 401
+
+code
+Code
+download
+content_copy
+expand_less
+data = load_data()
+user_list = list(data.get('users', {}).values())
+# Return limited user info for the list
+safe_user_list = [{
+    'id': user['id'],
+    'first_name': user['first_name'],
+    'last_name': user['last_name'],
+    'username': user.get('username'),
+    'photo_url': user.get('photo_url')
+} for user in user_list]
+
+return jsonify(sorted(safe_user_list, key=lambda x: x.get('first_name', 'z'))), 200
+
+@app.route('/api/wall/<user_id>', methods=['GET'])
+def get_user_wall(user_id):
+if not get_authenticated_user_details(request.headers):
+return jsonify({"error": "Authentication required"}), 401
+
+code
+Code
+download
+content_copy
+expand_less
+data = load_data()
+all_posts = data.get('posts', [])
+
+# Filter posts:
+# 1. Posts made by the user_id on their own wall (target_user_id is None or same as user_id)
+# 2. Posts made by *others* targeting this user_id's wall
+wall_posts = [
+    post for post in all_posts
+    if (str(post.get('user_id')) == str(user_id) and not post.get('target_user_id')) or 
+       (str(post.get('target_user_id')) == str(user_id))
+]
+
+# Enrich posts with user info (poster and target)
+users = data.get('users', {})
+enriched_posts = []
+for post in sorted(wall_posts, key=lambda x: x.get('timestamp', ''), reverse=True):
+    poster = users.get(str(post['user_id']), {})
+    target = users.get(str(post.get('target_user_id')), {}) if post.get('target_user_id') else None
     
-    sorted_params = sorted(params.items())
-    data_check_string_parts = []
-    for key, value in sorted_params:
-        data_check_string_parts.append(f"{key}={value}")
+    enriched_post = post.copy()
+    enriched_post['poster_name'] = f"{poster.get('first_name', 'Unknown')} {poster.get('last_name', '')}".strip()
+    enriched_post['poster_username'] = poster.get('username', None)
+    if target:
+        enriched_post['target_name'] = f"{target.get('first_name', 'Unknown')} {target.get('last_name', '')}".strip()
+        enriched_post['target_username'] = target.get('username', None)
     
-    data_check_string = "\n".join(data_check_string_parts)
+    enriched_posts.append(enriched_post)
     
-    secret_key = hmac.new("WebAppData".encode(), bot_token.encode(), hashlib.sha256).digest()
-    calculated_hash = hmac.new(secret_key, data_check_string.encode(), hashlib.sha256).hexdigest()
+return jsonify(enriched_posts), 200
+
+@app.route('/api/post/<target_user_id>', methods=['POST'])
+def create_post(target_user_id):
+user = get_authenticated_user_details(request.headers)
+if not user:
+return jsonify({"error": "Authentication required or user not found in DB"}), 401
+
+code
+Code
+download
+content_copy
+expand_less
+if str(target_user_id) == 'me':
+    target_user_id = str(user['id'])
+
+data = load_data()
+users = data.get('users', {})
+target_user = users.get(str(target_user_id))
+
+if not target_user:
+    return jsonify({"error": "Target user not found"}), 404
+
+text_content = request.form.get('content', '').strip()
+file = request.files.get('file')
+
+if not text_content and not file:
+    return jsonify({"error": "Post must contain text or a file"}), 400
+
+new_post = {
+    "id": str(uuid.uuid4()),
+    "user_id": str(user['id']),
+    "target_user_id": str(target_user_id) if str(target_user_id) != str(user['id']) else None, # Null for own wall post
+    "timestamp": datetime.now().isoformat(),
+    "content": text_content,
+    "type": "text",
+    "file_path": None
+}
+
+# Handle file upload
+if file and file.filename:
+    if not allowed_file(file.filename):
+        return jsonify({"error": "File type not allowed"}), 400
     
-    if calculated_hash == received_hash:
-        try:
-            user_data = json.loads(params.get('user', '{}'))
-            return True, user_data
-        except json.JSONDecodeError:
-            return False, None
-    return False, None
+    extension = file.filename.rsplit('.', 1)[[1](https://www.google.com/url?sa=E&q=https%3A%2F%2Fvertexaisearch.cloud.google.com%2Fgrounding-api-redirect%2FAUZIYQF6S04rq1C0Z_rbzF1NSAxsil9bBG4L3nuHOSOAbHHtJiwnE2LxVsPOVpiPhBXRK6XaybxBsn0UZ9Mn1KLhTGONkEjmCPX1AD7mT0SoQ15oTUhmR7n6PGa73aBGIEQ67iFmSMDvPPA3aXv6RLq5SesfTK1HYQ3z5Q%3D%3D)].lower()
+    filename = secure_filename(f"{new_post['id']}.{extension}")
+    file_path = os.path.join(app.config['UPLOAD_FOLDER'], filename)
+    
+    try:
+        file.save(file_path)
+        new_post['file_path'] = filename
+        
+        if extension in ['png', 'jpg', 'jpeg', 'gif']: new_post['type'] = 'photo'
+        elif extension in ['mp4', 'mov', 'avi']: new_post['type'] = 'video'
+        else: new_post['type'] = 'document'
+        
+        # Asynchronously upload file to HF
+        threading.Thread(target=upload_db_to_hf, args=((file_path, os.path.join(UPLOAD_FOLDER, filename)),), daemon=True).start()
 
-def get_authenticated_user_details(request_headers):
-    auth_data_str = request_headers.get('X-Telegram-Auth')
-    if not auth_data_str:
-        return None
-    is_valid, user_data_from_auth = verify_telegram_auth_data(auth_data_str, TELEGRAM_BOT_TOKEN)
-    if is_valid and user_data_from_auth:
-        data = load_data()
-        user_id_str = str(user_data_from_auth.get('id'))
-        return data.get('users', {}).get(user_id_str)
-    return None
+    except Exception as e:
+        logging.error(f"File save/upload failed: {e}")
+        return jsonify({"error": f"Failed to save file: {e}"}), 500
 
-def notify_user(chat_id, message):
-    if not TELEGRAM_BOT_TOKEN:
-        logging.warning("TELEGRAM_BOT_TOKEN not set. Skipping notification.")
-        return False
+data['posts'].append(new_post)
+save_data(data)
+
+# --- Notification Logic ---
+if str(target_user_id) != str(user['id']):
+    # Post to another user's wall, send notification to the target user
+    poster_name = user.get('first_name', 'Someone')
+    target_chat_id = target_user.get('chat_id')
     
-    url = f"https://api.telegram.org/bot{TELEGRAM_BOT_TOKEN}/sendMessage"
-    payload = {
-        'chat_id': chat_id,
-        'text': message,
-        'parse_mode': 'HTML'
-    }
-    try:
-        response = requests.post(url, json=payload, timeout=5)
-        response.raise_for_status()
-        logging.info(f"Notification sent to user {chat_id}")
-        return True
-    except requests.exceptions.HTTPError as e:
-        logging.error(f"Telegram Bot API HTTP Error for user {chat_id}: {e.response.text}")
-        return False
-    except requests.exceptions.RequestException as e:
-        logging.error(f"Error sending notification to user {chat_id}: {e}")
-        return False
+    if target_chat_id:
+        message = f"📢 New post on your wall!\n\n<b>{poster_name}</b> posted: {text_content[:100]}..."
+        threading.Thread(target=send_telegram_notification, args=(target_chat_id, message), daemon=True).start()
+
+return jsonify(new_post), 201
+
+@app.route('/api/post/<post_id>', methods=['DELETE'])
+def delete_post(post_id):
+user = get_authenticated_user_details(request.headers)
+if not user: return jsonify({"error": "Authentication required or user not found in DB"}), 401
+
+code
+Code
+download
+content_copy
+expand_less
+data = load_data()
+posts_list = data.get('posts', [])
+original_length = len(posts_list)
+
+item_to_delete = next((i for i in posts_list if i['id'] == post_id), None)
+if not item_to_delete: return jsonify({"error": "Post not found"}), 404
+
+# Allow deleting if the user is the poster OR the user is the wall owner (if target_user_id is set)
+is_poster = str(item_to_delete.get('user_id')) == str(user.get('id'))
+is_wall_owner = str(item_to_delete.get('target_user_id')) == str(user.get('id'))
+
+if not is_poster and not is_wall_owner:
+    return jsonify({"error": "Forbidden: You can only delete your own posts or posts on your wall"}), 403
+
+# Delete the associated file if it exists
+file_path = item_to_delete.get('file_path')
+if file_path:
+    full_path = os.path.join(app.config['UPLOAD_FOLDER'], file_path)
+    if os.path.exists(full_path):
+        os.remove(full_path)
+        logging.info(f"Deleted file: {full_path}")
+        # Note: File deletion on HF requires complex logic (git delete commit) - skipping for this example.
+
+data['posts'] = [i for i in posts_list if i['id'] != post_id]
+
+if len(data['posts']) < original_length:
+    save_data(data)
+    return jsonify({"message": "Post deleted successfully"}), 200
+return jsonify({"error": "Post not found or deletion failed"}), 404
 
+@app.route('/uploads/<filename>', methods=['GET'])
+def uploaded_file(filename):
+return send_from_directory(app.config['UPLOAD_FOLDER'], filename)
+
+--- WEBAPP TEMPLATES & MAIN VIEW ---
 
