diff --git "a/app.py" "b/app.py"
--- "a/app.py"
+++ "b/app.py"
@@ -1,12 +1,13 @@
+# --- START OF FILE app.py ---
 import os
 import hmac
 import hashlib
 import json
-from urllib.parse import unquote, parse_qsl, quote
-from flask import Flask, request, jsonify, Response, send_file
+from urllib.parse import unquote, parse_qsl
+from flask import Flask, request, jsonify, Response, session, send_file
+import time
 import logging
 import threading
-import time
 from datetime import datetime
 from huggingface_hub import HfApi, hf_hub_download, utils as hf_utils
 from werkzeug.utils import secure_filename
@@ -15,84 +16,91 @@ from io import BytesIO
 import uuid
 
 # --- Configuration ---
-# VITAL: Set these environment variables or replace placeholders
-BOT_TOKEN = os.environ.get('TELEGRAM_BOT_TOKEN', 'YOUR_BOT_TOKEN') # Your Telegram Bot Token for validation
-HF_TOKEN_WRITE = os.environ.get('HF_TOKEN') # Your Hugging Face WRITE token
-HF_TOKEN_READ = os.environ.get('HF_TOKEN_READ') or HF_TOKEN_WRITE # Your Hugging Face READ token (falls back to WRITE)
-REPO_ID = os.environ.get('HF_REP' , 'Eluza133/Z1e1u') # e.g., "Eluza133/Z1e1u"
-FLASK_SECRET_KEY = os.getenv("FLASK_SECRET_KEY", "a_very_secret_key_for_flask") # For potential future session use, though limited here
-
-HOST = '0.0.0.0'
-PORT = 7860
-DATA_FILE = 'cloudeng_mini_app_data.json' # Changed filename to avoid conflicts
-UPLOAD_FOLDER = 'mini_app_uploads'
+BOT_TOKEN = os.environ.get('TELEGRAM_BOT_TOKEN', 'YOUR_BOT_TOKEN') # ВАЖНО: Замените или используйте env!
+HF_TOKEN_WRITE = os.environ.get("HF_TOKEN")
+HF_TOKEN_READ = os.environ.get("HF_TOKEN_READ") or HF_TOKEN_WRITE
+FLASK_SECRET_KEY = os.environ.get("FLASK_SECRET_KEY", "supersecretkey_mini_app_unique")
+REPO_ID = "Eluza133/Z1e1u" # Ваш репозиторий HF
+DATA_FILE = 'cloudeng_telegram_data.json' # Файл данных для TG версии
+UPLOAD_FOLDER = 'uploads_tg'
 os.makedirs(UPLOAD_FOLDER, exist_ok=True)
+AUTH_DATA_LIFETIME = 3600 # Время жизни initData (1 час)
 
 # --- Flask App Initialization ---
 app = Flask(__name__)
 app.secret_key = FLASK_SECRET_KEY
-logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')
-
-# --- Telegram Validation Logic ---
-AUTH_DATA_LIFETIME = 3600 # 1 hour validity for initData
-
-def check_telegram_authorization(auth_data: str, bot_token: str) -> dict | None:
-    if not auth_data: return None
-    try:
-        parsed_data = dict(parse_qsl(unquote(auth_data)))
-        if "hash" not in parsed_data: return None
-        telegram_hash = parsed_data.pop('hash')
-        auth_date_ts = int(parsed_data.get('auth_date', 0))
-        if time.time() - auth_date_ts > AUTH_DATA_LIFETIME: return None # Expired
-        data_check_string = "\n".join(sorted([f"{k}={v}" for k, v in parsed_data.items()]))
-        secret_key = hmac.new("WebAppData".encode(), bot_token.encode(), hashlib.sha256).digest()
-        calculated_hash = hmac.new(secret_key, data_check_string.encode(), hashlib.sha256).hexdigest()
-        if calculated_hash == telegram_hash:
-            user_data = parsed_data.get('user')
-            if user_data: return json.loads(user_data)
-            return {} # Valid but no user data? Return empty dict
-        return None # Hash mismatch
-    except Exception as e:
-        logging.error(f"Telegram validation error: {e}")
-        return None
+logging.basicConfig(level=logging.INFO)
 
-# --- Filesystem Logic ---
+# --- Helper Functions ---
 def find_node_by_id(filesystem, node_id):
-    if not filesystem: return None, None
-    if filesystem.get('id') == node_id: return filesystem, None
+    if not filesystem or not isinstance(filesystem, dict):
+        return None, None
+    if filesystem.get('id') == node_id:
+        return filesystem, None
     queue = [(filesystem, None)]
     while queue:
         current_node, parent = queue.pop(0)
-        if current_node.get('type') == 'folder' and 'children' in current_node:
+        if current_node.get('type') == 'folder' and 'children' in current_node and isinstance(current_node['children'], list):
             for child in current_node['children']:
-                if child.get('id') == node_id: return child, current_node
-                if child.get('type') == 'folder': queue.append((child, current_node))
+                 if isinstance(child, dict): # Добавлена проверка типа
+                     if child.get('id') == node_id:
+                         return child, current_node
+                     if child.get('type') == 'folder':
+                         queue.append((child, current_node))
     return None, None
 
 def add_node(filesystem, parent_id, node_data):
     parent_node, _ = find_node_by_id(filesystem, parent_id)
     if parent_node and parent_node.get('type') == 'folder':
-        if 'children' not in parent_node: parent_node['children'] = []
+        if 'children' not in parent_node or not isinstance(parent_node['children'], list):
+            parent_node['children'] = []
         parent_node['children'].append(node_data)
         return True
     return False
 
 def remove_node(filesystem, node_id):
     node_to_remove, parent_node = find_node_by_id(filesystem, node_id)
-    if node_to_remove and parent_node and 'children' in parent_node:
-        parent_node['children'] = [child for child in parent_node['children'] if child.get('id') != node_id]
+    if node_to_remove and parent_node and 'children' in parent_node and isinstance(parent_node['children'], list):
+        parent_node['children'] = [child for child in parent_node['children'] if not isinstance(child, dict) or child.get('id') != node_id]
         return True
-    elif node_to_remove and not parent_node: # Trying to remove root? Disallow.
-        return False
-    return False # Node not found or parent invalid
-
-def initialize_user_filesystem(user_id_str):
-    return {
-        "type": "folder",
-        "id": "root",
-        "name": "root",
-        "children": []
-    }
+    return False
+
+def get_node_path_string(filesystem, node_id):
+    path_list = []
+    current_id = node_id
+    visited = set() # Защита от циклов
+
+    while current_id and current_id not in visited:
+        visited.add(current_id)
+        node, parent = find_node_by_id(filesystem, current_id)
+        if not node: break
+        if node.get('id') != 'root':
+             path_list.append(node.get('name', node.get('original_filename', '')))
+        if not parent: break
+        current_id = parent.get('id') if parent else None
+    return " / ".join(reversed(path_list)) or "Root"
+
+def initialize_user_filesystem(user_data):
+    if 'filesystem' not in user_data or not isinstance(user_data.get('filesystem'), dict):
+        user_data['filesystem'] = {
+            "type": "folder",
+            "id": "root",
+            "name": "root",
+            "children": []
+        }
+
+def get_file_type(filename):
+    filename_lower = filename.lower()
+    if filename_lower.endswith(('.mp4', '.mov', '.avi', '.webm', '.mkv')): return 'video'
+    if filename_lower.endswith(('.jpg', '.jpeg', '.png', '.gif', '.bmp', '.webp', '.svg')): return 'image'
+    if filename_lower.endswith('.pdf'): return 'pdf'
+    if filename_lower.endswith('.txt'): return 'text'
+    if filename_lower.endswith(('.doc', '.docx')): return 'doc'
+    if filename_lower.endswith(('.xls', '.xlsx')): return 'xls'
+    if filename_lower.endswith(('.ppt', '.pptx')): return 'ppt'
+    if filename_lower.endswith(('.zip', '.rar', '.7z', '.tar', '.gz')): return 'archive'
+    if filename_lower.endswith(('.mp3', '.wav', '.ogg', '.aac', '.flac')): return 'audio'
+    return 'other'
 
 # --- Data Persistence ---
 data_lock = threading.Lock()
@@ -101,229 +109,366 @@ def load_data():
     with data_lock:
         try:
             download_db_from_hf()
-            if not os.path.exists(DATA_FILE):
-                 logging.warning(f"{DATA_FILE} not found locally after potential download attempt. Initializing empty.")
-                 return {'users': {}}
-            with open(DATA_FILE, 'r', encoding='utf-8') as file:
-                data = json.load(file)
-                if not isinstance(data, dict): return {'users': {}}
-                data.setdefault('users', {})
-                # No filesystem initialization here, do it on first access if needed
-                return data
+            if os.path.exists(DATA_FILE) and os.path.getsize(DATA_FILE) > 0:
+                with open(DATA_FILE, 'r', encoding='utf-8') as file:
+                    data = json.load(file)
+                    if not isinstance(data, dict):
+                        logging.warning(f"{DATA_FILE} is not a dict, initializing.")
+                        data = {'users': {}}
+            else:
+                data = {'users': {}}
+
+            data.setdefault('users', {})
+            # Ensure all users have initialized filesystem
+            for user_id, user_data in data['users'].items():
+                if isinstance(user_data, dict): # Check if user_data is a dict
+                    initialize_user_filesystem(user_data)
+                else:
+                    logging.warning(f"Invalid data format for user {user_id}, re-initializing.")
+                    data['users'][user_id] = {} # Initialize as empty dict or default structure
+                    initialize_user_filesystem(data['users'][user_id])
+
+
+            logging.info("Data loaded/initialized")
+            return data
+        except json.JSONDecodeError:
+            logging.error(f"Error decoding JSON from {DATA_FILE}. Returning empty data.")
+            return {'users': {}}
         except Exception as e:
             logging.error(f"Error loading data: {e}")
-            return {'users': {}} # Return default structure on error
+            return {'users': {}}
 
 def save_data(data):
-     with data_lock:
+    with data_lock:
         try:
-            # Ensure user data integrity before saving
+            # Ensure filesystem structure is valid before saving
             for user_id, user_data in data.get('users', {}).items():
-                if 'filesystem' not in user_data or not isinstance(user_data['filesystem'], dict):
-                    logging.warning(f"Filesystem missing or invalid for user {user_id}. Reinitializing.")
-                    user_data['filesystem'] = initialize_user_filesystem(user_id)
-                if 'user_info' not in user_data or not isinstance(user_data['user_info'], dict):
-                     logging.warning(f"User info missing for user {user_id}.")
-                     # Optionally add placeholder if needed: user_data['user_info'] = {'id': user_id}
+                if isinstance(user_data, dict):
+                    initialize_user_filesystem(user_data) # Ensures filesystem exists and is a dict
 
             with open(DATA_FILE, 'w', encoding='utf-8') as file:
                 json.dump(data, file, ensure_ascii=False, indent=4)
             upload_db_to_hf()
-            logging.info("Data saved and upload initiated.")
+            logging.info("Data saved and uploaded to HF")
         except Exception as e:
             logging.error(f"Error saving data: {e}")
-            # Optionally raise e to signal failure upstream
+            # Optionally re-raise or handle appropriately
+            # raise
 
-# --- Hugging Face Integration ---
 def upload_db_to_hf():
-    if not HF_TOKEN_WRITE or not REPO_ID:
-        logging.warning("HF_TOKEN_WRITE or REPO_ID not set, skipping database upload.")
+    if not HF_TOKEN_WRITE:
+        logging.warning("HF_TOKEN_WRITE not set, skipping database upload.")
+        return
+    if not os.path.exists(DATA_FILE):
+        logging.warning(f"{DATA_FILE} not found, skipping upload.")
         return
     try:
         api = HfApi()
         api.upload_file(
-            path_or_fileobj=DATA_FILE, path_in_repo=DATA_FILE, repo_id=REPO_ID, repo_type="dataset", token=HF_TOKEN_WRITE,
-            commit_message=f"Backup {datetime.now().strftime('%Y-%m-%d_%H-%M-%S')}"
+            path_or_fileobj=DATA_FILE, path_in_repo=DATA_FILE, repo_id=REPO_ID,
+            repo_type="dataset", token=HF_TOKEN_WRITE,
+            commit_message=f"Backup TG App {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}"
         )
-        logging.info(f"Database {DATA_FILE} uploaded to HF dataset {REPO_ID}")
+        logging.info("Database uploaded to Hugging Face")
     except Exception as e:
-        logging.error(f"Error uploading database to HF: {e}")
+        logging.error(f"Error uploading database: {e}")
 
 def download_db_from_hf():
-    if not HF_TOKEN_READ or not REPO_ID:
-        logging.warning("HF_TOKEN_READ or REPO_ID not set, skipping database download.")
+    if not HF_TOKEN_READ:
+        logging.warning("HF_TOKEN_READ not set, skipping database download.")
+        if not os.path.exists(DATA_FILE):
+             with open(DATA_FILE, 'w', encoding='utf-8') as f: json.dump({'users': {}}, f)
         return
     try:
         hf_hub_download(
             repo_id=REPO_ID, filename=DATA_FILE, repo_type="dataset", token=HF_TOKEN_READ,
-            local_dir=".", local_dir_use_symlinks=False, resume_download=True
+            local_dir=".", local_dir_use_symlinks=False, etag_timeout=60 # Increased timeout
         )
-        logging.info(f"Database {DATA_FILE} downloaded from HF dataset {REPO_ID}")
-        return True
+        logging.info("Database downloaded from Hugging Face")
     except hf_utils.EntryNotFoundError:
-        logging.warning(f"{DATA_FILE} not found in HF repo {REPO_ID}. Will use/create local.")
-        return False
+        logging.warning(f"{DATA_FILE} not found in repo. Initializing empty DB locally.")
+        if not os.path.exists(DATA_FILE):
+            with open(DATA_FILE, 'w', encoding='utf-8') as f: json.dump({'users': {}}, f)
     except Exception as e:
-        logging.error(f"Error downloading database from HF: {e}")
-        return False
+        logging.error(f"Error downloading database: {e}")
+        if not os.path.exists(DATA_FILE):
+            with open(DATA_FILE, 'w', encoding='utf-8') as f: json.dump({'users': {}}, f)
 
 def periodic_backup():
     while True:
         time.sleep(1800) # Backup every 30 minutes
-        logging.info("Initiating periodic data backup.")
-        all_data = load_data() # Load current state
-        save_data(all_data) # Save and upload
+        logging.info("Starting periodic backup...")
+        data = load_data() # Load current data before saving
+        save_data(data)
 