 MAIN_APP_TEMPLATE = '''
+
 <!DOCTYPE html>
+
 <html lang="en">
 <head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no, viewport-fit=cover">
-    <title>TonTalent Wall</title>
-    <script src="https://telegram.org/js/telegram-web-app.js"></script>
-    <style>
-        :root {
-            --tg-theme-bg-color: #ffffff;
-            --tg-theme-text-color: #000000;
-            --tg-theme-hint-color: #999999;
-            --tg-theme-link-color: #007aff;
-            --tg-theme-button-color: #007aff;
-            --tg-theme-button-text-color: #ffffff;
-            --tg-theme-secondary-bg-color: #f0f0f0;
-            --tg-theme-header-bg-color: #efeff4;
-            --tg-theme-section-bg-color: #ffffff;
-            --tg-theme-section-header-text-color: #8e8e93;
-            --tg-theme-destructive-text-color: #ff3b30;
-            --tg-theme-accent-text-color: #007aff;
-        }
-        body {
-            font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", "Roboto", "Helvetica Neue", Arial, sans-serif;
-            margin: 0;
-            padding: 0;
-            background-color: var(--tg-theme-bg-color);
-            color: var(--tg-theme-text-color);
-            overscroll-behavior-y: none;
-            -webkit-font-smoothing: antialiased;
-            -moz-osx-font-smoothing: grayscale;
-            line-height: 1.4;
-        }
-        .app-container { display: flex; flex-direction: column; min-height: 100vh; min-height: -webkit-fill-available; }
-        .header {
-            background-color: var(--tg-theme-header-bg-color);
-            padding: 12px 15px;
-            text-align: center;
-            font-weight: 600;
-            font-size: 17px;
-            border-bottom: 0.5px solid var(--tg-theme-secondary-bg-color);
-            position: sticky;
-            top: 0;
-            z-index: 100;
-        }
-        .content { flex-grow: 1; padding: 0; overflow-x: hidden; transition: opacity 0.2s ease-out; }
-        
-        .footer-nav {
-            display: flex;
-            justify-content: space-around;
-            background-color: var(--tg-theme-secondary-bg-color);
-            border-top: 0.5px solid var(--tg-theme-secondary-bg-color);
-            padding: 5px 0 calc(5px + env(safe-area-inset-bottom));
-            position: sticky;
-            bottom: 0;
-            z-index: 200;
-        }
-        .nav-button {
-            flex: 1;
-            display: flex;
-            flex-direction: column;
-            align-items: center;
-            justify-content: center;
-            padding: 5px 0;
-            cursor: pointer;
-            background: none;
-            border: none;
-            color: var(--tg-theme-hint-color);
-            font-size: 12px;
-            font-weight: 500;
-            transition: color 0.2s ease;
-            -webkit-tap-highlight-color: transparent;
-        }
-        .nav-button.active { color: var(--tg-theme-link-color); }
-        .nav-button svg { width: 24px; height: 24px; margin-bottom: 2px; }
-
-        .list-container { padding: 10px 15px; }
-        .list-item {
-            background-color: var(--tg-theme-section-bg-color);
-            padding: 12px 15px;
-            margin-bottom: 10px;
-            border-radius: 10px;
-            box-shadow: 0 2px 8px rgba(0,0,0,0.06);
-            cursor: pointer;
-            transition: transform 0.1s ease-out, background-color 0.1s ease;
-        }
-        .list-item:active { transform: scale(0.99); background-color: var(--tg-theme-secondary-bg-color); }
-        .list-item h3 { margin: 0 0 4px 0; font-size: 16px; font-weight: 600; color: var(--tg-theme-text-color); }
-        .list-item p { margin: 0 0 4px 0; font-size: 14px; color: var(--tg-theme-text-color); }
-        .list-item .meta { font-size: 12px; color: var(--tg-theme-hint-color); margin-top: 8px; }
-
-        .user-list-item {
-            display: flex;
-            align-items: center;
-            padding: 12px 15px;
-            background-color: var(--tg-theme-section-bg-color);
-            border-bottom: 0.5px solid var(--tg-theme-secondary-bg-color);
-            cursor: pointer;
-        }
-        .user-list-item:active { background-color: var(--tg-theme-secondary-bg-color); }
-        .user-list-item img {
-            width: 40px;
-            height: 40px;
-            border-radius: 50%;
-            margin-right: 12px;
-            object-fit: cover;
-            background-color: var(--tg-theme-secondary-bg-color);
-        }
-        .user-list-item span {
-            font-size: 15px;
-            font-weight: 500;
-            color: var(--tg-theme-text-color);
-        }
-        
-        .post-content { margin-top: 8px; white-space: pre-wrap; word-break: break-word; }
-        .post-media { max-width: 100%; height: auto; display: block; margin-top: 10px; border-radius: 6px; }
-
-        .loading, .empty-state { text-align: center; padding: 50px 15px; color: var(--tg-theme-hint-color); font-size: 16px; }
-        .form-container { padding: 20px 15px; background-color: var(--tg-theme-section-bg-color); }
-        .form-group { margin-bottom: 18px; }
-        .form-group label { display: block; font-size: 14px; color: var(--tg-theme-section-header-text-color); margin-bottom: 6px; font-weight: 500; }
-        .form-group input, .form-group textarea, .form-group select {
-            width: 100%;
-            padding: 12px;
-            border: 1px solid var(--tg-theme-secondary-bg-color);
-            border-radius: 8px;
-            font-size: 16px;
-            background-color: var(--tg-theme-bg-color);
-            color: var(--tg-theme-text-color);
-            box-sizing: border-box;
-            transition: border-color 0.2s ease;
-        }
-        .form-group input:focus, .form-group textarea:focus, .form-group select:focus { border-color: var(--tg-theme-link-color); outline: none; }
-        .form-group textarea { min-height: 100px; resize: vertical; }
-        .error-message { color: var(--tg-theme-destructive-text-color); font-size: 14px; margin-top: 10px; text-align: center; }
-        
-        .delete-button {
-            display: block;
-            width: 100%;
-            padding: 12px 15px;
-            margin-top: 15px;
-            border: none;
-            border-radius: 8px;
-            font-size: 16px;
-            font-weight: 500;
-            cursor: pointer;
-            text-align: center;
-            transition: background-color 0.2s ease;
-            background-color: var(--tg-theme-destructive-text-color);
-            color: #ffffff;
-        }
-    </style>
+<meta charset="UTF-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no, viewport-fit=cover">
+<title>TonWall</title>
+<script src="https://telegram.org/js/telegram-web-app.js"></script>
+<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.2/css/all.min.css">
+<style>
+:root {
+--tg-theme-bg-color: #ffffff;
+--tg-theme-text-color: #000000;
+--tg-theme-hint-color: #999999;
+--tg-theme-link-color: #007aff;
+--tg-theme-button-color: #007aff;
+--tg-theme-button-text-color: #ffffff;
+--tg-theme-secondary-bg-color: #f0f0f0;
+--tg-theme-header-bg-color: #efeff4;
+--tg-theme-section-bg-color: #ffffff;
+--tg-theme-destructive-text-color: #ff3b30;
+}
+body {
+font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", "Roboto", "Helvetica Neue", Arial, sans-serif;
+margin: 0;
+padding: 0;
+background-color: var(--tg-theme-bg-color);
+color: var(--tg-theme-text-color);
+overscroll-behavior-y: none;
+-webkit-font-smoothing: antialiased;
+min-height: 100vh;
+display: flex;
+flex-direction: column;
+}
+.header {
+background-color: var(--tg-theme-header-bg-color);
+padding: 12px 15px;
+text-align: center;
+font-weight: 600;
+font-size: 17px;
+border-bottom: 0.5px solid var(--tg-theme-secondary-bg-color);
+position: sticky;
+top: 0;
+z-index: 100;
+}
+.content { flex-grow: 1; padding: 10px 0; overflow-x: hidden; transition: opacity 0.2s ease-out; }
+.footer-nav {
+display: flex;
+justify-content: space-around;
+background-color: var(--tg-theme-header-bg-color);
+border-top: 0.5px solid var(--tg-theme-hint-color);
+position: sticky;
+bottom: 0;
+z-index: 100;
+padding-top: 5px;
+padding-bottom: env(safe-area-inset-bottom);
+}
+.nav-button {
+display: flex;
+flex-direction: column;
+align-items: center;
+padding: 5px 0 8px 0;
+flex-grow: 1;
+cursor: pointer;
+background: none;
+border: none;
+color: var(--tg-theme-hint-color);
+font-size: 11px;
+font-weight: 500;
+-webkit-tap-highlight-color: transparent;
+transition: color 0.2s ease;
+}
+.nav-button.active { color: var(--tg-theme-link-color); }
+.nav-button i { font-size: 20px; margin-bottom: 2px; }
+
+code
+Code
+download
+content_copy
+expand_less
+/* Wall Styles */
+    .post-list { display: flex; flex-direction: column; gap: 10px; padding: 0 15px; }
+    .post-card {
+        background-color: var(--tg-theme-section-bg-color);
+        padding: 15px;
+        border-radius: 10px;
+        box-shadow: 0 2px 8px rgba(0,0,0,0.06);
+        word-wrap: break-word;
+    }
+    .post-header { display: flex; align-items: center; margin-bottom: 10px; }
+    .post-header img { width: 40px; height: 40px; border-radius: 50%; margin-right: 10px; object-fit: cover; background-color: var(--tg-theme-secondary-bg-color); }
+    .post-info { flex-grow: 1; }
+    .post-info h4 { margin: 0; font-size: 15px; font-weight: 600; color: var(--tg-theme-text-color); }
+    .post-info span { font-size: 12px; color: var(--tg-theme-hint-color); }
+    .post-content p { margin: 5px 0; font-size: 15px; color: var(--tg-theme-text-color); white-space: pre-wrap; }
+    .post-content a { color: var(--tg-theme-link-color); text-decoration: none; }
+    .post-content a:hover { text-decoration: underline; }
+    .post-content .media-container { max-width: 100%; border-radius: 8px; overflow: hidden; margin-top: 10px; }
+    .post-content img, .post-content video { width: 100%; height: auto; display: block; }
+
+    /* User List Styles */
+    .user-list { padding: 10px 15px; display: flex; flex-direction: column; gap: 1px; }
+    .user-list-item {
+        display: flex;
+        align-items: center;
+        padding: 12px 15px;
+        background-color: var(--tg-theme-section-bg-color);
+        border-radius: 8px;
+        margin-bottom: 8px;
+        box-shadow: 0 1px 4px rgba(0,0,0,0.05);
+        cursor: pointer;
+        transition: background-color 0.1s ease;
+    }
+    .user-list-item:active { background-color: var(--tg-theme-secondary-bg-color); }
+    .user-list-item img { width: 45px; height: 45px; border-radius: 50%; margin-right: 15px; object-fit: cover; background-color: var(--tg-theme-secondary-bg-color); }
+    .user-list-item span { font-size: 16px; font-weight: 500; color: var(--tg-theme-text-color); }
+
+    /* Form Styles */
+    .form-container { padding: 20px 15px; }
+    .form-group { margin-bottom: 18px; }
+    .form-group label { display: block; font-size: 14px; color: var(--tg-theme-hint-color); margin-bottom: 6px; font-weight: 500; }
+    .form-group textarea {
+        width: 100%;
+        padding: 12px;
+        border: 1px solid var(--tg-theme-secondary-bg-color);
+        border-radius: 8px;
+        font-size: 16px;
+        background-color: var(--tg-theme-bg-color);
+        color: var(--tg-theme-text-color);
+        box-sizing: border-box;
+        transition: border-color 0.2s ease;
+        min-height: 100px;
+        resize: vertical;
+    }
+    .form-group input[type="file"] { border: none; padding: 5px 0; }
+    .form-group textarea:focus { border-color: var(--tg-theme-link-color); outline: none; }
+    .error-message { color: var(--tg-theme-destructive-text-color); font-size: 14px; margin-top: 10px; text-align: center; }
+    .loading, .empty-state { text-align: center; padding: 50px 15px; color: var(--tg-theme-hint-color); font-size: 16px; }
+    
+    .delete-button {
+        margin-top: 10px;
+        padding: 6px 12px;
+        background-color: var(--tg-theme-destructive-text-color);
+        color: var(--tg-theme-button-text-color);
+        border: none;
+        border-radius: 6px;
+        cursor: pointer;
+        font-size: 13px;
+        transition: opacity 0.1s;
+    }
+    .delete-button:active { opacity: 0.8; }
+
+    /* Media utility classes */
+    .media-image { max-height: 400px; object-fit: cover; }
+    .media-video { max-height: 400px; }
+    .media-document {
+        background-color: var(--tg-theme-secondary-bg-color);
+        padding: 10px;
+        border-radius: 6px;
+        font-size: 14px;
+        display: flex;
+        align-items: center;
+    }
+    .media-document i { margin-right: 8px; font-size: 18px; color: var(--tg-theme-link-color); }
+    .media-document span { font-weight: 500; }
+</style>
 </head>
 <body>
-    <div class="app-container">
-        <div class="header" id="appHeader">TonTalent Wall</div>
-        <div class="content" id="mainContent">
-            <div class="loading">Loading content...</div>
-        </div>
-        
-        <div class="footer-nav">
-            <button class="nav-button active" data-nav="my_wall">
-                <svg viewBox="0 0 24 24" fill="currentColor" xmlns="http://www.w3.org/2000/svg"><path d="M12 2C6.47 2 2 6.47 2 12s4.47 10 10 10 10-4.47 10-10S17.53 2 12 2zm0 3c1.38 0 2.5 1.12 2.5 2.5S13.38 10 12 10 9.5 8.88 9.5 7.5 10.62 5 12 5zm0 14.2c-2.45 0-4.66-1.23-5.78-3.08l.05-.08a7 7 0 0 1 11.46 0l.05.08c-1.12 1.85-3.33 3.08-5.78 3.08z"/></svg>
-                <span id="navMyWallText">My Wall</span>
-            </button>
-            <button class="nav-button" data-nav="users">
-                <svg viewBox="0 0 24 24" fill="currentColor" xmlns="http://www.w3.org/2000/svg"><path d="M16 11c1.66 0 2.99-1.34 2.99-3S17.66 5 16 5c-1.66 0-3 1.34-3 3s1.34 3 3 3zm-8 0c1.66 0 2.99-1.34 2.99-3S9.66 5 8 5C6.34 5 5 6.34 5 8s1.34 3 3 3zm0 2c-2.33 0-6.08 1.46-6.08 3.5v3.5h12.16v-3.5c0-2.04-3.75-3.5-6.08-3.5zm8 0c-.29 0-.62.05-.97.12 1.25.96 1.97 2.22 1.97 3.38v3.5h6v-3.5c0-2.04-3.75-3.5-6.91-3.5z"/></svg>
-                <span id="navUsersText">Users</span>
-            </button>
-        </div>
-    </div>
-
-    <script>
-        const tg = window.Telegram.WebApp;
-        let currentUser = null;
-        let currentView = 'my_wall';
-        let currentTargetUser = null; 
-        const mainContent = document.getElementById('mainContent');
-
-        const L = {
-            'ru': {
-                'title': 'Стена TonTalent',
-                'myWall': 'Моя Стена',
-                'users': 'Пользователи',
-                'newPost': 'Новая Запись',
-                'loading': 'Загрузка...',
-                'welcome': 'Добро пожаловать, ',
-                'noPosts': 'На этой стене пока нет записей.',
-                'noUsers': 'Нет доступных пользователей.',
-                'postButton': 'Опубликовать',
-                'deleteConfirm': 'Вы уверены, что хотите удалить эту запись?',
-                'postDeleted': 'Запись успешно удалена.',
-                'failedSubmit': 'Не удалось опубликовать запись.',
-                'failedDelete': 'Не удалось удалить запись.',
-                'postText': 'Текст записи',
-                'postType': 'Тип контента',
-                'text': 'Текст',
-                'photo': 'Фото',
-                'video': 'Видео',
-                'document': 'Документ',
-                'contentUrl': 'Ссылка на контент (URL/ID)',
-                'requiredField': 'Пожалуйста, заполните поле',
-                'postTo': 'Оставить запись на стене ',
-                'deletePost': 'Удалить Запись',
-                'wallOf': 'Стена пользователя',
-                'from': 'от',
-            },
-            'en': {
-                'title': 'TonTalent Wall',
-                'myWall': 'My Wall',
-                'users': 'Users',
-                'newPost': 'New Post',
-                'loading': 'Loading...',
-                'welcome': 'Welcome, ',
-                'noPosts': 'No posts found on this wall yet.',
-                'noUsers': 'No users available.',
-                'postButton': 'Post',
-                'deleteConfirm': 'Are you sure you want to delete this post?',
-                'postDeleted': 'Post deleted successfully.',
-                'failedSubmit': 'Failed to submit post.',
-                'failedDelete': 'Failed to delete post.',
-                'postText': 'Post Text',
-                'postType': 'Content Type',
-                'text': 'Text',
-                'photo': 'Photo',
-                'video': 'Video',
-                'document': 'Document',
-                'contentUrl': 'Content Link (URL/ID)',
-                'requiredField': 'Please fill in the required field',
-                'postTo': 'Leave a post on the wall of ',
-                'deletePost': 'Delete Post',
-                'wallOf': "'s Wall",
-                'from': 'from',
-            }
-        };
-
-        let lang = (tg.initDataUnsafe.user?.language_code === 'ru') ? 'ru' : 'en';
-        const texts = L[lang];
-
-        function applyThemeParams() {
-            const rootStyle = document.documentElement.style;
-            rootStyle.setProperty('--tg-theme-bg-color', tg.themeParams.bg_color || '#ffffff');
-            rootStyle.setProperty('--tg-theme-text-color', tg.themeParams.text_color || '#000000');
-            rootStyle.setProperty('--tg-theme-hint-color', tg.themeParams.hint_color || '#999999');
-            rootStyle.setProperty('--tg-theme-link-color', tg.themeParams.link_color || '#007aff');
-            rootStyle.setProperty('--tg-theme-button-color', tg.themeParams.button_color || '#007aff');
-            rootStyle.setProperty('--tg-theme-button-text-color', tg.themeParams.button_text_color || '#ffffff');
-            rootStyle.setProperty('--tg-theme-secondary-bg-color', tg.themeParams.secondary_bg_color || '#f0f0f0');
-            rootStyle.setProperty('--tg-theme-header-bg-color', tg.themeParams.header_bg_color || tg.themeParams.secondary_bg_color || '#efeff4');
-            rootStyle.setProperty('--tg-theme-section-bg-color', tg.themeParams.section_bg_color || tg.themeParams.bg_color || '#ffffff');
-            rootStyle.setProperty('--tg-theme-section-header-text-color', tg.themeParams.section_header_text_color || tg.themeParams.hint_color || '#8e8e93');
-            rootStyle.setProperty('--tg-theme-destructive-text-color', tg.themeParams.destructive_text_color || '#ff3b30');
-            rootStyle.setProperty('--tg-theme-accent-text-color', tg.themeParams.accent_text_color || tg.themeParams.link_color || '#007aff');
-            document.getElementById('appHeader').textContent = texts.title;
-            document.getElementById('navMyWallText').textContent = texts.myWall;
-            document.getElementById('navUsersText').textContent = texts.users;
+<div class="app-container">
+<div class="header" id="appHeader"></div>
+<div class="content" id="mainContent">
+<div class="loading">Loading...</div>
+</div>
+<div class="footer-nav" id="footerNav">
+<button class="nav-button active" data-view="my_wall" id="navMyWall">
+<i class="fas fa-home"></i>
+<span id="labelMyWall">My Wall</span>
+</button>
+<button class="nav-button" data-view="users" id="navUsers">
+<i class="fas fa-users"></i>
+<span id="labelUsers">Users</span>
+</button>
+<button class="nav-button" data-view="new_post" id="navNewPost">
+<i class="fas fa-plus-circle"></i>
+<span id="labelNewPost">New Post</span>
+</button>
+</div>
+</div>
+
+code
+Code
+download
+content_copy
+expand_less
+<script>
+    const tg = window.Telegram.WebApp;
+    let currentUser = null;
+    let currentView = 'my_wall'; 
+    let currentTargetUserId = null; 
+    const mainContent = document.getElementById('mainContent');
+    const footerNav = document.getElementById('footerNav');
+    const appHeader = document.getElementById('appHeader');
+    
+    const langCode = tg.initDataUnsafe.user?.language_code;
+    const isRussian = langCode && (langCode.startsWith('ru') || langCode.startsWith('uk') || langCode.startsWith('be'));
+
+    const T = {
+        'My Wall': isRussian ? 'Моя Стена' : 'My Wall',
+        'Users': isRussian ? 'Пользователи' : 'Users',
+        'New Post': isRussian ? 'Новая Запись' : 'New Post',
+        'Post on Wall': isRussian ? 'Опубликовать на Стену' : 'Post on Wall',
+        'Users List': isRussian ? 'Список Пользователей' : 'Users List',
+        'Wall of': isRussian ? 'Стена' : 'Wall of',
+        'Post Text': isRussian ? 'Текст записи...' : 'Post Text...',
+        'Attachment (optional)': isRussian ? 'Вложение (необязательно)' : 'Attachment (optional)',
+        'Post': isRussian ? 'Опубликовать' : 'Post',
+        'No posts found.': isRussian ? 'Записей не найдено.' : 'No posts found.',
+        'No users found.': isRussian ? 'Пользователей не найдено.' : 'No users found.',
+        'Loading...': isRussian ? 'Загрузка...' : 'Loading...',
+        'Posted by': isRussian ? 'Опубликовано' : 'Posted by',
+        'on': isRussian ? 'на' : 'on',
+        'View Wall': isRussian ? 'Посмотреть Стену' : 'View Wall',
+        'Delete Post?': isRussian ? 'Удалить эту запись?' : 'Delete this post?',
+        'Post deleted.': isRussian ? 'Запись удалена.' : 'Post deleted.',
+        'Post failed.': isRussian ? 'Ошибка публикации.' : 'Post failed.',
+        'Error loading.': isRussian ? 'Ошибка загрузки.' : 'Error loading.',
+        'File': isRussian ? 'Файл' : 'File',
+        'Document': isRussian ? 'Документ' : 'Document',
+        'Video': isRussian ? 'Видео' : 'Video',
+        'Photo': isRussian ? 'Фото' : 'Photo',
+        'Post must contain text or a file': isRussian ? 'Запись должна содержать текст или файл' : 'Post must contain text or a file',
+        'Delete': isRussian ? 'Удалить' : 'Delete',
+        'to your wall': isRussian ? 'на вашу стену' : 'to your wall',
+        'on the wall of': isRussian ? 'на стене' : 'on the wall of'
+    };
+
+    function translateUI() {
+        document.getElementById('appHeader').textContent = 'TonWall';
+        document.getElementById('labelMyWall').textContent = T['My Wall'];
+        document.getElementById('labelUsers').textContent = T['Users'];
+        document.getElementById('labelNewPost').textContent = T['New Post'];
+    }
+
+    function applyThemeParams() {
+        const rootStyle = document.documentElement.style;
+        // Use fallback colors based on Telegram WebApp documentation
+        rootStyle.setProperty('--tg-theme-bg-color', tg.themeParams.bg_color || '#ffffff');
+        rootStyle.setProperty('--tg-theme-text-color', tg.themeParams.text_color || '#000000');
+        rootStyle.setProperty('--tg-theme-hint-color', tg.themeParams.hint_color || '#999999');
+        rootStyle.setProperty('--tg-theme-link-color', tg.themeParams.link_color || '#007aff');
+        rootStyle.setProperty('--tg-theme-button-color', tg.themeParams.button_color || '#007aff');
+        rootStyle.setProperty('--tg-theme-button-text-color', tg.themeParams.button_button_text_color || '#ffffff');
+        rootStyle.setProperty('--tg-theme-secondary-bg-color', tg.themeParams.secondary_bg_color || '#f0f0f0');
+        rootStyle.setProperty('--tg-theme-header-bg-color', tg.themeParams.header_bg_color || tg.themeParams.secondary_bg_color || '#efeff4');
+        rootStyle.setProperty('--tg-theme-section-bg-color', tg.themeParams.section_bg_color || tg.themeParams.bg_color || '#ffffff');
+        rootStyle.setProperty('--tg-theme-destructive-text-color', tg.themeParams.destructive_text_color || '#ff3b30');
+        tg.setBackgroundColor(tg.themeParams.bg_color || '#ffffff');
+    }
+    
+    async function apiCall(endpoint, method = 'GET', body = null, isFormData = false) {
+        const headers = {};
+        if (tg.initData) {
+            headers['X-Telegram-Auth'] = tg.initData;
         }
-        
-        async function apiCall(endpoint, method = 'GET', body = null) {
-            const headers = { 'Content-Type': 'application/json' };
-            if (tg.initData) {
-                headers['X-Telegram-Auth'] = tg.initData;
+
+        const options = { method, headers };
+
+        if (isFormData) {
+            // Flask handles multipart/form-data without setting Content-Type in JS headers
+            delete options.headers['Content-Type']; 
+            options.body = body;
+        } else if (body) {
+            headers['Content-Type'] = 'application/json';
+            options.body = JSON.stringify(body);
+        }
+
+        try {
+            const response = await fetch(endpoint, options);
+            if (response.status === 401 || response.status === 403) {
+                 tg.showAlert("Authentication failed. Please restart the Mini App from the bot.");
+                 throw new Error("Authentication failed");
             }
-            const options = { method, headers };
-            if (body) options.body = JSON.stringify(body);
-            try {
-                const response = await fetch(endpoint, options);
-                if (!response.ok) {
-                    const errorData = await response.json().catch(() => ({ error: 'Request failed without JSON body' }));
-                    throw new Error(errorData.error || `HTTP error ${response.status}`);
-                }
-                return response.json();
-            } catch (error) {
-                console.error('API Call Error:', error);
-                tg.showAlert(error.message || 'An API error occurred.');
-                throw error;
+            if (!response.ok) {
+                const errorData = await response.json().catch(() => ({ error: `HTTP error ${response.status}` }));
+                throw new Error(errorData.error || `HTTP error ${response.status}`);
             }
+            if (response.status === 204 || response.headers.get('content-length') === '0') return {}; 
+            return response.json();
+        } catch (error) {
+            console.error('API Call Error:', error);
+            tg.showAlert(error.message || T['Error loading.']);
+            throw error;
         }
+    }
+
+    function getUserAvatarUrl(user) {
+        return user.photo_url || 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7';
+    }
+
+    function getFullUserName(user) {
+        let name = `${user.first_name || ''} ${user.last_name || ''}`.trim();
+        if (!name) name = user.username || `User ${user.id}`;
+        return name;
+    }
+
+    function renderPostMedia(post) {
+        if (!post.file_path) return '';
         