-def get_file_type(filename):
-    filename_lower = filename.lower()
-    if filename_lower.endswith(('.mp4', '.mov', '.avi', '.webm', '.mkv')): return 'video'
-    if filename_lower.endswith(('.jpg', '.jpeg', '.png', '.gif', '.bmp', '.webp', '.svg')): return 'image'
-    if filename_lower.endswith('.pdf'): return 'pdf'
-    if filename_lower.endswith(('.txt', '.log', '.md', '.py', '.js', '.css', '.html', '.json', '.xml')): return 'text'
-    if filename_lower.endswith(('.mp3', '.wav', '.ogg', '.aac', '.flac')): return 'audio'
-    return 'other'
+# --- Telegram Validation ---
+def check_telegram_authorization(auth_data: str, bot_token: str) -> dict | None:
+    if not auth_data: return None
+    try:
+        parsed_data = dict(parse_qsl(unquote(auth_data)))
+        if "hash" not in parsed_data: return None
+
+        telegram_hash = parsed_data.pop('hash')
+        auth_date_ts = int(parsed_data.get('auth_date', 0))
+        current_ts = int(time.time())
+        if current_ts - auth_date_ts > AUTH_DATA_LIFETIME:
+             logging.warning(f"Auth data expired: {current_ts - auth_date_ts} seconds old.")
+             return None
 
-# --- HTML, CSS, JS Template ---
+        data_check_string = "\n".join(sorted([f"{k}={v}" for k, v in parsed_data.items()]))
+        secret_key = hmac.new("WebAppData".encode(), bot_token.encode(), hashlib.sha256).digest()
+        calculated_hash = hmac.new(secret_key, data_check_string.encode(), hashlib.sha256).hexdigest()
+
+        if calculated_hash == telegram_hash:
+            user_data_str = parsed_data.get('user')
+            if user_data_str:
+                try:
+                    return json.loads(user_data_str)
+                except json.JSONDecodeError:
+                    logging.error("Failed to decode user JSON from initData")
+                    return None
+            return {} # Valid hash, but no user field? Return empty dict
+        else:
+            logging.warning("Hash mismatch during validation.")
+            return None
+    except Exception as e:
+        logging.error(f"Error during Telegram validation: {e}")
+        return None
+
+# --- HTML Template ---
 HTML_TEMPLATE = """
 <!DOCTYPE html>
 <html lang="ru">
 <head>
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
-    <title>Zeus Cloud Mini</title>
+    <title>Zeus Cloud</title>
     <script src="https://telegram.org/js/telegram-web-app.js"></script>
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css"> <!-- Font Awesome for icons -->
     <style>
         :root {
-            --tg-theme-bg-color: var(--tg-bg-color, #efeff4);
+            --tg-theme-bg-color: var(--tg-bg-color, #ffffff);
             --tg-theme-text-color: var(--tg-text-color, #000000);
             --tg-theme-hint-color: var(--tg-hint-color, #999999);
-            --tg-theme-link-color: var(--tg-link-color, #007aff);
-            --tg-theme-button-color: var(--tg-button-color, #007aff);
+            --tg-theme-link-color: var(--tg-link-color, #2481cc);
+            --tg-theme-button-color: var(--tg-button-color, #5288c1);
             --tg-theme-button-text-color: var(--tg-button-text-color, #ffffff);
-            --tg-theme-secondary-bg-color: var(--tg-secondary-bg-color, #ffffff);
+            --tg-theme-secondary-bg-color: var(--tg-secondary-bg-color, #f1f1f1);
             --tg-viewport-height: var(--tg-viewport-stable-height, 100vh);
-            --font-family-sans-serif: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
-            --border-color: #c8c7cc;
-            --active-color: #d9d9d9;
-            --danger-color: #ff3b30;
-            --folder-color: #ffcc00;
-            --shadow-color: rgba(0, 0, 0, 0.1);
+            --tg-header-color: var(--tg-header-bg-color, #ffffff);
+            --border-color: var(--tg-secondary-bg-color);
+            --hover-bg-color: rgba(0, 0, 0, 0.05); /* Subtle hover for light theme */
+            --ios-blue: #007AFF;
+            --ios-red: #FF3B30;
+            --ios-gray: #8E8E93;
+            --ios-light-gray: #C7C7CC;
+            --ios-bg-grouped: #F2F2F7;
+            --ios-separator: #C6C6C8;
         }
-        html { box-sizing: border-box; }
+
+        @media (prefers-color-scheme: dark) {
+            :root {
+                --hover-bg-color: rgba(255, 255, 255, 0.1);
+                --ios-bg-grouped: #1C1C1E;
+                --ios-separator: #38383A;
+            }
+            body.dark { /* Force dark mode styles if needed */
+               --tg-theme-bg-color: var(--tg-bg-color, #000000);
+               --tg-theme-text-color: var(--tg-text-color, #ffffff);
+               --tg-theme-hint-color: var(--tg-hint-color, #7f7f7f);
+               --tg-theme-link-color: var(--tg-link-color, #2ea6ff);
+               --tg-theme-button-color: var(--tg-button-color, #5288c1);
+               --tg-theme-button-text-color: var(--tg-button-text-color, #ffffff);
+               --tg-theme-secondary-bg-color: var(--tg-secondary-bg-color, #1c1c1e);
+               --tg-header-color: var(--tg-header-bg-color, #1c1c1e);
+               --border-color: var(--tg-secondary-bg-color);
+            }
+        }
+
+        html { box-sizing: border-box; -webkit-text-size-adjust: 100%; }
         *, *:before, *:after { box-sizing: inherit; }
+
         body {
-            margin: 0; padding: 0; font-family: var(--font-family-sans-serif); font-size: 17px;
-            background-color: var(--tg-theme-bg-color); color: var(--tg-theme-text-color);
-            display: flex; flex-direction: column; height: var(--tg-viewport-height);
-            overflow: hidden; -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale;
-            overscroll-behavior-y: none; /* Prevent pull-to-refresh */
+            font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif;
+            margin: 0;
+            padding: 0;
+            background-color: var(--tg-theme-bg-color);
+            color: var(--tg-theme-text-color);
+            font-size: 17px;
+            line-height: 1.4;
+            min-height: var(--tg-viewport-height);
+            display: flex;
+            flex-direction: column;
+            -webkit-font-smoothing: antialiased;
+            -moz-osx-font-smoothing: grayscale;
         }
-        #app { display: flex; flex-direction: column; height: 100%; }
+
         .header {
-            background-color: var(--tg-theme-secondary-bg-color); border-bottom: 1px solid var(--border-color);
-            padding: 10px 15px; flex-shrink: 0;
-            display: flex; justify-content: space-between; align-items: center;
-            position: sticky; top: 0; z-index: 10;
+            background-color: var(--tg-header-color);
+            padding: 10px 15px;
+            border-bottom: 1px solid var(--border-color);
+            display: flex;
+            align-items: center;
+            justify-content: space-between;
+            position: sticky;
+            top: 0;
+            z-index: 100;
+            min-height: 44px;
         }
-        .header h1 { font-size: 17px; font-weight: 600; margin: 0; text-align: center; flex-grow: 1; }
-        .header .user-info { font-size: 13px; color: var(--tg-theme-hint-color); text-align: right; }
-        .breadcrumbs {
-            font-size: 13px; padding: 8px 15px; background-color: var(--tg-theme-bg-color);
-            color: var(--tg-theme-hint-color); white-space: nowrap; overflow-x: auto; border-bottom: 1px solid var(--border-color);
-            flex-shrink: 0;
+        .header-title { font-weight: 600; font-size: 17px; }
+        .header-actions button { background: none; border: none; color: var(--tg-theme-link-color); font-size: 17px; cursor: pointer; padding: 5px; }
+
+        .main-content { padding: 15px; flex-grow: 1; }
+
+        .loading, .error { text-align: center; padding: 40px 15px; color: var(--tg-theme-hint-color); }
+        .error { color: var(--ios-red); }
+
+        .breadcrumbs { margin-bottom: 15px; font-size: 14px; color: var(--tg-theme-hint-color); word-break: break-all; }
+        .breadcrumbs a { color: var(--tg-theme-link-color); text-decoration: none; }
+        .breadcrumbs span { margin: 0 3px; }
+
+        .folder-actions { background-color: var(--tg-theme-secondary-bg-color); padding: 10px; border-radius: 8px; margin-bottom: 15px; display: flex; gap: 10px; flex-wrap: wrap; }
+        .folder-actions input[type=text] { flex-grow: 1; padding: 8px 12px; border: 1px solid var(--border-color); background-color: var(--tg-theme-bg-color); color: var(--tg-theme-text-color); border-radius: 6px; font-size: 16px; min-width: 150px; }
+        .folder-actions .btn { font-size: 16px; padding: 8px 15px; }
+
+        .upload-section { margin-bottom: 15px; }
+        .upload-section input[type=file] { display: none; } /* Скрываем стандартный инпут */
+        .upload-label { /* Стилизуем лейбл как кнопку */
+            display: block; /* Или inline-block */
+            padding: 10px 15px;
+            background-color: var(--tg-theme-button-color);
+            color: var(--tg-theme-button-text-color);
+            border-radius: 8px;
+            cursor: pointer;
+            text-align: center;
+            font-weight: 500;
+            transition: opacity 0.2s;
         }
-        .breadcrumbs button { background: none; border: none; color: var(--tg-theme-link-color); padding: 0; font-size: inherit; cursor: pointer; }
-        .breadcrumbs span { margin: 0 4px; }
-        .main-content { flex-grow: 1; overflow-y: auto; background-color: var(--tg-theme-bg-color); padding: 0; }
-        .item-list { list-style: none; margin: 0; padding: 0; }
+        .upload-label:hover { opacity: 0.85; }
+        .upload-label i { margin-right: 8px; }
+
+
+        .item-list { list-style: none; padding: 0; margin: 0; }
         .item {
-            display: flex; align-items: center; padding: 12px 15px;
-            background-color: var(--tg-theme-secondary-bg-color);
-            border-bottom: 1px solid var(--border-color); cursor: pointer;
-        }
-        .item:active { background-color: var(--active-color); }
-        .item-icon { font-size: 28px; margin-right: 15px; width: 30px; text-align: center; flex-shrink: 0; }
-        .item-icon.folder { color: var(--folder-color); }
-        .item-icon.image { color: var(--tg-theme-link-color); }
-        .item-icon.video { color: #ff9500; }
-        .item-icon.audio { color: #ff2d55; }
-        .item-icon.pdf { color: #ff3b30; }
-        .item-icon.text { color: #5856d6; }
-        .item-icon.other { color: var(--tg-theme-hint-color); }
-        .item-details { flex-grow: 1; min-width: 0; } /* Prevent overflow */
-        .item-name { font-size: 17px; display: block; white-space: nowrap; overflow: hidden; text-overflow: ellipsis; }
-        .item-meta { font-size: 13px; color: var(--tg-theme-hint-color); margin-top: 2px; white-space: nowrap; overflow: hidden; text-overflow: ellipsis; }
-        .item-actions { flex-shrink: 0; display: flex; gap: 8px; align-items: center; margin-left: 10px;}
-        .action-button {
-            background: none; border: none; padding: 5px; cursor: pointer; font-size: 20px;
-            color: var(--tg-theme-link-color); display: flex; align-items: center; justify-content: center;
-        }
-        .action-button.delete { color: var(--danger-color); }
-        .item-actions button:active { opacity: 0.6; }
-
-        .fab-container { position: fixed; bottom: 20px; right: 20px; z-index: 20; display: flex; flex-direction: column; gap: 10px; }
-        .fab {
-            width: 56px; height: 56px; background-color: var(--tg-theme-button-color); color: var(--tg-theme-button-text-color);
-            border-radius: 50%; border: none; display: flex; align-items: center; justify-content: center;
-            font-size: 28px; box-shadow: 0 2px 6px var(--shadow-color); cursor: pointer;
-            transition: transform 0.2s ease;
-        }
-        .fab:active { transform: scale(0.95); }
-        .fab-secondary {
-             width: 40px; height: 40px; font-size: 20px; background-color: var(--tg-theme-secondary-bg-color); color: var(--tg-theme-link-color);
+            display: flex;
+            align-items: center;
+            padding: 12px 15px;
+            border-bottom: 1px solid var(--ios-separator);
+            cursor: pointer;
+            background-color: var(--tg-theme-secondary-bg-color); /* Grouped background */
+            transition: background-color 0.2s ease;
         }
+         .item:first-child { border-top-left-radius: 10px; border-top-right-radius: 10px; }
+         .item:last-child { border-bottom-left-radius: 10px; border-bottom-right-radius: 10px; border-bottom: none; }
 