-        function getAuthorDisplay(post) {
-            const name = post.author_first_name || 'Anonymous';
-            const username = post.author_username;
-            const userLink = username ? `<a href="tg://resolve?domain=${username}" target="_blank" rel="noopener noreferrer">@${username}</a>` : name;
-            return userLink;
+        const fileUrl = `/uploads/${post.file_path}`;
+        
+        if (post.type === 'photo') {
+            return `<div class="media-container"><img src="${fileUrl}" class="media-image" alt="${T['Photo']}"></div>`;
+        } else if (post.type === 'video') {
+            return `<div class="media-container"><video controls src="${fileUrl}" class="media-video"></video></div>`;
+        } else if (post.type === 'document') {
+            return `
+                <a href="${fileUrl}" target="_blank" rel="noopener noreferrer" class="media-document">
+                    <i class="fas fa-file"></i>
+                    <span>${T['Document']} (${post.file_path})</span>
+                </a>
+            `;
         }
+        return '';
+    }
 
-        function renderWallPosts(posts, targetUser) {
-            mainContent.style.opacity = 0;
-            const targetName = targetUser.first_name || targetUser.username || `User ${targetUser.id}`;
-            const headerText = targetUser.id === currentUser.id ? texts.myWall : `${targetName}${texts.wallOf}`;
-            document.getElementById('appHeader').textContent = headerText;
-
-            tg.BackButton.hide();
-            tg.MainButton.hide();
+    function renderPostList(posts, wallOwnerId) {
+        mainContent.style.opacity = 0;
+        tg.BackButton.hide();
+        tg.MainButton.hide();
+
+        if (!posts || posts.length === 0) {
+            mainContent.innerHTML = `<div class="empty-state">${T['No posts found.']}</div>`;
+        } else {
+            mainContent.innerHTML = `<div class="post-list">${posts.map(post => {
+                const poster = { id: post.user_id, first_name: post.poster_name, username: post.poster_username, photo_url: post.photo_url };
+                const isCurrentUserWall = String(wallOwnerId) === String(currentUser.id);
+                const isPoster = String(post.user_id) === String(currentUser.id);
+                const isWallOwner = isCurrentUserWall || (post.target_user_id && String(post.target_user_id) === String(currentUser.id));
+                
+                const postTarget = post.target_user_id 
+                    ? `${T['on the wall of']} <a href="#" onclick="loadView('user_wall', '${post.target_user_id}')">${post.target_name}</a>`
+                    : `${T['to your wall']}`;
+
+                let infoLine;
+                if (isCurrentUserWall && !post.target_user_id) { // My Wall main view
+                    infoLine = `<span>${new Date(post.timestamp).toLocaleDateString()} ${new Date(post.timestamp).toLocaleTimeString([], {hour: '2-digit', minute:'2-digit'})}</span>`;
+                } else {
+                     infoLine = `<span>${T['Posted by']} <a href="#" onclick="loadView('user_wall', '${post.user_id}')">@${post.poster_username || post.poster_name}</a> ${postTarget}</span>`;
+                }
 
-            let html = `<div class="list-container">`;
 
-            if (!posts || posts.length === 0) {
-                html += `<div class="empty-state">${texts.noPosts}</div>`;
-            } else {
-                html += posts.map(post => {
-                    let mediaHtml = '';
-                    if (post.type !== 'text' && post.content) {
-                        if (post.type === 'photo') {
-                            mediaHtml = `<img src="${post.content}" alt="Photo" class="post-media" loading="lazy">`;
-                        } else {
-                            mediaHtml = `<p><strong>${texts[post.type]}:</strong> <a href="${post.content}" target="_blank">${post.content}</a></p>`;
-                        }
-                    }
-                    
-                    let deleteButton = '';
-                    if (String(post.user_id) === String(currentUser.id)) {
-                        deleteButton = `<button class="delete-button" onclick="handleDeletePost('${post.id}')">${texts.deletePost}</button>`;
-                    }
-
-                    return `
-                        <div class="list-item">
-                            <h3>${texts.from} ${getAuthorDisplay(post)}</h3>
-                            ${mediaHtml}
-                            <p class="post-content">${post.text}</p>
-                            <p class="meta">Posted on ${new Date(post.timestamp).toLocaleDateString()}</p>
-                            ${deleteButton}
+                return `
+                    <div class="post-card" id="post-${post.id}">
+                        <div class="post-header">
+                            <img src="${getUserAvatarUrl(poster)}" alt="Avatar">
+                            <div class="post-info">
+                                <h4>${post.poster_name}</h4>
+                                <span>@${post.poster_username || 'anonymous'}</span>
+                            </div>
                         </div>
-                    `;
-                }).join('');
-            }
-            html += `</div>`;
-            mainContent.innerHTML = html;
-            
-            tg.MainButton.setText(texts.newPost);
-            tg.MainButton.show();
-            tg.MainButton.onClick(() => showPostForm(targetUser));
-
-            if (targetUser.id !== currentUser.id) {
-                 tg.BackButton.show();
-                 tg.BackButton.onClick(() => loadView('users'));
-            }
+                        <div class="post-content">
+                            ${post.content ? `<p>${post.content.replace(/\\n/g, '<br>')}</p>` : ''}
+                            ${renderPostMedia(post)}
+                        </div>
+                        <div style="font-size: 12px; color: var(--tg-theme-hint-color); margin-top: 10px;">
+                            ${infoLine}
+                        </div>
+                        ${(isPoster || isWallOwner) ? `<button class="delete-button" onclick="handleDeletePost('${post.id}')">${T['Delete']}</button>` : ''}
+                    </div>
+                `;
+            }).join('')}</div>`;
+        }
+        setTimeout(() => { mainContent.style.opacity = 1; }, 50);
+    }
 
-            setTimeout(() => { mainContent.style.opacity = 1; }, 50);
+    function renderUsersList(users) {
+        mainContent.style.opacity = 0;
+        tg.BackButton.hide();
+        tg.MainButton.hide();
+
+        if (!users || users.length === 0) {
+            mainContent.innerHTML = `<div class="empty-state">${T['No users found.']}</div>`;
+        } else {
+            mainContent.innerHTML = `<div class="user-list">${users.map(user => {
+                const fullName = getFullUserName(user);
+                return `
+                    <div class="user-list-item" onclick="loadView('user_wall', '${user.id}')">
+                        <img src="${getUserAvatarUrl(user)}" alt="Avatar">
+                        <span>${fullName} ${user.username ? `(@${user.username})` : ''}</span>
+                        <div style="margin-left: auto; color: var(--tg-theme-link-color); font-size: 14px; font-weight: 500;">${T['View Wall']}</div>
+                    </div>
+                `;
+            }).join('')}</div>`;
         }
+        setTimeout(() => { mainContent.style.opacity = 1; }, 50);
+    }
 
-        function renderUsersList(users) {
-            mainContent.style.opacity = 0;
-            document.getElementById('appHeader').textContent = texts.users;
-            
-            tg.BackButton.hide();
-            tg.MainButton.hide();
+    function renderNewPostForm(targetUser) {
+        mainContent.style.opacity = 0;
+        tg.MainButton.hide();
+        const targetName = targetUser ? getFullUserName(targetUser) : getFullUserName(currentUser);
+        const isTargetingSelf = !targetUser || String(targetUser.id) === String(currentUser.id);
+        const targetHeader = isTargetingSelf 
+            ? `${T['New Post']} (${T['My Wall']})`
+            : `${T['Post on Wall']} ${targetName}`;
             
-            if (!users || users.length === 0) {
-                mainContent.innerHTML = `<div class="empty-state">${texts.noUsers}</div>`;
-            } else {
-                mainContent.innerHTML = users.map(user => {
-                    if (String(user.id) === String(currentUser.id)) return ''; // Hide self from user list
-                    const userName = user.first_name || user.username || `User ${user.id}`;
-                    return `
-                        <div class="user-list-item" onclick="loadUserWall('${user.id}')">
-                            <img src="${user.photo_url || 'data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7'}" alt="Avatar">
-                            <span>${userName} ${user.username ? `(@${user.username})` : ''}</span>
-                        </div>
-                    `;
-                }).join('');
-            }
-            setTimeout(() => { mainContent.style.opacity = 1; }, 50);
+        appHeader.textContent = targetHeader;
+        
+        let formHtml = `<div class="form-container">
+            <form id="postForm" enctype="multipart/form-data">
+                <div class="form-group">
+                    <label for="postContent">${T['Post Text']}</label>
+                    <textarea id="postContent" name="content" placeholder="${T['Post Text']}..."></textarea>
+                </div>
+                <div class="form-group">
+                    <label for="postFile">${T['Attachment (optional)']}</label>
+                    <input type="file" id="postFile" name="file" accept="image/*,video/*,.pdf,.doc,.docx,.txt">
+                </div>
+                <div id="formError" class="error-message"></div>
+            </form>
+        </div>`;
+        mainContent.innerHTML = formHtml;
+        setTimeout(() => { mainContent.style.opacity = 1; }, 50);
+
+        tg.MainButton.setText(T['Post']);
+        tg.MainButton.show();
+        tg.MainButton.onClick(() => handleSubmitPost(targetUser ? targetUser.id : currentUser.id));
+    }
+    
+    function handleSubmitPost(targetUserId) {
+        const content = document.getElementById('postContent').value.trim();
+        const fileInput = document.getElementById('postFile');
+        const file = fileInput.files;
+        const formError = document.getElementById('formError');
+        formError.textContent = '';
+
+        if (!content && !file) {
+            formError.textContent = T['Post must contain text or a file'];
+            tg.HapticFeedback.notificationOccurred('error');
+            return;
         }
 