-        #upload-input { display: none; }
-        #loading-overlay {
-            position: fixed; top: 0; left: 0; width: 100%; height: 100%;
-            background-color: rgba(0, 0, 0, 0.5); color: white; display: none;
-            align-items: center; justify-content: center; z-index: 1000; text-align: center; flex-direction: column;
+        .item:hover { background-color: var(--hover-bg-color); }
+
+        .item-icon {
+            font-size: 24px;
+            width: 35px;
+            text-align: center;
+            margin-right: 15px;
+            flex-shrink: 0;
         }
-        #loading-spinner {
-            border: 4px solid rgba(255, 255, 255, 0.3); border-radius: 50%; border-top: 4px solid #fff;
-            width: 40px; height: 40px; animation: spin 1s linear infinite; margin-bottom: 15px;
+        .item-icon.fa-folder { color: var(--ios-blue); }
+        .item-icon.fa-file-lines { color: var(--ios-gray); } /* text */
+        .item-icon.fa-file-image { color: #34C759; } /* green */
+        .item-icon.fa-file-video { color: #FF9500; } /* orange */
+        .item-icon.fa-file-pdf { color: var(--ios-red); }
+        .item-icon.fa-file-audio { color: #AF52DE; } /* purple */
+        .item-icon.fa-file-archive { color: #5AC8FA; } /* light blue */
+        .item-icon.fa-file-word { color: #007AFF; } /* blue */
+        .item-icon.fa-file-excel { color: #34C759; } /* green */
+        .item-icon.fa-file-powerpoint { color: #FF9500; } /* orange */
+        .item-icon.fa-file-alt { color: var(--ios-light-gray); } /* other */
+
+        .item-details { flex-grow: 1; overflow: hidden; }
+        .item-name { font-weight: 500; white-space: nowrap; overflow: hidden; text-overflow: ellipsis; display: block; }
+        .item-meta { font-size: 13px; color: var(--tg-theme-hint-color); white-space: nowrap; overflow: hidden; text-overflow: ellipsis; margin-top: 2px; }
+
+        .item-actions { margin-left: 10px; display: flex; gap: 5px; flex-shrink: 0; }
+        .item-actions .btn { padding: 4px 8px; font-size: 13px; background: none; border: none; cursor: pointer; }
+        .item-actions .btn-download { color: var(--ios-blue); }
+        .item-actions .btn-preview { color: #AF52DE; } /* purple */
+        .item-actions .btn-delete { color: var(--ios-red); }
+
+        .empty-folder { text-align: center; color: var(--tg-theme-hint-color); padding: 30px 15px; }
+
+        .btn {
+            padding: 10px 18px;
+            background-color: var(--tg-theme-button-color);
+            color: var(--tg-theme-button-text-color);
+            border: none;
+            border-radius: 8px;
+            cursor: pointer;
+            font-size: 17px;
+            font-weight: 500;
+            transition: opacity 0.2s;
+            display: inline-block;
+            text-decoration: none;
+            text-align: center;
         }
-        @keyframes spin { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } }
-        #upload-progress-text { font-size: 14px; margin-top: 10px; }
+        .btn:hover { opacity: 0.85; }
+        .btn-delete { background-color: var(--ios-red); }
+        .btn-folder { background-color: var(--ios-blue); }
+        .btn-link { background: none; color: var(--tg-theme-link-color); padding: 5px; }
 
-        .modal {
-            display: none; position: fixed; top: 0; left: 0; width: 100%; height: 100%;
-            background: rgba(0, 0, 0, 0.85); z-index: 2000; justify-content: center; align-items: center;
-        }
+        #progress-container { width: calc(100% - 30px); margin: 15px auto; background: var(--tg-theme-secondary-bg-color); border-radius: 4px; display: none; position: relative; height: 8px; overflow: hidden; }
+        #progress-bar { width: 0%; height: 100%; background: var(--ios-blue); transition: width 0.3s ease; }
+        #progress-text { display: none; } /* Hide percentage text for cleaner look */
+
+        /* Modal Styles */
+        .modal { display: none; position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: rgba(0, 0, 0, 0.8); z-index: 2000; justify-content: center; align-items: center; }
         .modal-content { max-width: 95%; max-height: 95%; background: var(--tg-theme-secondary-bg-color); padding: 10px; border-radius: 14px; overflow: auto; position: relative; }
-        .modal img, .modal video, .modal iframe, .modal pre { max-width: 100%; max-height: 85vh; display: block; margin: auto; border-radius: 10px; }
-        .modal iframe { width: 80vw; height: 85vh; border: none; background: white; } /* Ensure iframe bg */
-        .modal pre { background: #eee; color: #333; padding: 15px; border-radius: 8px; white-space: pre-wrap; word-wrap: break-word; text-align: left; max-height: 85vh; overflow-y: auto; font-family: monospace; font-size: 14px; }
-        .modal-close-btn { position: absolute; top: 15px; right: 15px; font-size: 28px; color: #aaa; cursor: pointer; background: rgba(0,0,0,0.4); border-radius: 50%; width: 30px; height: 30px; line-height: 30px; text-align: center; z-index: 2010; }
-        .modal-content { background: var(--tg-theme-secondary-bg-color); }
-        .dark .modal pre { background: #2b2a33; color: var(--tg-theme-text-color); }
-        .dark .modal-close-btn { color: #ccc; background: rgba(255,255,255,0.2); }
-        .empty-folder { text-align: center; padding: 50px 20px; color: var(--tg-theme-hint-color); }
+        .modal img, .modal video, .modal iframe, .modal pre { max-width: 100%; max-height: 85vh; display: block; margin: auto; border-radius: 8px; }
+        .modal iframe { width: 90vw; height: 85vh; border: none; background: white; } /* Ensure PDF iframe has bg */
+        .modal pre { background: var(--tg-theme-bg-color); color: var(--tg-theme-text-color); padding: 15px; border-radius: 8px; white-space: pre-wrap; word-wrap: break-word; text-align: left; max-height: 85vh; overflow-y: auto; font-family: monospace; }
+        .modal-close-btn { position: absolute; top: 5px; right: 10px; font-size: 28px; color: var(--tg-theme-hint-color); cursor: pointer; background: rgba(0,0,0,0.1); border-radius: 50%; width: 30px; height: 30px; line-height: 30px; text-align: center; z-index: 2001;}
+
     </style>
 </head>
 <body>
     <div id="app">
-        <div class="header">
-            <h1>Zeus Cloud</h1>
-            <div class="user-info" id="user-info-header"></div>
-        </div>
-        <div class="breadcrumbs" id="breadcrumbs">Загрузка...</div>
-        <div class="main-content">
-            <ul class="item-list" id="item-list"></ul>
-            <div class="empty-folder" id="empty-folder-message" style="display: none;">Папка пуста</div>
+        <div class="loading" id="loading-indicator">
+            <p>Загрузка данных...</p>
         </div>
-        <div class="fab-container">
-             <!-- Optional secondary actions can go here -->
-             <button class="fab fab-secondary" id="create-folder-btn" title="Создать папку">📁</button>
-             <label for="upload-input" class="fab" title="Загрузить файл">➕</label>
-             <input type="file" id="upload-input" multiple>
+
+        <div class="error" id="error-indicator" style="display: none;">
+            <p id="error-message"></p>
+            <button class="btn" onclick="initializeApp()">Попробовать снова</button>
         </div>
-    </div>
 
-    <div id="loading-overlay">
-        <div id="loading-spinner"></div>
-        <span id="loading-text">Загрузка...</span>
-        <div id="upload-progress-text"></div>
+        <div id="file-manager" style="display: none;">
+            <div class="header">
+                 <button id="back-button" style="visibility: hidden;" onclick="goBack()"> <i class="fas fa-chevron-left"></i> Назад</button>
+                 <span class="header-title" id="header-folder-name">Файлы</span>
+                 <button onclick="Telegram.WebApp.close()">Закрыть</button>
+            </div>
+
+            <div class="main-content">
+                <div class="breadcrumbs" id="breadcrumbs-container"></div>
+
+                <div class="folder-actions">
+                    <input type="text" id="new-folder-name" placeholder="Имя новой папки">
+                    <button class="btn btn-folder" onclick="createFolder()">Создать</button>
+                </div>
+
+                <div class="upload-section">
+                     <label for="file-input" class="upload-label">
+                         <i class="fas fa-cloud-upload-alt"></i> Загрузить файлы
+                     </label>
+                     <input type="file" id="file-input" multiple onchange="uploadFiles(this.files)">
+                     <div id="progress-container"><div id="progress-bar"></div><div id="progress-text">0%</div></div>
+                </div>
+
+                <ul class="item-list" id="item-list-container">
+                    <!-- Items will be loaded here -->
+                </ul>
+                 <div class="empty-folder" id="empty-folder-indicator" style="display: none;">
+                     <p>Эта папка пуста.</p>
+                 </div>
+            </div>
+        </div>
     </div>
 
     <div class="modal" id="mediaModal" onclick="closeModal(event)">
@@ -335,530 +480,520 @@ HTML_TEMPLATE = """
 
     <script>
         const tg = window.Telegram.WebApp;
-        const appElement = document.getElementById('app');
-        const itemListElement = document.getElementById('item-list');
-        const breadcrumbsElement = document.getElementById('breadcrumbs');
-        const loadingOverlay = document.getElementById('loading-overlay');
-        const loadingText = document.getElementById('loading-text');
-        const uploadProgressText = document.getElementById('upload-progress-text');
-        const uploadInput = document.getElementById('upload-input');
-        const createFolderBtn = document.getElementById('create-folder-btn');
-        const userInfoHeader = document.getElementById('user-info-header');
-        const emptyFolderMessage = document.getElementById('empty-folder-message');
+        const loadingIndicator = document.getElementById('loading-indicator');
+        const errorIndicator = document.getElementById('error-indicator');
+        const errorMessageEl = document.getElementById('error-message');
+        const fileManagerEl = document.getElementById('file-manager');
+        const itemListContainer = document.getElementById('item-list-container');
+        const breadcrumbsContainer = document.getElementById('breadcrumbs-container');
+        const headerFolderName = document.getElementById('header-folder-name');
+        const backButton = document.getElementById('back-button');
+        const emptyFolderIndicator = document.getElementById('empty-folder-indicator');
 
         let currentFolderId = 'root';
-        let validatedInitData = null;
-        let currentUserInfo = null;
-
-        function showLoading(text = 'Загрузка...', showProgress = false) {
-            loadingText.textContent = text;
-            uploadProgressText.style.display = showProgress ? 'block' : 'none';
-            uploadProgressText.textContent = '';
-            loadingOverlay.style.display = 'flex';
-        }
+        let userSessionData = null; // To store user info after validation
+        let historyStack = [];
 
-        function hideLoading() {
-            loadingOverlay.style.display = 'none';
+        function showLoading() {
+            loadingIndicator.style.display = 'block';
+            errorIndicator.style.display = 'none';
+            fileManagerEl.style.display = 'none';
         }
 
-        function showAlert(message) {
-            tg.showAlert(message);
+        function showError(message) {
+            errorMessageEl.textContent = message || 'Произошла ошибка.';
+            loadingIndicator.style.display = 'none';
+            errorIndicator.style.display = 'block';
+            fileManagerEl.style.display = 'none';
+            tg.HapticFeedback.notificationOccurred('error');
         }
 
-        function showConfirm(message, callback) {
-            tg.showConfirm(message, (ok) => {
-                 if (ok && callback) callback();
-            });
+        function showFileManager() {
+            loadingIndicator.style.display = 'none';
+            errorIndicator.style.display = 'none';
+            fileManagerEl.style.display = 'block';
         }
 
-        function hapticFeedback(type = 'light') {
-             // types: light, medium, heavy, rigid, soft, error, success, warning
-             try {
-                if (type === 'error' || type === 'success' || type === 'warning') {
-                    tg.HapticFeedback.notificationOccurred(type);
-                } else {
-                    tg.HapticFeedback.impactOccurred(type);
-                }
-             } catch (e) { console.warn("Haptic feedback error:", e); }
-        }
-
-        async function apiCall(endpoint, method = 'POST', body = {}) {
-            showLoading('Обработка...');
-            if (!validatedInitData) {
-                showAlert('Ошибка: Сессия недей��твительна. Попробуйте перезапустить.');
-                hideLoading();
-                return null;
+        // --- API Interaction ---
+        async function apiRequest(endpoint, method = 'GET', body = null, isFormData = false) {
+            const headers = {};
+            if (!isFormData && body) {
+                headers['Content-Type'] = 'application/json';
             }
-            // Include initData for validation in each request
-            body.initData = validatedInitData;
+            // Include initData for backend validation in session
+            // headers['X-Telegram-Init-Data'] = tg.initData; // Optional: Send for re-validation if needed
 
             try {
                 const response = await fetch(endpoint, {
                     method: method,
-                    headers: { 'Content-Type': 'application/json' },
-                    body: JSON.stringify(body)
+                    headers: headers,
+                    body: isFormData ? body : (body ? JSON.stringify(body) : null)
                 });
-                hideLoading();
+
+                if (response.status === 401) { // Unauthorized
+                    showError("Сессия истекла или недействительна. Пожалуйста, перезапустите приложение.");
+                    userSessionData = null; // Clear session data
+                    return null;
+                }
+                 if (response.status === 403) { // Forbidden (e.g., hash validation failed on server)
+                     showError("Ошибка авторизации Telegram. Попробуйте перезапустить.");
+                     return null;
+                 }
+
                 if (!response.ok) {
-                    const errorData = await response.json().catch(() => ({ message: `HTTP Error ${response.status}` }));
-                    throw new Error(errorData.message || `Ошибка ${response.status}`);
+                    let errorMsg = `Ошибка ${response.status}`;
+                    try {
+                        const errorData = await response.json();
+                        errorMsg = errorData.message || errorMsg;
+                    } catch (e) { /* Ignore if error body is not JSON */ }
+                    throw new Error(errorMsg);
                 }
-                return await response.json();
-            } catch (error) {
-                console.error(`API call error (${endpoint}):`, error);
-                showAlert(`Ошибка: ${error.message}`);
-                hideLoading();
-                hapticFeedback('error');
-                return null;
-            }
-        }
 
-        function getItemIcon(item) {
-            if (item.type === 'folder') return '📁';
-            switch (item.file_type) {
-                case 'image': return '🖼️';
-                case 'video': return '🎬';
-                case 'audio': return '🎵';
-                case 'pdf': return '📄';
-                case 'text': return '📝';
-                default: return '❓';
-            }
-        }
+                // Handle different content types
+                 const contentType = response.headers.get("content-type");
+                 if (contentType && contentType.indexOf("application/json") !== -1) {
+                     return await response.json();
+                 } else {
+                     return await response.text(); // Or handle blob/other types if needed
+                 }
 
-        function getItemIconClass(item) {
-             if (item.type === 'folder') return 'folder';
-             return item.file_type || 'other';
+            } catch (error) {
+                console.error(`API Request Error (${endpoint}):`, error);
+                showError(`Сетевая ошибка или ошибка сервера: ${error.message}`);
+                throw error; // Re-throw to stop further processing in the caller
+            }
         }
 
-        function formatBytes(bytes, decimals = 1) {
-            if (bytes === 0) return '0 Bytes';
-            const k = 1024;
-            const dm = decimals < 0 ? 0 : decimals;
-            const sizes = ['Bytes', 'KB', 'MB', 'GB', 'TB'];
-            const i = Math.floor(Math.log(bytes) / Math.log(k));
-            return parseFloat((bytes / Math.pow(k, i)).toFixed(dm)) + ' ' + sizes[i];
-        }
+        // --- Filesystem Rendering ---
+         function getFileIconClass(fileType) {
+             switch (fileType) {
+                 case 'folder': return 'fas fa-folder';
+                 case 'image': return 'fas fa-file-image';
+                 case 'video': return 'fas fa-file-video';
+                 case 'pdf': return 'fas fa-file-pdf';
+                 case 'text': return 'fas fa-file-lines'; // Changed icon
+                 case 'audio': return 'fas fa-file-audio';
+                 case 'archive': return 'fas fa-file-archive';
+                 case 'doc': return 'fas fa-file-word';
+                 case 'xls': return 'fas fa-file-excel';
+                 case 'ppt': return 'fas fa-file-powerpoint';
+                 default: return 'fas fa-file-alt'; // Generic file icon
+             }
+         }
 
-        function renderItems(items) {
-            itemListElement.innerHTML = '';
-            if (!items || items.length === 0) {
-                 emptyFolderMessage.style.display = 'block';
+         function renderItems(items) {
+             itemListContainer.innerHTML = ''; // Clear previous items
+             if (!items || items.length === 0) {
+                 emptyFolderIndicator.style.display = 'block';
                  return;
-            }
-            emptyFolderMessage.style.display = 'none';
+             }
+             emptyFolderIndicator.style.display = 'none';
 
-            items.sort((a, b) => { // Folders first, then by name
+             items.sort((a, b) => {
                  if (a.type === 'folder' && b.type !== 'folder') return -1;
                  if (a.type !== 'folder' && b.type === 'folder') return 1;
                  const nameA = a.name || a.original_filename || '';
                  const nameB = b.name || b.original_filename || '';
                  return nameA.localeCompare(nameB, undefined, { numeric: true, sensitivity: 'base' });
-            });
-
-
-            items.forEach(item => {
-                const li = document.createElement('li');
-                li.className = 'item';
-                li.dataset.id = item.id;
-                li.dataset.type = item.type;
-                li.dataset.name = item.name || item.original_filename;
+             });
 
-                const icon = document.createElement('span');
-                icon.className = `item-icon ${getItemIconClass(item)}`;
-                icon.textContent = getItemIcon(item);
+             items.forEach(item => {
+                 const li = document.createElement('li');
+                 li.className = 'item';
+                 const name = item.type === 'folder' ? item.name : item.original_filename;
+                 const iconClass = getFileIconClass(item.type === 'folder' ? 'folder' : item.file_type);
+
+                 let actionsHtml = '';
+                 if (item.type === 'file') {
+                      actionsHtml += `<button class="btn btn-download" onclick="event.stopPropagation(); downloadFile('${item.id}', '${item.original_filename}');"><i class="fas fa-download"></i></button>`;
+                      const previewable = ['image', 'video', 'pdf', 'text'].includes(item.file_type);
+                      if (previewable) {
+                          const previewUrl = item.file_type === 'text'
+                              ? `/text_content/${item.id}`
+                              : `/download/${item.id}`; // Use download URL for preview for others
+                          actionsHtml += `<button class="btn btn-preview" onclick="event.stopPropagation(); openModal('${previewUrl}', '${item.file_type}', '${item.id}');"><i class="fas fa-eye"></i></button>`;
+                      }
+                      actionsHtml += `<button class="btn btn-delete" onclick="event.stopPropagation(); deleteItem('${item.id}', '${name}', 'file');"><i class="fas fa-trash"></i></button>`;
+                 } else { // Folder actions
+                      actionsHtml += `<button class="btn btn-delete" onclick="event.stopPropagation(); deleteItem('${item.id}', '${name}', 'folder');"><i class="fas fa-trash"></i></button>`;
+                 }
 
-                const details = document.createElement('div');
-                details.className = 'item-details';
 
-                const name = document.createElement('span');
-                name.className = 'item-name';
-                name.textContent = item.name || item.original_filename;
-                details.appendChild(name);
+                 li.innerHTML = `
+                     <i class="item-icon ${iconClass}"></i>
+                     <div class="item-details">
+                         <span class="item-name">${name}</span>
+                         ${item.type === 'file' ? `<span class="item-meta">${item.upload_date || ''}</span>` : ''}
+                     </div>
+                     <div class="item-actions">
+                         ${actionsHtml}
+                     </div>
+                 `;
 
-                const meta = document.createElement('span');
-                meta.className = 'item-meta';
-                let metaText = '';
-                 if (item.upload_date) {
-                    try {
-                         metaText += new Date(item.upload_date + "Z").toLocaleString('ru-RU', { day: '2-digit', month: '2-digit', year: 'numeric', hour: '2-digit', minute: '2-digit' });
-                    } catch(e){ metaText += item.upload_date; } // Fallback if date is weird
+                 if (item.type === 'folder') {
+                     li.onclick = () => navigateToFolder(item.id);
+                 } else {
+                      // Maybe open preview directly on item click?
+                      const previewable = ['image', 'video', 'pdf', 'text'].includes(item.file_type);
+                      if (previewable) {
+                           const previewUrl = item.file_type === 'text' ? `/text_content/${item.id}` : `/download/${item.id}`;
+                           li.onclick = () => openModal(previewUrl, item.file_type, item.id);
+                      } else {
+                          li.style.cursor = 'default'; // Non-previewable files
+                      }
                  }
-                 // Uncomment to show file size if available
-                 // if (item.size) { metaText += (metaText ? ' - ' : '') + formatBytes(item.size); }
-                meta.textContent = metaText || ' ';
-                details.appendChild(meta);
-
-
-                const actions = document.createElement('div');
-                actions.className = 'item-actions';
-
-                if (item.type === 'file') {
-                    const downloadBtn = document.createElement('button');
-                    downloadBtn.className = 'action-button download';
-                    downloadBtn.innerHTML = '💾'; // Download icon
-                    downloadBtn.title = 'Скачать';
-                    downloadBtn.onclick = (e) => {
-                        e.stopPropagation();
-                        handleDownload(item.id);
-                    };
-                    actions.appendChild(downloadBtn);
-
-                     // Preview button if applicable
-                     if (['image', 'video', 'pdf', 'text'].includes(item.file_type)) {
-                         const previewBtn = document.createElement('button');
-                         previewBtn.className = 'action-button preview';
-                         previewBtn.innerHTML = '👁️'; // Preview icon
-                         previewBtn.title = 'Просмотр';
-                         previewBtn.onclick = (e) => {
-                             e.stopPropagation();
-                             handlePreview(item);
-                         };
-                         actions.appendChild(previewBtn);
-                     }
-                }
+                 itemListContainer.appendChild(li);
+             });
+         }
 
-                const deleteBtn = document.createElement('button');
-                deleteBtn.className = 'action-button delete';
-                deleteBtn.innerHTML = '🗑️'; // Delete icon
-                deleteBtn.title = 'Удалить';
-                deleteBtn.onclick = (e) => {
-                    e.stopPropagation();
-                    handleDelete(item.id, item.type, item.name || item.original_filename);
-                };
-                actions.appendChild(deleteBtn);
-
-                li.appendChild(icon);
-                li.appendChild(details);
-                li.appendChild(actions);
-
-                li.onclick = () => handleItemClick(item);
-                itemListElement.appendChild(li);
-            });
-        }
+         function renderBreadcrumbs(path) {
+             breadcrumbsContainer.innerHTML = '';
+             path.forEach((crumb, index) => {
+                 if (index > 0) {
+                     breadcrumbsContainer.innerHTML += `<span>/</span>`;
+                 }
+                 if (index < path.length - 1) {
+                     const a = document.createElement('a');
+                     a.href = '#';
+                     a.textContent = crumb.name;
+                     a.onclick = (e) => {
+                         e.preventDefault();
+                         // Find the folder in history and navigate back
+                         const targetIndex = historyStack.findIndex(h => h.id === crumb.id);
+                         if (targetIndex > -1) {
+                              const historyToKeep = historyStack.slice(0, targetIndex + 1);
+                              historyStack = historyToKeep;
+                              const targetFolder = historyStack.pop(); // Remove current to force reload
+                              navigateToFolder(targetFolder.id, true); // true to skip adding to history again
+                         } else {
+                              navigateToFolder(crumb.id); // Should ideally not happen if path is from history
+                         }
+                     };
+                     breadcrumbsContainer.appendChild(a);
+                 } else {
+                     const span = document.createElement('span');
+                     span.textContent = crumb.name;
+                     breadcrumbsContainer.appendChild(span);
+                 }
+             });
+         }
 
-        function renderBreadcrumbs(breadcrumbs) {
-            breadcrumbsElement.innerHTML = '';
-            breadcrumbs.forEach((crumb, index) => {
-                if (index > 0) {
-                    const separator = document.createElement('span');
-                    separator.textContent = '/';
-                    breadcrumbsElement.appendChild(separator);
-                }
-                const btn = document.createElement('button');
-                btn.textContent = crumb.name === 'root' ? 'Главная' : crumb.name;
-                btn.dataset.id = crumb.id;
-                btn.onclick = () => navigateToFolder(crumb.id);
-                breadcrumbsElement.appendChild(btn);
-            });
-            // Scroll to end of breadcrumbs if they overflow
-            breadcrumbsElement.scrollLeft = breadcrumbsElement.scrollWidth;
-        }
 