-        function loadUserWall(userId) {
-            tg.HapticFeedback.impactOccurred('light');
-            currentView = 'user_wall';
-            mainContent.style.opacity = 0;
-            mainContent.innerHTML = `<div class="loading">${texts.loading}</div>`;
-            
-            const usersEndpoint = '/api/users';
-            const postsEndpoint = `/api/users/${userId}/wall`;
-            
-            Promise.all([apiCall(usersEndpoint), apiCall(postsEndpoint)])
-                .then(([allUsers, wallPosts]) => {
-                    currentTargetUser = allUsers.find(u => String(u.id) === String(userId));
-                    if (currentTargetUser) {
-                        renderWallPosts(wallPosts, currentTargetUser);
-                    } else {
-                        mainContent.innerHTML = `<div class="empty-state">User not found.</div>`;
-                        setTimeout(() => { mainContent.style.opacity = 1; }, 50);
-                    }
-                })
-                .catch(err => {
-                    mainContent.innerHTML = `<div class="empty-state">Error loading wall.</div>`;
-                    setTimeout(() => { mainContent.style.opacity = 1; }, 50);
-                });
+        const formData = new FormData();
+        formData.append('content', content);
+        if (file) {
+            formData.append('file', file);
         }
         
-        function loadView(viewName) {
-            if (currentView !== viewName) tg.HapticFeedback.impactOccurred('light');
-            currentView = viewName;
-            
-            document.querySelectorAll('.nav-button').forEach(btn => btn.classList.remove('active'));
-            document.querySelector(`.nav-button[data-nav="${viewName}"]`)?.classList.add('active');
-            
-            mainContent.style.opacity = 0;
-            mainContent.innerHTML = `<div class="loading">${texts.loading}</div>`;
-            
-            tg.BackButton.hide();
-            tg.MainButton.hide();
-
-            if (viewName === 'my_wall') {
-                if (currentUser) {
-                    loadUserWall(currentUser.id);
+        tg.MainButton.showProgress();
+        tg.HapticFeedback.impactOccurred('light');
+
+        apiCall(`/api/post/${targetUserId}`, 'POST', formData, true)
+            .then(response => {
+                tg.HapticFeedback.notificationOccurred('success');
+                tg.MainButton.hideProgress();
+                tg.MainButton.hide();
+                if (String(targetUserId) === String(currentUser.id)) {
+                    loadView('my_wall'); 
                 } else {
-                    mainContent.innerHTML = `<div class="empty-state">Authentication failed. Cannot load wall.</div>`;
-                    setTimeout(() => { mainContent.style.opacity = 1; }, 50);
+                    loadView('user_wall', targetUserId);
                 }
-            } else if (viewName === 'users') {
-                apiCall('/api/users')
-                    .then(renderUsersList)
+                
+            })
+            .catch(err => {
+                tg.HapticFeedback.notificationOccurred('error');
+                tg.MainButton.hideProgress();
+                formError.textContent = err.message || T['Post failed.'];
+            });
+    }
+    
+    function handleDeletePost(postId) {
+        tg.showConfirm(T['Delete Post?'], (confirmed) => {
+            if (confirmed) {
+                tg.HapticFeedback.impactOccurred('medium');
+                apiCall(`/api/post/${postId}`, 'DELETE')
+                    .then(() => {
+                        tg.HapticFeedback.notificationOccurred('success');
+                        tg.showAlert(T['Post deleted.']);
+                        // Reload current view
+                        if (currentView === 'my_wall') loadView('my_wall');
+                        else if (currentView === 'user_wall') loadView('user_wall', currentTargetUserId);
+                    })
                     .catch(err => {
-                        mainContent.innerHTML = `<div class="empty-state">Error loading users.</div>`;
-                        setTimeout(() => { mainContent.style.opacity = 1; }, 50);
+                        tg.HapticFeedback.notificationOccurred('error');
+                        tg.showAlert(err.message || T['Error loading.']);
                     });
-            }
-        }
-        
-        function showPostForm(targetUser) {
-            mainContent.style.opacity = 0;
-            tg.BackButton.show();
-            tg.BackButton.onClick(() => {
+            } else {
                 tg.HapticFeedback.impactOccurred('light');
-                loadUserWall(targetUser.id);
-            });
-            tg.MainButton.hide();
-            
-            const targetName = targetUser.first_name || targetUser.username || `User ${targetUser.id}`;
-            let formHtml = `<div class="form-container"><h2>${texts.postTo} ${targetName}</h2>`;
-            
-            formHtml += `
-                <div class="form-group">
-                    <label for="postText">${texts.postText} *</label>
-                    <textarea id="postText" required></textarea>
-                </div>
-                <div class="form-group">
-                    <label for="postType">${texts.postType}</label>
-                    <select id="postType">
-                        <option value="text">${texts.text}</option>
-                        <option value="photo">${texts.photo}</option>
-                        <option value="video">${texts.video}</option>
-                        <option value="document">${texts.document}</option>
-                    </select>
-                </div>
-                <div class="form-group" id="contentGroup" style="display:none;">
-                    <label for="contentUrl">${texts.contentUrl}</label>
-                    <input type="text" id="contentUrl">
-                </div>
-            `;
-            formHtml += `<div id="formError" class="error-message"></div></div>`;
-            mainContent.innerHTML = formHtml;
-            setTimeout(() => { mainContent.style.opacity = 1; }, 50);
+            }
+        });
+    }
 
-            document.getElementById('postType').addEventListener('change', (e) => {
-                document.getElementById('contentGroup').style.display = e.target.value === 'text' ? 'none' : 'block';
-            });
+    async function loadView(viewName, userId = null) {
+        if (currentView === viewName && viewName !== 'new_post' && viewName !== 'user_wall') return;
 
-            tg.MainButton.setText(texts.postButton);
-            tg.MainButton.show();
-            tg.MainButton.onClick(() => handleSubmitPost(targetUser.id));
+        tg.HapticFeedback.impactOccurred('light');
+        currentView = viewName;
+        currentTargetUserId = userId;
+        
+        document.querySelectorAll('.nav-button').forEach(btn => btn.classList.remove('active'));
+        if (viewName !== 'user_wall' && viewName !== 'new_post') {
+            document.querySelector(`.nav-button[data-view="${viewName}"]`).classList.add('active');
         }
 
-        function handleSubmitPost(targetUserId) {
-            const postText = document.getElementById('postText').value.trim();
-            const postType = document.getElementById('postType').value;
-            const contentUrl = document.getElementById('contentUrl').value.trim();
-            
-            document.getElementById('formError').textContent = '';
-
-            if (!postText) {
-                document.getElementById('formError').textContent = texts.requiredField;
-                tg.HapticFeedback.notificationOccurred('error');
-                return;
+        mainContent.innerHTML = `<div class="loading">${T['Loading...']}</div>`;
+        tg.BackButton.hide();
+        tg.MainButton.hide();
+        
+        if (viewName === 'my_wall') {
+            appHeader.textContent = T['My Wall'];
+            try {
+                const posts = await apiCall(`/api/wall/${currentUser.id}`);
+                renderPostList(posts, currentUser.id);
+            } catch (e) {
+                mainContent.innerHTML = `<div class="empty-state">${T['Error loading.']}</div>`;
             }
-
-            const payload = {
-                target_user_id: targetUserId,
-                text: postText,
-                type: postType,
-                content: postType === 'text' ? '' : contentUrl
-            };
-            
-            if (postType !== 'text' && !contentUrl) {
-                document.getElementById('formError').textContent = texts.requiredField + ' (' + texts.contentUrl + ')';
-                tg.HapticFeedback.notificationOccurred('error');
-                return;
+        } else if (viewName === 'users') {
+            appHeader.textContent = T['Users List'];
+            try {
+                const users = await apiCall('/api/users');
+                const filteredUsers = users.filter(u => String(u.id) !== String(currentUser.id));
+                renderUsersList(filteredUsers);
+            } catch (e) {
+                 mainContent.innerHTML = `<div class="empty-state">${T['Error loading.']}</div>`;
             }
+        } else if (viewName === 'user_wall' && userId) {
+            tg.BackButton.show();
+            tg.BackButton.onClick(() => loadView('users'));
+            try {
+                const users = await apiCall('/api/users');
+                const targetUser = users.find(u => String(u.id) === String(userId));
+                if (!targetUser) throw new Error("User not found");
+                appHeader.textContent = `${T['Wall of']} ${getFullUserName(targetUser)}`;
+
+                const posts = await apiCall(`/api/wall/${userId}`);
+                renderPostList(posts, userId);
+                
+                // Add a button to post to this user's wall
+                tg.MainButton.setText(T['Post on Wall']);
+                tg.MainButton.show();
+                tg.MainButton.onClick(() => loadView('new_post', userId));
+
+            } catch (e) {
+                mainContent.innerHTML = `<div class="empty-state">${T['Error loading.']}</div>`;
+            }
+        } else if (viewName === 'new_post' && userId) {
+             tg.BackButton.show();
+             tg.BackButton.onClick(() => {
+                 if (String(userId) === String(currentUser.id)) loadView('my_wall');
+                 else loadView('user_wall', userId);
+             });
+             try {
+                 const users = await apiCall('/api/users');
+                 const targetUser = users.find(u => String(u.id) === String(userId));
+                 if (!targetUser) throw new Error("User not found");
+                 renderNewPostForm(targetUser);
+             } catch (e) {
+                 mainContent.innerHTML = `<div class="empty-state">${T['Error loading.']}</div>`;
+             }
+        } else if (viewName === 'new_post') {
+             tg.BackButton.show();
+             tg.BackButton.onClick(() => loadView('my_wall'));
+             renderNewPostForm(currentUser);
+        }
+    }
+    
+    async function init() {
+        tg.ready();
+        applyThemeParams();
+        tg.expand();
+        tg.enableClosingConfirmation();
+        translateUI();
+
+        tg.onEvent('themeChanged', applyThemeParams);
+        
+        try {
+            const authResponse = await apiCall('/api/auth_user', 'POST', { init_data: tg.initData });
+            currentUser = authResponse.user;
+            if (!currentUser) throw new Error("Auth failed: No user object");
             