-        async function loadFolder(folderId) {
-            currentFolderId = folderId;
-            const data = await apiCall('/api/list_items', 'POST', { folder_id: folderId });
-            if (data) {
-                renderItems(data.items || []);
-                renderBreadcrumbs(data.breadcrumbs || []);
-            } else {
-                // Handle error case, maybe show previous state or error message
-                renderItems([]); // Clear list on error
-                renderBreadcrumbs([{id: 'root', name: 'root'}]); // Reset breadcrumbs
-            }
-        }
+        // --- Navigation and Actions ---
+         async function loadFolderContent(folderId) {
+             currentFolderId = folderId;
+             showLoading(); // Show loading specifically for folder content
+             fileManagerEl.style.display = 'block'; // Ensure file manager is visible if previously hidden by error
+             errorIndicator.style.display = 'none'; // Hide error indicator
 
-        function navigateToFolder(folderId) {
-            hapticFeedback('light');
-            loadFolder(folderId);
-        }
 
-        function handleItemClick(item) {
-            if (item.type === 'folder') {
-                navigateToFolder(item.id);
-            } else {
-                 // Default file click action: Preview if possible
-                 if (['image', 'video', 'pdf', 'text'].includes(item.file_type)) {
-                     handlePreview(item);
+             try {
+                 const data = await apiRequest(`/filesystem/${folderId}`);
+                 if (data) {
+                     renderItems(data.items);
+                     renderBreadcrumbs(data.breadcrumbs);
+                     headerFolderName.textContent = data.current_folder_name || 'Файлы';
+                     backButton.style.visibility = folderId !== 'root' ? 'visible' : 'hidden';
+                     showFileManager(); // Ensure UI is shown after loading
                  } else {
-                     showAlert(`Предпросмотр для типа '${item.file_type}' не поддерживается.`);
+                      // Error handled by apiRequest, but maybe show specific folder load error?
+                      showError(`Не удалось загрузить содержимое папки ${folderId}.`);
                  }
+             } catch (error) {
+                  // Error is already shown by apiRequest
+                  // Ensure loading indicator is hidden if an error occurred during fetch
+                  loadingIndicator.style.display = 'none';
+             }
+         }
+
+         function navigateToFolder(folderId, skipHistory = false) {
+             if (!skipHistory) {
+                  const currentFolderData = { id: currentFolderId, name: headerFolderName.textContent };
+                  historyStack.push(currentFolderData);
+             }
+             loadFolderContent(folderId);
+         }
+
+        function goBack() {
+            if (historyStack.length > 0) {
+                const previousFolder = historyStack.pop();
+                loadFolderContent(previousFolder.id);
             }
         }
 
-        function handleDownload(itemId) {
-            hapticFeedback('light');
-            // Need to generate the URL server-side if auth is required,
-            // or just redirect if downloads are public/unauthenticated.
-            // Assuming unauthenticated download link for simplicity here.
-            window.open(`/download/${itemId}`, '_blank');
-            // Alternative using JS if needed, but direct link is simpler:
-            // fetch(`/download/${itemId}`) // This downloads in JS memory, not ideal
-            // .then(response => response.blob())
-            // .then(blob => { /* ... create object URL and trigger download ... */ });
-        }
+        async function createFolder() {
+            const folderNameInput = document.getElementById('new-folder-name');
+            const folderName = folderNameInput.value.trim();
+            if (!folderName) {
+                tg.showAlert('Пожалуйста, введите имя папки.');
+                return;
+            }
+            if (!/^[a-zA-Z0-9 _-]+$/.test(folderName)) {
+                 tg.showAlert('Имя папки может содержать буквы, цифры, пробелы, дефисы и подчеркивания.');
+                 return;
+            }
 
-        async function handlePreview(item) {
-             hapticFeedback('light');
-             let srcOrUrl;
-             if (item.file_type === 'text') {
-                 srcOrUrl = `/get_text_content/${item.id}`; // Use dedicated endpoint for text
-             } else {
-                 // Construct HF URL - needs REPO_ID from backend ideally
-                 // Fetching RepoID via a dedicated endpoint or passing during init might be needed.
-                 // Hardcoding for now, replace YOUR_HF_USERNAME/YOUR_HF_DATASET_REPO
-                 const repo_id_placeholder = "{{ REPO_ID }}";
-                 if (!item.path || repo_id_placeholder.startsWith("YOUR_")) {
-                      showAlert("Невозможно получить URL файла для предпросмотра.");
-                      return;
+            try {
+                 tg.MainButton.showProgress();
+                 const result = await apiRequest('/folder', 'POST', {
+                     parent_folder_id: currentFolderId,
+                     folder_name: folderName
+                 });
+                 if (result && result.status === 'success') {
+                     folderNameInput.value = ''; // Clear input
+                     loadFolderContent(currentFolderId); // Refresh
+                     tg.HapticFeedback.notificationOccurred('success');
+                 } else {
+                      tg.showAlert(result?.message || 'Не удалось создать папку.');
                  }
-                 srcOrUrl = `https://huggingface.co/datasets/${repo_id_placeholder}/resolve/main/${item.path}`;
-                 if(item.file_type === 'pdf') srcOrUrl += '?download=true'; // Required for PDF iframe
-             }
-             openModal(srcOrUrl, item.file_type, item.id);
+            } catch (error) {
+                 // Error message handled by apiRequest
+            } finally {
+                 tg.MainButton.hideProgress();
+            }
         }
 
-        function handleDelete(itemId, itemType, itemName) {
-            const typeText = itemType === 'folder' ? 'папку' : 'файл';
-            const confirmMsg = `Вы уверены, что хотите удалить ${typeText} "${itemName}"?`;
-
-            showConfirm(confirmMsg, async () => {
-                hapticFeedback('medium');
-                const result = await apiCall('/api/delete_item', 'POST', { item_id: itemId });
-                if (result && result.status === 'ok') {
-                    showAlert(`${typeText.charAt(0).toUpperCase() + typeText.slice(1)} "${itemName}" удален(а).`);
-                    hapticFeedback('success');
-                    // Find the list item and remove it visually
-                    const itemElement = itemListElement.querySelector(`.item[data-id="${itemId}"]`);
-                    if (itemElement) {
-                         itemElement.remove();
-                         if (itemListElement.children.length === 0) {
-                             emptyFolderMessage.style.display = 'block';
-                         }
-                    } else {
-                         loadFolder(currentFolderId); // Fallback refresh
-                    }
-                } else {
-                     showAlert(`Не удалось удалить ${typeText}. ${result?.message || ''}`);
-                     hapticFeedback('error');
-                }
-            });
+        function downloadFile(fileId, filename) {
+             // We can directly navigate to the download URL as the backend route handles auth via session
+             const downloadUrl = `/download/${fileId}`;
+             // Create a temporary link and click it
+             const link = document.createElement('a');
+             link.href = downloadUrl;
+             link.download = filename; // Suggest filename
+             document.body.appendChild(link);
+             link.click();
+             document.body.removeChild(link);
+             tg.HapticFeedback.impactOccurred('light');
         }
 
-        function handleCreateFolder() {
-            hapticFeedback('light');
-            tg.showPopup({
-                title: "Новая папка",
-                message: "Введите имя для новой папки:",
-                buttons: [
-                    { id: 'create', type: 'default', text: 'Создать' },
-                    { id: 'cancel', type: 'cancel', text: 'Отмена' },
-                ],
-                inputPlaceholder: "Имя папки"
-            }, async (buttonId, text) => {
-                if (buttonId === 'create' && text) {
-                    const folderName = text.trim();
-                    if (folderName) {
-                        hapticFeedback('medium');
-                        const result = await apiCall('/api/create_folder', 'POST', {
-                             parent_folder_id: currentFolderId,
-                             folder_name: folderName
-                        });
-                        if (result && result.status === 'ok') {
-                             showAlert(`Папка "${folderName}" создана.`);
-                             hapticFeedback('success');
-                             loadFolder(currentFolderId); // Refresh current folder view
-                        } else {
-                             hapticFeedback('error');
-                        }
-                    } else {
-                         showAlert("Имя папки не может быть пустым.");
-                    }
-                } else if (buttonId === 'create' && !text) {
-                    showAlert("Имя папки не может быть пустым.");
-                }
-            });
+        function deleteItem(itemId, itemName, itemType) {
+             const typeText = itemType === 'folder' ? 'папку' : 'файл';
+             tg.showConfirm(`Вы уверены, что хотите удалить ${typeText} "${itemName}"? ${itemType === 'folder' ? 'Папку можно удалить только если она пуста.' : ''}`, async (confirmed) => {
+                 if (confirmed) {
+                     try {
+                          tg.MainButton.showProgress();
+                          const endpoint = itemType === 'folder' ? `/folder/${itemId}` : `/file/${itemId}`;
+                          const result = await apiRequest(endpoint, 'DELETE');
+                          if (result && result.status === 'success') {
+                              loadFolderContent(currentFolderId); // Refresh list
+                              tg.HapticFeedback.notificationOccurred('success');
+                          } else {
+                               tg.showAlert(result?.message || `Не удалось удалить ${typeText}.`);
+                               tg.HapticFeedback.notificationOccurred('error');
+                          }
+                     } catch (error) {
+                          // Error handled by apiRequest
+                     } finally {
+                          tg.MainButton.hideProgress();
+                     }
+                 }
+             });
         }
 
-        function handleFileUpload(files) {
+        // --- File Upload ---
+        function uploadFiles(files) {
             if (!files || files.length === 0) return;
-            hapticFeedback('medium');
+            if (files.length > 20) {
+                 tg.showAlert('Можно загрузить не более 20 файлов за раз.');
+                 return;
+            }
 
-            // --- Use XMLHttpRequest for progress ---
-            const xhr = new XMLHttpRequest();
             const formData = new FormData();
-
-            formData.append('parent_folder_id', currentFolderId);
-            formData.append('initData', validatedInitData); // Add validation data
-
             for (let i = 0; i < files.length; i++) {
                 formData.append('files', files[i]);
             }
 
-             showLoading(`Загрузка ${files.length} файл(ов)...`, true);
+            const progressBar = document.getElementById('progress-bar');
+            const progressContainer = document.getElementById('progress-container');
+            const uploadLabel = document.querySelector('.upload-label'); // Select the label
+
+            progressContainer.style.display = 'block';
+            progressBar.style.width = '0%';
+            uploadLabel.style.opacity = '0.5'; // Indicate loading state on label
+            uploadLabel.style.pointerEvents = 'none'; // Disable clicking label during upload
+
+            const xhr = new XMLHttpRequest();
+            xhr.open('POST', `/upload/${currentFolderId}`, true);
+            // Pass initData for session validation if needed, though session should work
+            // xhr.setRequestHeader('X-Telegram-Init-Data', tg.initData);
 
             xhr.upload.addEventListener('progress', function(event) {
                 if (event.lengthComputable) {
                     const percentComplete = Math.round((event.loaded / event.total) * 100);
-                    uploadProgressText.textContent = percentComplete + '%';
+                    progressBar.style.width = percentComplete + '%';
                 }
             });
 
             xhr.addEventListener('load', function() {
-                hideLoading();
+                progressContainer.style.display = 'none';
+                 progressBar.style.width = '0%';
+                 uploadLabel.style.opacity = '1';
+                 uploadLabel.style.pointerEvents = 'auto';
+                 document.getElementById('file-input').value = ''; // Clear file input
+
                 if (xhr.status >= 200 && xhr.status < 300) {
-                    try {
-                        const response = JSON.parse(xhr.responseText);
-                        if (response.status === 'ok') {
-                             showAlert(`${response.uploaded_count || 0} файл(ов) загружено. ${response.errors && response.errors.length > 0 ? `Ошибок: ${response.errors.length}` : ''}`);
-                             hapticFeedback('success');
-                             loadFolder(currentFolderId); // Refresh view
-                        } else {
-                             throw new Error(response.message || 'Ошибка ответа се��вера');
-                        }
-                    } catch (e) {
-                         showAlert(`Ошибка обработки ответа сервера: ${e.message}`);
-                         hapticFeedback('error');
-                    }
-                } else {
-                    let errorMsg = `Ошибка загрузки (Статус: ${xhr.status})`;
-                    try {
-                        const errorData = JSON.parse(xhr.responseText);
-                        errorMsg += `: ${errorData.message || 'Нет деталей'}`;
-                    } catch(e) { /* ignore json parse error */ }
-                    showAlert(errorMsg);
-                    hapticFeedback('error');
+                     try {
+                         const result = JSON.parse(xhr.responseText);
+                         if (result.status === 'success') {
+                             tg.HapticFeedback.notificationOccurred('success');
+                              if (result.message) tg.showAlert(result.message); // Show partial success/error messages
+                             loadFolderContent(currentFolderId); // Refresh
+                         } else {
+                              tg.showAlert(result.message || 'Ошибка при загрузке файлов.');
+                              tg.HapticFeedback.notificationOccurred('error');
+                         }
+                     } catch (e) {
+                          tg.showAlert('Ошибка обработки ответа сервера после загрузки.');
+                          tg.HapticFeedback.notificationOccurred('error');
+                     }
+
+                } else if (xhr.status === 401 || xhr.status === 403) {
+                     showError("Ошибка авторизации при загрузке. Перезапустите приложение.");
+                }
+                 else {
+                     tg.showAlert(`Ошибка загрузки: ${xhr.statusText || 'Неизвестная ошибка'}`);
+                     tg.HapticFeedback.notificationOccurred('error');
                 }
-                 uploadInput.value = ''; // Clear input
             });
 
             xhr.addEventListener('error', function() {
-                hideLoading();
-                showAlert('Ошибка сети во время загрузки.');
-                hapticFeedback('error');
-                uploadInput.value = ''; // Clear input
+                tg.showAlert('Произошла ошибка сети во время загрузки.');
+                 progressContainer.style.display = 'none';
+                 progressBar.style.width = '0%';
+                 uploadLabel.style.opacity = '1';
+                 uploadLabel.style.pointerEvents = 'auto';
+                 document.getElementById('file-input').value = '';
+                 tg.HapticFeedback.notificationOccurred('error');
             });
 
              xhr.addEventListener('abort', function() {
-                 hideLoading();
-                 showAlert('Загрузка отменена.');
-                 uploadInput.value = ''; // Clear input
+                 // User likely cancelled file selection, or network abort
+                 console.log('Upload aborted');
+                 progressContainer.style.display = 'none';
+                 progressBar.style.width = '0%';
+                 uploadLabel.style.opacity = '1';
+                 uploadLabel.style.pointerEvents = 'auto';
+                 document.getElementById('file-input').value = '';
              });
 