-            tg.MainButton.showProgress();
-            tg.HapticFeedback.impactOccurred('light');
-
-            apiCall('/api/posts', 'POST', payload)
-                .then(response => {
-                    tg.HapticFeedback.notificationOccurred('success');
-                    tg.MainButton.hideProgress();
-                    loadUserWall(targetUserId); 
-                })
-                .catch(err => {
-                    tg.HapticFeedback.notificationOccurred('error');
-                    tg.MainButton.hideProgress();
-                    document.getElementById('formError').textContent = texts.failedSubmit;
-                });
+            // Set initial view to My Wall for the authenticated user
+            loadView('my_wall');
+            
+        } catch (error) {
+            console.error("Auth error:", error);
+            mainContent.innerHTML = `<div class="empty-state">Authentication failed. Please launch from the Telegram bot.</div>`;
         }
 
-        function handleDeletePost(postId) {
-            tg.showConfirm(texts.deleteConfirm, (confirmed) => {
-                if (confirmed) {
-                    tg.HapticFeedback.impactOccurred('medium');
-                    apiCall(`/api/posts/${postId}`, 'DELETE')
-                        .then(() => {
-                            tg.HapticFeedback.notificationOccurred('success');
-                            tg.showAlert(texts.postDeleted);
-                            loadUserWall(currentTargetUser ? currentTargetUser.id : currentUser.id); 
-                        })
-                        .catch(err => {
-                            tg.HapticFeedback.notificationOccurred('error');
-                            tg.showAlert(texts.failedDelete);
-                        });
+        document.querySelectorAll('.nav-button').forEach(button => {
+            button.addEventListener('click', () => {
+                const view = button.dataset.view;
+                if (view === 'new_post') {
+                    loadView('new_post', currentUser.id); // Default to posting on own wall
                 } else {
-                    tg.HapticFeedback.impactOccurred('light');
+                    loadView(view);
                 }
             });
-        }
-
-        async function init() {
-            tg.ready();
-            applyThemeParams();
-            tg.expand();
-            tg.enableClosingConfirmation();
-
-            tg.onEvent('themeChanged', applyThemeParams);
-            
-            try {
-                const authResponse = await apiCall('/api/auth_user', 'POST', { init_data: tg.initData });
-                currentUser = authResponse.user;
-            } catch (error) {
-                console.error("Auth error:", error);
-                // Handle auth failure (e.g., show error message)
-            }
-
-            document.querySelectorAll('.nav-button').forEach(button => {
-                button.addEventListener('click', () => loadView(button.dataset.nav));
-            });
-            
-            loadView('my_wall');
-        }
+        });
+    }
 
-        init();
-    </script>
+    init();
+</script>
 </body>
 </html>
 '''
 
-ADMIN_TEMPLATE = '''
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>TonTalent Admin</title>
-    <style>
-        body { font-family: sans-serif; margin: 20px; background-color: #f4f4f4; color: #333; }
-        .container { background-color: #fff; padding: 20px; border-radius: 8px; box-shadow: 0 0 10px rgba(0,0,0,0.1); }
-        h1, h2 { color: #333; }
-        .section { margin-bottom: 30px; padding: 15px; border: 1px solid #ddd; border-radius: 5px; background-color: #f9f9f9;}
-        .item { border-bottom: 1px solid #eee; padding: 10px 0; }
-        .item:last-child { border-bottom: none; }
-        .item h3 { margin: 0 0 5px 0; }
-        .item p { margin: 3px 0; font-size: 0.9em; color: #555; }
-        .button { padding: 8px 15px; border: none; border-radius: 4px; cursor: pointer; font-size: 0.9em; margin-right: 5px; }
-        .button-primary { background-color: #007bff; color: white; }
-        .button-danger { background-color: #dc3545; color: white; }
-        .button-secondary { background-color: #6c757d; color: white; }
-        .message { padding: 10px; margin-bottom: 15px; border-radius: 4px; }
-        .message.success { background-color: #d4edda; color: #155724; border: 1px solid #c3e6cb; }
-        .message.error { background-color: #f8d7da; color: #721c24; border: 1px solid #f5c6cb; }
-        .message.warning { background-color: #fff3cd; color: #856404; border: 1px solid #ffeeba; }
-        .sync-buttons form { display: inline-block; margin-right: 10px; }
-    </style>
-</head>
-<body>
-    <div class="container">
-        <h1>TonTalent Wall Admin Panel</h1>
-
-        {% with messages = get_flashed_messages(with_categories=true) %}
-            {% if messages %}
-                {% for category, message in messages %}
-                    <div class="message {{ category }}">{{ message }}</div>
-                {% endfor %}
-            {% endif %}
-        {% endwith %}
-
-        <div class="section">
-            <h2>Data Synchronization with Hugging Face</h2>
-            <div class="sync-buttons">
-                <form method="POST" action="{{ url_for('force_upload_admin') }}" onsubmit="return confirm('Upload local data to Hugging Face? This will overwrite server data.');">
-                    <button type="submit" class="button button-primary">Upload DB to HF</button>
-                </form>
-                <form method="POST" action="{{ url_for('force_download_admin') }}" onsubmit="return confirm('Download data from Hugging Face? This will overwrite local data.');">
-                    <button type="submit" class="button button-secondary">Download DB from HF</button>
-                </form>
-            </div>
-            <p style="font-size: 0.8em; color: #666;">Automatic backup runs every 30 minutes if HF_TOKEN_WRITE is set.</p>
-        </div>
-
-        <div class="section">
-            <h2>Users ({{ users|length }})</h2>
-            {% for user_id, user in users.items() %}
-            <div class="item">
-                <h3>{{ user.first_name }} {% if user.last_name %}{{ user.last_name }}{% endif %} (@{{ user.username }})</h3>
-                <p>ID: {{ user.id }} | Last Seen: {{ user.last_seen.split('T')[0] }}</p>
-                <p>Chat ID (for notifications): {{ user.chat_id }}</p>
-                <form method="POST" action="{{ url_for('admin_delete_user') }}" style="display:inline;" onsubmit="return confirm('Delete user and all their posts/comments?');">
-                    <input type="hidden" name="user_id" value="{{ user.id }}">
-                    <button type="submit" class="button button-danger">Delete User</button>
-                </form>
-            </div>
-            {% else %}
-            <p>No users found.</p>
-            {% endfor %}
-        </div>
-
-        <div class="section">
-            <h2>Posts ({{ posts|length }})</h2>
-            {% for post in posts %}
-            <div class="item">
-                <h3>Post {{ post.id[:8] }}... to User {{ post.target_user_id }}</h3>
-                <p>Author ID: {{ post.user_id }} | Type: {{ post.type }} | Posted: {{ post.timestamp.split('T')[0] }}</p>
-                <p>Text: {{ post.text[:100] }}...</p>
-                {% if post.type != 'text' %}
-                    <p>Content: {{ post.content[:100] }}...</p>
-                {% endif %}
-                <form method="POST" action="{{ url_for('admin_delete_post') }}" style="display:inline;" onsubmit="return confirm('Delete this post?');">
-                    <input type="hidden" name="post_id" value="{{ post.id }}">
-                    <button type="submit" class="button button-danger">Delete Post</button>
-                </form>
-            </div>
-            {% else %}
-            <p>No posts found.</p>
-            {% endfor %}
-        </div>
-    </div>
-</body>
-</html>
-'''
 
 @app.route('/')
 def main_app_view():
-    return render_template_string(MAIN_APP_TEMPLATE)
+return render_template_string(MAIN_APP_TEMPLATE)
+
+--- BOOTSTRAP ---
+
+if name == 'main':
+logging.info("Application starting up. Performing initial data load/download...")
+download_db_from_hf()
+load_data()
+logging.info("Initial data load complete.")
+
+code
+Code
+download
+content_copy
+expand_less
+if HF_TOKEN_WRITE:
+    backup_thread = threading.Thread(target=periodic_backup, daemon=True)
+    backup_thread.start()
+    logging.info("Periodic backup thread started.")
+else:
+    logging.warning("Periodic backup will NOT run (HF_TOKEN_WRITE not set).")
+
+port = int(os.environ.get('PORT', 7860))
+logging.info(f"Starting Flask app on host 0.0.0.0 and port {port}")
+app.run(debug=False, host='0.0.0.0', port=port)
 