-            xhr.open('POST', '/api/upload', true);
-            // No Content-Type header for FormData with files, browser sets it correctly
+
             xhr.send(formData);
         }
 
+        // --- Modal ---
+         const modal = document.getElementById('mediaModal');
+         const modalContent = document.getElementById('modalContent');
 
-        // --- Modal Logic ---
-        const modal = document.getElementById('mediaModal');
-        const modalContent = document.getElementById('modalContent');
-
-        async function openModal(srcOrUrl, type, itemId) {
-            modalContent.innerHTML = '<p style="padding: 20px; text-align: center;">Загрузка...</p>';
-            modal.style.display = 'flex';
+         async function openModal(srcOrUrl, type, itemId) {
+             modalContent.innerHTML = '<p style="text-align: center; padding: 20px;">Загрузка...</p>';
+             modal.style.display = 'flex'; // Use flex for centering
 
-            try {
-                if (type === 'image') {
-                    modalContent.innerHTML = `<img src="${srcOrUrl}" alt="Просмотр изображения">`;
-                } else if (type === 'video') {
-                    modalContent.innerHTML = `<video controls autoplay style='max-width: 95%; max-height: 85vh;'><source src="${srcOrUrl}" type="video/mp4">Ваш браузер не поддерживает видео.</video>`;
-                } else if (type === 'pdf') {
-                    modalContent.innerHTML = `<iframe src="${srcOrUrl}" title="Просмотр PDF"></iframe>`;
-                } else if (type === 'text') {
-                    const response = await fetch(srcOrUrl); // Uses the /get_text_content endpoint
-                    if (!response.ok) throw new Error(`Ошибка ${response.status}`);
-                    const text = await response.text();
-                    const escapedText = text.replace(/</g, "<").replace(/>/g, ">"); // Basic escaping
-                    modalContent.innerHTML = `<pre>${escapedText}</pre>`;
-                } else {
-                    modalContent.innerHTML = '<p style="padding: 20px; text-align: center;">Предпросмотр для этого типа файла не поддерживается.</p>';
-                }
-            } catch (error) {
-                 console.error("Error loading modal content:", error);
-                 modalContent.innerHTML = `<p style="padding: 20px; text-align: center;">Не удалось загрузить содержимое. ${error.message}</p>`;
-            }
-        }
+             try {
+                 if (type === 'image') {
+                     // Preload image
+                     const img = new Image();
+                     img.onload = () => { modalContent.innerHTML = ''; modalContent.appendChild(img); };
+                     img.onerror = () => { modalContent.innerHTML = '<p style="color: var(--ios-red); text-align: center; padding: 20px;">Не удалось загрузить изображение.</p>'; };
+                     img.src = srcOrUrl;
+                     img.alt = "Просмотр изображения";
+                 } else if (type === 'video') {
+                      // Use download URL directly for video source
+                     modalContent.innerHTML = `<video controls autoplay style='max-width: 95%; max-height: 85vh;'><source src="${srcOrUrl}?download=true" type="video/mp4">Ваш браузер не поддерживает видео.</video>`;
+                 } else if (type === 'pdf') {
+                      // Use download URL directly for iframe source
+                     modalContent.innerHTML = `<iframe src="${srcOrUrl}?download=true" title="Просмотр PDF"></iframe>`;
+                 } else if (type === 'text') {
+                     // Fetch text content using API endpoint
+                     const response = await fetch(srcOrUrl); // srcOrUrl is /text_content/id here
+                     if (!response.ok) throw new Error(`Ошибка загрузки текста: ${response.statusText}`);
+                     const text = await response.text();
+                      // Basic escaping for safety, though pre handles most
+                     const escapedText = text.replace(/</g, "<").replace(/>/g, ">");
+                     modalContent.innerHTML = `<pre>${escapedText}</pre>`;
+                 } else {
+                      modalContent.innerHTML = '<p>Предпросмотр для этого типа файла не поддерживается.</p>';
+                 }
+             } catch (error) {
+                  console.error("Error loading modal content:", error);
+                  modalContent.innerHTML = `<p style="color: var(--ios-red); text-align: center; padding: 20px;">Не удалось загрузить содержимое. ${error.message}</p>`;
+             }
+         }
 
-        function closeModal(event) {
-            if (event.target === modal) {
-                closeModalManual();
-            }
-        }
+         function closeModal(event) {
+             if (event.target === modal) { // Click outside content
+                 closeModalManual();
+             }
+         }
 
-        function closeModalManual() {
-             modal.style.display = 'none';
-             const video = modal.querySelector('video');
-             if (video) { video.pause(); video.src = ''; }
-             const iframe = modal.querySelector('iframe');
-             if (iframe) iframe.src = 'about:blank';
-             modalContent.innerHTML = '';
-        }
+         function closeModalManual() {
+              modal.style.display = 'none';
+              const video = modal.querySelector('video');
+              if (video) video.pause();
+              const iframe = modal.querySelector('iframe');
+              if (iframe) iframe.src = 'about:blank'; // Clear iframe
+              modalContent.innerHTML = ''; // Clear content
+         }
 
 
         // --- Initialization ---
-        tg.ready();
-        tg.expand();
-
-        // Apply theme colors
-        document.documentElement.style.setProperty('--tg-bg-color', tg.themeParams.bg_color || '#efeff4');
-        document.documentElement.style.setProperty('--tg-text-color', tg.themeParams.text_color || '#000000');
-        document.documentElement.style.setProperty('--tg-hint-color', tg.themeParams.hint_color || '#999999');
-        document.documentElement.style.setProperty('--tg-link-color', tg.themeParams.link_color || '#007aff');
-        document.documentElement.style.setProperty('--tg-button-color', tg.themeParams.button_color || '#007aff');
-        document.documentElement.style.setProperty('--tg-button-text-color', tg.themeParams.button_text_color || '#ffffff');
-        document.documentElement.style.setProperty('--tg-secondary-bg-color', tg.themeParams.secondary_bg_color || '#ffffff');
-        if (tg.colorScheme === 'dark') {
-            document.body.classList.add('dark');
-        }
-
-        // Add event listeners
-        uploadInput.addEventListener('change', (event) => handleFileUpload(event.target.files));
-        createFolderBtn.addEventListener('click', handleCreateFolder);
-
-
-        // --- Authentication and Initial Load ---
         async function initializeApp() {
-            showLoading("Авторизация...");
-            if (!tg.initData) {
-                 showAlert("Ошибка: Не удалось получить данные авторизации Telegram. Попробуйте перезапустить Mini App.");
-                 hideLoading();
-                 return;
-            }
-            validatedInitData = tg.initData; // Store the raw initData string
+            showLoading();
+            tg.ready();
+            tg.expand();
+
+            // Apply theme colors immediately
+             document.body.style.backgroundColor = tg.themeParams.bg_color || '#ffffff';
+             tg.setHeaderColor(tg.themeParams.secondary_bg_color || '#f1f1f1'); // Match header to secondary bg
+             if (tg.colorScheme === 'dark') {
+                  document.body.classList.add('dark');
+             }
 
-             // Validate on server
-            const validationResponse = await fetch('/validate', {
-                 method: 'POST',
-                 headers: { 'Content-Type': 'application/json' },
-                 body: JSON.stringify({ initData: validatedInitData })
+             // Add listener for theme changes
+             tg.onEvent('themeChanged', function() {
+                 document.body.style.backgroundColor = tg.themeParams.bg_color;
+                 tg.setHeaderColor(tg.themeParams.secondary_bg_color);
+                 if (tg.colorScheme === 'dark') {
+                     document.body.classList.add('dark');
+                 } else {
+                      document.body.classList.remove('dark');
+                 }
              });
 
-            if (!validationResponse.ok) {
-                 const errorData = await validationResponse.json().catch(() => ({message: 'Ошибка валидации на сервере'}));
-                 showAlert(`Ошибка авторизации: ${errorData.message || validationResponse.statusText}. Перезапустите приложение.`);
-                 hideLoading();
-                 validatedInitData = null; // Invalidate
-                 return;
-            }
 
-            const validationData = await validationResponse.json();
-            if (validationData.status !== 'ok' || !validationData.user || !validationData.user.id) {
-                 showAlert(`Ошибка авторизации: ${validationData.message || 'Неверные данные пользователя'}. Перезапустите приложение.`);
-                 hideLoading();
-                 validatedInitData = null; // Invalidate
+             if (!tg.initData || tg.initData.length === 0) {
+                 showError("Не удалось получить данные авторизации Telegram. Пожалуйста, запустите приложение внутри Telegram.");
                  return;
-            }
+             }
 
-            currentUserInfo = validationData.user; // Store validated user info
-            userInfoHeader.textContent = currentUserInfo.first_name || `User ${currentUserInfo.id}`;
-            hapticFeedback('success');
-            hideLoading(); // Hide auth loading
+             if (BOT_TOKEN === 'YOUR_BOT_TOKEN') {
+                 console.warn("Using placeholder BOT_TOKEN! Validation will likely fail on server.");
+                 // Optionally show a warning in UI for local dev?
+             }
 
-            // Initial folder load
-            loadFolder('root');
+             try {
+                 // Validate initData with the backend
+                 const validationResponse = await apiRequest('/validate_telegram', 'POST', { initData: tg.initData });
+
+                 if (validationResponse && validationResponse.status === 'ok') {
+                     userSessionData = validationResponse.user; // Store user data from backend response
+                     console.log("Telegram validation successful:", userSessionData);
+                     tg.HapticFeedback.notificationOccurred('success');
+                     // Load initial root folder content
+                     historyStack = []; // Reset history on fresh load
+                     await loadFolderContent('root');
+                 } else {
+                      showError(validationResponse?.message || "Ошибка валидации Telegram на сервере.");
+                 }
+             } catch (error) {
+                 // Error already shown by apiRequest or initial check
+                 console.error("Initialization failed:", error);
+             }
         }
 
+         // --- Global Constants ---
+         const BOT_TOKEN = "{{ bot_token_placeholder }}"; // Placeholder replaced by Flask
+
+        // Start the app
         initializeApp();
 
     </script>
@@ -870,440 +1005,446 @@ HTML_TEMPLATE = """
 
 @app.route('/')
 def index():
-    if BOT_TOKEN == 'YOUR_BOT_TOKEN' or REPO_ID.startswith("YOUR_"):
-         # Render a basic error page if essential config is missing
-         error_html = """<!DOCTYPE html><html><head><title>Config Error</title><meta name="viewport" content="width=device-width, initial-scale=1.0"></head>
-                      <body style='font-family: sans-serif; padding: 20px; background-color: #fcc; color: #a00;'>
-                      <h1>Ошибка Конфигурации Сервера</h1>
-                      <p>Необходимо установить переменные окружения <code>TELEGRAM_BOT_TOKEN</code> и <code>HF_REPO_ID</code> для работы приложения.</p>
-                      <p>Обратитесь к администратору.</p></body></html>"""
-         return Response(error_html, status=500, mimetype='text/html')
-    return Response(HTML_TEMPLATE.replace("{{ REPO_ID }}", REPO_ID), mimetype='text/html')
-
-@app.route('/validate', methods=['POST'])
+    """Serves the main Mini App HTML."""
+    # Replace placeholder in template - avoids exposing token directly in JS if inspected early
+    # Although, initData mechanism is the primary security layer.
+    html_content = HTML_TEMPLATE.replace("{{ bot_token_placeholder }}", "YOUR_BOT_TOKEN" if BOT_TOKEN == 'YOUR_BOT_TOKEN' else "HIDDEN")
+    return Response(html_content, mimetype='text/html')
+
+@app.route('/validate_telegram', methods=['POST'])
 def validate_telegram_data():
+    """Validates initData, creates user if new, and establishes session."""
+    if BOT_TOKEN == 'YOUR_BOT_TOKEN':
+         logging.warning("Attempting validation with placeholder BOT_TOKEN!")
+         # Return error immediately if token isn't set for production
+         # return jsonify({"status": "error", "message": "Server configuration error: Bot token not set."}), 500
+
     data = request.get_json()
     if not data or 'initData' not in data:
         return jsonify({"status": "error", "message": "Missing initData"}), 400
 
     init_data_string = data['initData']
-    validated_user_data = check_telegram_authorization(init_data_string, BOT_TOKEN)
+    validated_user_info = check_telegram_authorization(init_data_string, BOT_TOKEN)
+
+    if validated_user_info is not None and 'id' in validated_user_info:
+        user_id_str = str(validated_user_info['id'])
+        session['user_id'] = user_id_str
+        session['user_info'] = validated_user_info # Store full info if needed
 
-    if validated_user_data is not None and 'id' in validated_user_data:
-        user_id_str = str(validated_user_data['id'])
+        # Check if user exists, create if not
         all_data = load_data()
         if user_id_str not in all_data['users']:
-             logging.info(f"New user detected via validation: {user_id_str}. Initializing data structure.")
-             all_data['users'][user_id_str] = {
-                 'user_info': validated_user_data,
-                 'filesystem': initialize_user_filesystem(user_id_str),
-                 'created_at': datetime.now().strftime('%Y-%m-%d %H:%M:%S')
-             }
-             # Optionally trigger save immediately or rely on next operation/backup
-             # save_data(all_data) # Uncomment to save on first validation
+            logging.info(f"New user detected: {user_id_str}, Name: {validated_user_info.get('first_name')}")
+            all_data['users'][user_id_str] = {
+                'tg_info': validated_user_info,
+                'created_at': datetime.now().strftime('%Y-%m-%d %H:%M:%S'),
+                'filesystem': { "type": "folder", "id": "root", "name": "root", "children": [] }
+            }
+            try:
+                save_data(all_data)
+                logging.info(f"New user {user_id_str} saved.")
+            except Exception as e:
+                 logging.error(f"Failed to save new user {user_id_str}: {e}")
+                 # Should we proceed or return error? Let's proceed but log.
         else:
-            # Optionally update user_info if it changed (e.g., name, username)
-            all_data['users'][user_id_str]['user_info'] = validated_user_data
+            # Ensure filesystem exists for existing user (data integrity check)
+             if 'filesystem' not in all_data['users'][user_id_str] or not isinstance(all_data['users'][user_id_str]['filesystem'], dict):
+                 logging.warning(f"Filesystem missing or invalid for user {user_id_str}. Reinitializing.")
+                 initialize_user_filesystem(all_data['users'][user_id_str])
+                 # Optionally save immediately if structure was corrected
+                 # try: save_data(all_data)
+                 # except: logging.error(...)
+
+        return jsonify({"status": "ok", "user": validated_user_info})
+    else:
+        logging.warning("Telegram validation failed or user ID missing.")
+        session.clear() # Clear session on failed validation
+        return jsonify({"status": "error", "message": "Invalid Telegram data or expired session."}), 403
 
-        # Consider saving updated user_info if changed
-        # save_data(all_data)
+# --- Filesystem API Routes (Require Session) ---
 
-        return jsonify({"status": "ok", "user": validated_user_data})
-    else:
-        logging.warning(f"Validation failed for initData: {init_data_string[:100]}...")
-        return jsonify({"status": "error", "message": "Недействительные данные авторизации"}), 403
-
-# --- API Routes ---
-def get_validated_user(request_data):
-    if not request_data or 'initData' not in request_data: return None, "Missing initData"
-    init_data_string = request_data['initData']
-    validated_user = check_telegram_authorization(init_data_string, BOT_TOKEN)
-    if not validated_user or 'id' not in validated_user: return None, "Invalid or expired authorization"
-    return validated_user, None
-
-@app.route('/api/list_items', methods=['POST'])
-def list_items():
-    request_data = request.get_json()
-    validated_user, error_msg = get_validated_user(request_data)
-    if error_msg: return jsonify({"status": "error", "message": error_msg}), 403
-
-    user_id_str = str(validated_user['id'])
-    folder_id = request_data.get('folder_id', 'root')
-    all_data = load_data()
-    user_data = all_data['users'].get(user_id_str)
-
-    if not user_data: return jsonify({"status": "error", "message": "User data not found"}), 404
-    if 'filesystem' not in user_data: user_data['filesystem'] = initialize_user_filesystem(user_id_str)
-
-    current_folder, _ = find_node_by_id(user_data['filesystem'], folder_id)
-    if not current_folder or current_folder.get('type') != 'folder':
-        return jsonify({"status": "error", "message": "Folder not found"}), 404
+@app.before_request
+def check_session():
+    # Allow access to '/' and '/validate_telegram' without session
+    if request.endpoint in ['index', 'validate_telegram_data', 'static']:
+        return
+    # Allow download and text_content if accessed via specific means (e.g., direct link after initial auth)
+    # This is less secure than validating initData on each request, but simpler for downloads.
+    # Consider adding more robust checks if needed.
+    if request.endpoint in ['download_file_route', 'get_text_content_route']:
+         # Maybe check a temporary token here in the future?
+         # For now, just rely on the existing session from the main app load.
+         pass
+
+    if 'user_id' not in session:
+        logging.warning(f"Unauthorized access attempt to {request.endpoint}. No user_id in session.")
+        return jsonify({"status": "error", "message": "Unauthorized. Please relaunch the app."}), 401
+
+@app.route('/filesystem/<folder_id>', methods=['GET'])
+def get_folder_content(folder_id):
+    user_id = session.get('user_id')
+    if not user_id: return jsonify({"status": "error", "message": "Unauthorized"}), 401
+
+    data = load_data()
+    user_data = data['users'].get(user_id)
+    if not user_data or 'filesystem' not in user_data:
+        return jsonify({"status": "error", "message": "User data not found"}), 404
+
+    folder_node, _ = find_node_by_id(user_data['filesystem'], folder_id)
+    if not folder_node or folder_node.get('type') != 'folder':
+        # Try finding root if requested folder doesn't exist
+        folder_node, _ = find_node_by_id(user_data['filesystem'], 'root')
+        if not folder_node:
+             return jsonify({"status": "error", "message": "Root folder not found"}), 404
+        folder_id = 'root' # Reset to root
+
+
+    items_in_folder = sorted(folder_node.get('children', []), key=lambda x: (x.get('type', 'file') != 'folder', x.get('name', x.get('original_filename', '')).lower()))
 
     # Build breadcrumbs
     breadcrumbs = []
     temp_id = folder_id
-    safety_count = 0
-    while temp_id and safety_count < 20: # Prevent infinite loop
+    visited_bc = set()
+    while temp_id and temp_id not in visited_bc:
+        visited_bc.add(temp_id)
         node, parent = find_node_by_id(user_data['filesystem'], temp_id)
         if not node: break
-        breadcrumbs.append({'id': node['id'], 'name': node.get('name', 'Root' if node['id'] == 'root' else 'Unknown')})
+        breadcrumbs.append({'id': node['id'], 'name': node.get('name', 'Root')})
         if not parent: break
         temp_id = parent.get('id')
-        safety_count += 1
     breadcrumbs.reverse()
 
+
     return jsonify({
         "status": "ok",
-        "items": current_folder.get('children', []),
-        "breadcrumbs": breadcrumbs
+        "items": items_in_folder,
+        "breadcrumbs": breadcrumbs,
+        "current_folder_name": folder_node.get('name', 'Root'),
+        "current_folder_id": folder_id
     })
 
-@app.route('/api/create_folder', methods=['POST'])
-def api_create_folder():
-    request_data = request.get_json()
-    validated_user, error_msg = get_validated_user(request_data)
-    if error_msg: return jsonify({"status": "error", "message": error_msg}), 403
 
-    user_id_str = str(validated_user['id'])
-    parent_folder_id = request_data.get('parent_folder_id', 'root')
-    folder_name = request_data.get('folder_name', '').strip()
+@app.route('/folder', methods=['POST'])
+def create_folder_route():
+    user_id = session.get('user_id')
+    if not user_id: return jsonify({"status": "error", "message": "Unauthorized"}), 401
 
-    if not folder_name: return jsonify({"status": "error", "message": "Имя папки не может быть пустым"}), 400
-    # Basic validation for folder name
-    if not all(c.isalnum() or c in ' _-' for c in folder_name):
-         return jsonify({"status": "error", "message": "Имя папки содержит недопустимые символы"}), 400
+    req_data = request.get_json()
+    parent_folder_id = req_data.get('parent_folder_id', 'root')
+    folder_name = req_data.get('folder_name', '').strip()
 
-    all_data = load_data()
-    user_data = all_data['users'].get(user_id_str)
-    if not user_data: return jsonify({"status": "error", "message": "User data not found"}), 404
-    if 'filesystem' not in user_data: user_data['filesystem'] = initialize_user_filesystem(user_id_str)
+    if not folder_name:
+        return jsonify({'status': 'error', 'message': 'Имя папки не может быть пустым!'}), 400
+    if not folder_name.replace(' ', '').replace('_', '').replace('-', '').isalnum():
+         return jsonify({'status': 'error', 'message': 'Имя папки содержит недопустимые символы.'}), 400
+    if len(folder_name) > 50: # Limit length
+         return jsonify({'status': 'error', 'message': 'Имя папки слишком длинное.'}), 400
 
-
-    # Check if folder with same name already exists in parent
-    parent_node, _ = find_node_by_id(user_data['filesystem'], parent_folder_id)
-    if parent_node and parent_node.get('type') == 'folder':
-        existing_names = {child.get('name', '').lower() for child in parent_node.get('children', []) if child.get('type') == 'folder'}
-        if folder_name.lower() in existing_names:
-            return jsonify({"status": "error", "message": f"Папка с именем '{folder_name}' уже существует здесь"}), 409 # Conflict
+    data = load_data()
+    user_data = data['users'].get(user_id)
+    if not user_data: return jsonify({'status': 'error', 'message': 'User data not found'}), 404
 
     folder_id = uuid.uuid4().hex
-    folder_data = {'type': 'folder', 'id': folder_id, 'name': folder_name, 'children': []}
+    folder_data = { 'type': 'folder', 'id': folder_id, 'name': folder_name, 'children': [] }
 
     if add_node(user_data['filesystem'], parent_folder_id, folder_data):
         try:
-            save_data(all_data)
-            return jsonify({"status": "ok", "new_folder": folder_data})
+            save_data(data)
+            return jsonify({'status': 'success', 'message': f'Папка "{folder_name}" создана.'})
         except Exception as e:
-            logging.error(f"Create folder save error for user {user_id_str}: {e}")
-            # Attempt to rollback add_node? Difficult without deep copy.
-            return jsonify({"status": "error", "message": "Ошибка сохранения данных"}), 500
+            logging.error(f"Create folder save error for user {user_id}: {e}")
+            # Attempt to remove added node if save failed? Complex.
+            return jsonify({'status': 'error', 'message': 'Ошибка сохранения данных при создании папки.'}), 500
     else:
-        return jsonify({"status": "error", "message": "Не удалось найти родительскую папку"}), 404
+        return jsonify({'status': 'error', 'message': 'Не удалось найти родительскую папку.'}), 404
 
 
-@app.route('/api/upload', methods=['POST'])
-def api_upload():
-    init_data_string = request.form.get('initData')
-    validated_user = check_telegram_authorization(init_data_string, BOT_TOKEN)
-    if not validated_user or 'id' not in validated_user:
-        return jsonify({"status": "error", "message": "Invalid or expired authorization"}), 403
+@app.route('/upload/<folder_id>', methods=['POST'])
+def upload_file_route(folder_id):
+    user_id = session.get('user_id')
+    user_info = session.get('user_info', {})
+    user_identifier = user_info.get('username', user_id) # Use username in path if available, else ID
 
-    user_id_str = str(validated_user['id'])
-    parent_folder_id = request.form.get('parent_folder_id', 'root')
-    files = request.files.getlist('files')
+    if not user_id: return jsonify({"status": "error", "message": "Unauthorized"}), 401
+    if not HF_TOKEN_WRITE:
+        return jsonify({'status': 'error', 'message': 'Загрузка невозможна: токен HF для записи не настроен.'}), 503
 
-    if not files: return jsonify({"status": "error", "message": "Нет файлов для загрузки"}), 400
-    if not HF_TOKEN_WRITE or not REPO_ID:
-         return jsonify({"status": "error", "message": "Загрузка не настроена на сервере (нет токена/репозитория)"}), 503
+    files = request.files.getlist('files')
+    if not files or all(not f.filename for f in files):
+        return jsonify({'status': 'error', 'message': 'Файлы для загрузки не выбраны.'}), 400
+    if len(files) > 20:
+         return jsonify({'status': 'error', 'message': 'Максимум 20 файлов за раз!'}), 400
 
-    all_data = load_data()
-    user_data = all_data['users'].get(user_id_str)
-    if not user_data: return jsonify({"status": "error", "message": "User data not found"}), 404
-    if 'filesystem' not in user_data: user_data['filesystem'] = initialize_user_filesystem(user_id_str)
+    data = load_data()
+    user_data = data['users'].get(user_id)
+    if not user_data: return jsonify({'status': 'error', 'message': 'User data not found'}), 404
 