-@app.route('/api/auth_user', methods=['POST'])
-def auth_user():
-    auth_data_str = request.headers.get('X-Telegram-Auth')
-    if not auth_data_str:
-        init_data_payload = request.json.get('init_data')
-        if init_data_payload:
-            auth_data_str = init_data_payload
-        else:
-            return jsonify({"error": "Authentication data not provided"}), 401
-
-    is_valid, user_data_from_auth = verify_telegram_auth_data(auth_data_str, TELEGRAM_BOT_TOKEN)
-
-    if not is_valid or not user_data_from_auth:
-        return jsonify({"error": "Invalid authentication data"}), 403
-
-    data = load_data()
-    users = data.get('users', {})
-    user_id_str = str(user_data_from_auth.get('id'))
-
-    if user_id_str not in users:
-        users[user_id_str] = {
-            'id': user_data_from_auth.get('id'),
-            'first_name': user_data_from_auth.get('first_name'),
-            'last_name': user_data_from_auth.get('last_name'),
-            'username': user_data_from_auth.get('username'),
-            'language_code': user_data_from_auth.get('language_code'),
-            'photo_url': user_data_from_auth.get('photo_url'),
-            'chat_id': user_id_str,
-            'first_seen': datetime.now().isoformat()
-        }
-    
-    users[user_id_str]['last_seen'] = datetime.now().isoformat()
-    if user_data_from_auth.get('photo_url'):
-        users[user_id_str]['photo_url'] = user_data_from_auth.get('photo_url')
-    if user_data_from_auth.get('username'):
-        users[user_id_str]['username'] = user_data_from_auth.get('username')
-    
-    data['users'] = users
-    save_data(data)
-    
-    return jsonify({"message": "User authenticated", "user": users[user_id_str]}), 200
-
-@app.route('/api/users', methods=['GET'])
-def get_all_users():
-    data = load_data()
-    users = list(data.get('users', {}).values())
-    users.sort(key=lambda u: u.get('first_name', '').lower())
-    for user in users:
-        user.pop('chat_id', None)
-    return jsonify(users), 200
-
-@app.route('/api/users/<user_id>/wall', methods=['GET'])
-def get_user_wall(user_id):
-    data = load_data()
-    all_posts = data.get('posts', [])
-    wall_posts = [p for p in all_posts if str(p.get('target_user_id')) == str(user_id)]
-    
-    wall_posts.sort(key=lambda x: x.get('timestamp', ''), reverse=True)
-    
-    users = data.get('users', {})
-    for post in wall_posts:
-        author = users.get(str(post.get('user_id')))
-        if author:
-            post['author_username'] = author.get('username', 'anonymous')
-            post['author_first_name'] = author.get('first_name', 'Anonymous')
-            post['author_photo_url'] = author.get('photo_url')
-
-    return jsonify(wall_posts), 200
-
-@app.route('/api/posts', methods=['POST'])
-def create_post():
-    author = get_authenticated_user_details(request.headers)
-    if not author:
-        return jsonify({"error": "Authentication required or user not found in DB"}), 401
-
-    req_data = request.json
-    target_user_id = str(req_data.get('target_user_id'))
-    post_text = req_data.get('text', '').strip()
-    post_type = req_data.get('type', 'text')
-    post_content = req_data.get('content', '').strip()
-
-    if not target_user_id or (not post_text and not post_content):
-        return jsonify({"error": "Missing target user ID or post content"}), 400
-    
-    if post_type not in ['text', 'photo', 'video', 'document']:
-        return jsonify({"error": "Invalid post type"}), 400
-
-    data = load_data()
-    target_user = data.get('users', {}).get(target_user_id)
-    if not target_user:
-        return jsonify({"error": "Target user not found"}), 404
-        
-    if post_type != 'text' and not post_content:
-        return jsonify({"error": f"Content is required for post type {post_type}"}), 400
-
-    new_post = {
-        "id": str(uuid.uuid4()),
-        "user_id": str(author.get('id')),
-        "target_user_id": target_user_id,
-        "text": post_text,
-        "type": post_type,
-        "content": post_content,
-        "timestamp": datetime.now().isoformat(),
-    }
-    
-    data['posts'].append(new_post)
-    save_data(data)
-
-    if str(author.get('id')) != target_user_id:
-        author_name = author.get('first_name', 'Someone')
-        author_username = author.get('username')
-        notification_message = (
-            f"<b>New post on your wall!</b>\n\n"
-            f"{author_name} ({f'@{author_username}' if author_username else 'ID: ' + str(author['id'])}) "
-            f"left a message: <i>{post_text[:50]}...</i>"
-        )
-        notify_user(target_user.get('chat_id'), notification_message)
-
-    return jsonify(new_post), 201
-
-@app.route('/api/posts/<post_id>', methods=['DELETE'])
-def delete_post(post_id):
-    user = get_authenticated_user_details(request.headers)
-    if not user: return jsonify({"error": "Authentication required or user not found in DB"}), 401
-
-    data = load_data()
-    posts_list = data.get('posts', [])
-    original_length = len(posts_list)
-    
-    post_to_delete = next((p for p in posts_list if p['id'] == post_id), None)
-    if not post_to_delete: return jsonify({"error": "Post not found"}), 404
-
-    if str(post_to_delete.get('user_id')) != str(user.get('id')):
-        return jsonify({"error": "Forbidden: You can only delete your own posts"}), 403
-
-    data['posts'] = [p for p in posts_list if p['id'] != post_id]
-    
-    if len(data['posts']) < original_length:
-        save_data(data)
-        return jsonify({"message": "Post deleted successfully"}), 200
-    return jsonify({"error": "Post not found or deletion failed"}), 404
-
-@app.route('/admin', methods=['GET'])
-def admin_panel():
-    data = load_data()
-    sorted_users = dict(sorted(data.get('users', {}).items(), key=lambda item: item[1].get('last_seen', ''), reverse=True))
-    sorted_posts = sorted(data.get('posts', []), key=lambda x: x.get('timestamp', ''), reverse=True)
-    
-    return render_template_string(ADMIN_TEMPLATE,
-                                  users=sorted_users,
-                                  posts=sorted_posts)
-
-@app.route('/admin/delete_user', methods=['POST'])
-def admin_delete_user():
-    user_id = request.form.get('user_id')
-    
-    data = load_data()
-    if user_id in data.get('users', {}):
-        del data['users'][user_id]
-        
-        data['posts'] = [p for p in data.get('posts', []) if str(p.get('user_id')) != user_id and str(p.get('target_user_id')) != user_id]
-        
-        save_data(data)
-        flash(f"User {user_id} and all related posts deleted successfully.", 'success')
-    else:
-        flash("User not found.", 'warning')
-    return redirect(url_for('admin_panel'))
-
-@app.route('/admin/delete_post', methods=['POST'])
-def admin_delete_post():
-    post_id = request.form.get('post_id')
-    
-    data = load_data()
-    posts_list = data.get('posts', [])
-    original_length = len(posts_list)
-    
-    data['posts'] = [p for p in posts_list if p['id'] != post_id]
-
-    if len(data['posts']) < original_length:
-        save_data(data)
-        flash('Post deleted successfully.', 'success')
-    else:
-        flash('Post not found or already deleted.', 'warning')
-    return redirect(url_for('admin_panel'))
-
-@app.route('/admin/force_upload', methods=['POST'])
-def force_upload_admin():
-    logging.info("Admin forcing upload to Hugging Face...")
-    try:
-        upload_db_to_hf()
-        flash("Data successfully uploaded to Hugging Face.", 'success')
-    except Exception as e:
-        logging.error(f"Error during forced upload: {e}", exc_info=True)
-        flash(f"Error uploading to Hugging Face: {e}", 'error')
-    return redirect(url_for('admin_panel'))
-
-@app.route('/admin/force_download', methods=['POST'])
-def force_download_admin():
-    logging.info("Admin forcing download from Hugging Face...")
-    try:
-        if download_db_from_hf():
-            flash("Data successfully downloaded from Hugging Face. Local files updated.", 'success')
-            load_data() 
-        else:
-            flash("Failed to download data from Hugging Face. Check logs.", 'error')
-    except Exception as e:
-        logging.error(f"Error during forced download: {e}", exc_info=True)
-        flash(f"Error downloading from Hugging Face: {e}", 'error')
-    return redirect(url_for('admin_panel'))
-
-
-if __name__ == '__main__':
-    logging.info("Application starting up. Performing initial data load/download...")
-    download_db_from_hf() 
-    load_data()
-    logging.info("Initial data load complete.")
-
-    if HF_TOKEN_WRITE:
-        backup_thread = threading.Thread(target=periodic_backup, daemon=True)
-        backup_thread.start()
-        logging.info("Periodic backup thread started.")
-    else:
-        logging.warning("Periodic backup will NOT run (HF_TOKEN_WRITE not set).")
-
-    port = int(os.environ.get('PORT', 7860))
-    logging.info(f"Starting Flask app on host 0.0.0.0 and port {port}")
-    app.run(debug=False, host='0.0.0.0', port=port)