-    target_folder_node, _ = find_node_by_id(user_data['filesystem'], parent_folder_id)
+    target_folder_node, _ = find_node_by_id(user_data['filesystem'], folder_id)
     if not target_folder_node or target_folder_node.get('type') != 'folder':
-        return jsonify({"status": "error", "message": "Целевая папка не найдена"}), 404
+         return jsonify({'status': 'error', 'message': 'Целевая папка для загрузки не найдена!'}), 404
 
     api = HfApi()
     uploaded_count = 0
     errors = []
-    uploaded_files_metadata = []
+    save_needed = False
 
     for file in files:
         if file and file.filename:
             original_filename = secure_filename(file.filename)
+            if len(original_filename) > 100: # Limit filename length
+                 original_filename = original_filename[:97] + '...'
+
             name_part, ext_part = os.path.splitext(original_filename)
-            unique_suffix = uuid.uuid4().hex[:8]
+            unique_suffix = uuid.uuid4().hex[:6]
             unique_filename = f"{name_part}_{unique_suffix}{ext_part}"
             file_id = uuid.uuid4().hex
-            hf_path = f"cloud_files/{user_id_str}/{parent_folder_id}/{unique_filename}" # Include user_id and folder_id
+
+            # Use user_id in the HF path for uniqueness
+            hf_path = f"cloud_files/{user_id}/{folder_id}/{unique_filename}"
             temp_path = os.path.join(UPLOAD_FOLDER, f"{file_id}_{unique_filename}")
 
             try:
                 file.save(temp_path)
-                logging.info(f"Uploading {original_filename} (as {unique_filename}) to {hf_path} for user {user_id_str}")
                 api.upload_file(
-                    path_or_fileobj=temp_path, path_in_repo=hf_path, repo_id=REPO_ID, repo_type="dataset", token=HF_TOKEN_WRITE,
-                    commit_message=f"User {user_id_str} uploaded {original_filename} to folder {parent_folder_id}"
+                    path_or_fileobj=temp_path, path_in_repo=hf_path, repo_id=REPO_ID,
+                    repo_type="dataset", token=HF_TOKEN_WRITE,
+                    commit_message=f"TG User {user_identifier} ({user_id}) uploaded {original_filename} to folder {folder_id}"
                 )
-                logging.info(f"Successfully uploaded {hf_path}")
-
                 file_info = {
                     'type': 'file', 'id': file_id, 'original_filename': original_filename,
                     'unique_filename': unique_filename, 'path': hf_path,
                     'file_type': get_file_type(original_filename),
-                    'upload_date': datetime.now().strftime('%Y-%m-%d %H:%M:%S'),
-                    # 'size': os.path.getsize(temp_path) # Optionally add size
+                    'upload_date': datetime.now().strftime('%Y-%m-%d %H:%M:%S')
                 }
-                uploaded_files_metadata.append(file_info) # Store metadata even if adding node fails later
-
+                if add_node(user_data['filesystem'], folder_id, file_info):
+                    uploaded_count += 1
+                    save_needed = True
+                else:
+                    errors.append(f"Ошибка добавления метаданных для {original_filename}.")
+                    logging.error(f"Failed to add node metadata for file {file_id} to folder {folder_id} for user {user_id}")
+                    # Attempt to delete orphaned file from HF
+                    try: api.delete_file(path_in_repo=hf_path, repo_id=REPO_ID, repo_type="dataset", token=HF_TOKEN_WRITE)
+                    except Exception as del_err: logging.error(f"Failed to delete orphaned file {hf_path}: {del_err}")
             except Exception as e:
-                logging.error(f"Error uploading file {original_filename} for user {user_id_str}: {e}")
-                errors.append(f"Ошибка '{original_filename}': {e}")
+                logging.error(f"Error uploading file {original_filename} for {user_id}: {e}")
+                errors.append(f"Ошибка загрузки {original_filename}: {str(e)[:100]}") # Limit error msg length
             finally:
                 if os.path.exists(temp_path):
-                    os.remove(temp_path)
-
-    # Add metadata to filesystem and save ONCE after all uploads attempt
-    added_to_db_count = 0
-    save_error = None
-    if uploaded_files_metadata:
-        for file_info in uploaded_files_metadata:
-            if add_node(user_data['filesystem'], parent_folder_id, file_info):
-                added_to_db_count += 1
-            else:
-                errors.append(f"Ошибка добавления метаданных для {file_info['original_filename']}")
-                logging.error(f"Failed to add node metadata for file {file_info['id']} for user {user_id_str}")
-                # Consider attempting to delete the orphaned file from HF here? Complex.
+                    try: os.remove(temp_path)
+                    except Exception as rm_err: logging.error(f"Error removing temp file {temp_path}: {rm_err}")
 
-        if added_to_db_count > 0:
+    response_message = ""
+    if uploaded_count > 0:
+        response_message += f'{uploaded_count} файл(ов) успешно загружено. '
+        if save_needed:
             try:
-                save_data(all_data)
+                save_data(data)
             except Exception as e:
-                 save_error = f"Ошибка сохранения данных: {e}"
-                 logging.error(f"Error saving data after upload for user {user_id_str}: {e}")
-                 errors.append(save_error)
+                 response_message += 'Ошибка сохранения метаданных. '
+                 logging.error(f"Error saving data after upload for {user_id}: {e}")
+    if errors:
+        response_message += "Ошибки: " + "; ".join(errors)
 
-    uploaded_count = len(uploaded_files_metadata)
+    status = 'success' if uploaded_count > 0 else 'error'
+    if uploaded_count > 0 and errors: status = 'partial_success' # Indicate partial success
 
-    return jsonify({
-        "status": "ok",
-        "uploaded_count": uploaded_count,
-        "db_added_count": added_to_db_count,
-        "errors": errors
-    })
+    return jsonify({'status': status, 'message': response_message.strip()})
 
 
-@app.route('/api/delete_item', methods=['POST'])
-def api_delete_item():
-    request_data = request.get_json()
-    validated_user, error_msg = get_validated_user(request_data)
-    if error_msg: return jsonify({"status": "error", "message": error_msg}), 403
-
-    user_id_str = str(validated_user['id'])
-    item_id = request_data.get('item_id')
-    if not item_id: return jsonify({"status": "error", "message": "Missing item_id"}), 400
-
-    all_data = load_data()
-    user_data = all_data['users'].get(user_id_str)
-    if not user_data: return jsonify({"status": "error", "message": "User data not found"}), 404
-    if 'filesystem' not in user_data: return jsonify({"status": "error", "message": "Filesystem not found"}), 500
-
-    item_node, parent_node = find_node_by_id(user_data['filesystem'], item_id)
-
-    if not item_node: return jsonify({"status": "error", "message": "Элемент не найден"}), 404
-    if item_id == 'root': return jsonify({"status": "error", "message": "Нельзя удалить корневой элемент"}), 400
-
-    item_type = item_node.get('type')
-    item_name = item_node.get('name', item_node.get('original_filename', 'элемент'))
-
-    # Handle folder deletion
-    if item_type == 'folder':
-        if item_node.get('children'):
-             return jsonify({"status": "error", "message": f"Папку '{item_name}' можно удалить только если она пуста"}), 400
-        # Just remove from DB
-        if remove_node(user_data['filesystem'], item_id):
-             try:
-                 save_data(all_data)
-                 logging.info(f"User {user_id_str} deleted empty folder {item_name} (ID: {item_id})")
-                 return jsonify({"status": "ok", "message": f"Папка '{item_name}' удалена"})
-             except Exception as e:
-                 logging.error(f"Delete empty folder save error for user {user_id_str}: {e}")
-                 # Rollback? Difficult.
-                 return jsonify({"status": "error", "message": "Ошибка сохранения после удаления папки"}), 500
-        else:
-             return jsonify({"status": "error", "message": "Не удалось удалить папку из структуры"}), 500
+@app.route('/download/<file_id>')
+def download_file_route(file_id):
+    user_id = session.get('user_id')
+    if not user_id: return Response("Unauthorized", status=401)
+    if not HF_TOKEN_READ: return Response("Server configuration error: Read token missing", status=503)
 
-    # Handle file deletion
-    elif item_type == 'file':
-        hf_path = item_node.get('path')
-        if not hf_path:
-             logging.warning(f"File {item_name} (ID: {item_id}) for user {user_id_str} has no path. Removing only metadata.")
-             if remove_node(user_data['filesystem'], item_id):
-                 try: save_data(all_data); return jsonify({"status": "ok", "message": f"Метаданные файла '{item_name}' удалены (путь отсутствовал)"})
-                 except Exception as e: return jsonify({"status": "error", "message": "Ошибка сохранения после удаления метаданных"}), 500
-             else: return jsonify({"status": "error", "message": "Не удалось удалить метаданные файла"}), 500
+    data = load_data()
+    user_data = data['users'].get(user_id)
+    if not user_data: return Response("User data not found", status=404)
 
-        if not HF_TOKEN_WRITE or not REPO_ID:
-            return jsonify({"status": "error", "message": "Удаление файлов не настроено на сервере"}), 503
+    file_node, _ = find_node_by_id(user_data['filesystem'], file_id)
+    if not file_node or file_node.get('type') != 'file':
+         return Response("File not found", status=404)
 
+    hf_path = file_node.get('path')
+    original_filename = file_node.get('original_filename', 'downloaded_file')
+    if not hf_path: return Response("Error: File path missing", status=500)
+
+    file_url = f"https://huggingface.co/datasets/{REPO_ID}/resolve/main/{hf_path}?download=true"
+    try:
+        headers = {"authorization": f"Bearer {HF_TOKEN_READ}"}
+        response = requests.get(file_url, headers=headers, stream=True, timeout=60) # Added timeout
+        response.raise_for_status()
+
+        # Stream response for potentially large files
+        def generate():
+            for chunk in response.iter_content(chunk_size=8192):
+                yield chunk
+
+        return Response(generate(), mimetype='application/octet-stream', headers={
+            "Content-Disposition": f"attachment; filename*=UTF-8''{secure_filename(original_filename)}"
+        })
+
+    except requests.exceptions.RequestException as e:
+        logging.error(f"Error downloading file from HF ({hf_path}) for user {user_id}: {e}")
+        return Response(f'Download error: {e}', status=502)
+    except Exception as e:
+        logging.error(f"Unexpected error during download ({hf_path}) for user {user_id}: {e}")
+        return Response('Internal server error during download', status=500)
+
+
+@app.route('/file/<file_id>', methods=['DELETE'])
+def delete_file_route(file_id):
+    user_id = session.get('user_id')
+    user_info = session.get('user_info', {})
+    user_identifier = user_info.get('username', user_id)
+    if not user_id: return jsonify({"status": "error", "message": "Unauthorized"}), 401
+    if not HF_TOKEN_WRITE:
+         return jsonify({'status': 'error', 'message': 'Удаление невозможно: токен HF для записи не настроен.'}), 503
+
+    data = load_data()
+    user_data = data['users'].get(user_id)
+    if not user_data: return jsonify({'status': 'error', 'message': 'User data not found'}), 404
+
+    file_node, parent_node = find_node_by_id(user_data['filesystem'], file_id)
+    if not file_node or file_node.get('type') != 'file' or not parent_node:
+        return jsonify({'status': 'error', 'message': 'Файл не найден.'}), 404
+
+    hf_path = file_node.get('path')
+    original_filename = file_node.get('original_filename', 'файл')
+
+    delete_from_hf = True
+    if not hf_path:
+        logging.warning(f"HF path missing for file {file_id} user {user_id}. Deleting only metadata.")
+        delete_from_hf = False
+
+    if delete_from_hf:
         try:
             api = HfApi()
-            logging.info(f"Attempting to delete HF file {hf_path} for user {user_id_str}")
             api.delete_file(
                 path_in_repo=hf_path, repo_id=REPO_ID, repo_type="dataset", token=HF_TOKEN_WRITE,
-                commit_message=f"User {user_id_str} deleted file {item_name} (ID: {item_id})"
+                commit_message=f"TG User {user_identifier} ({user_id}) deleted file {original_filename}"
             )
-            logging.info(f"Successfully deleted HF file {hf_path}")
-
+            logging.info(f"Deleted file {hf_path} from HF Hub for user {user_id}")
         except hf_utils.EntryNotFoundError:
-            logging.warning(f"File {hf_path} not found on HF Hub during delete attempt for user {user_id_str}. Removing from DB.")
+            logging.warning(f"File {hf_path} not found on HF Hub during delete for user {user_id}.")
         except Exception as e:
-            logging.error(f"Error deleting file {hf_path} from HF for user {user_id_str}: {e}")
-            # Don't delete from DB if HF deletion failed unexpectedly
-            return jsonify({"status": "error", "message": f"Ошибка удаления файла с сервера: {e}"}), 500
-
-        # If HF deletion successful or file not found on HF, remove from DB
-        if remove_node(user_data['filesystem'], item_id):
-            try:
-                save_data(all_data)
-                return jsonify({"status": "ok", "message": f"Файл '{item_name}' удален"})
-            except Exception as e:
-                 logging.error(f"Delete file DB update error for user {user_id_str}: {e}")
-                 return jsonify({"status": "error", "message": "Ошибка сохранения после удаления файла"}), 500
-        else:
-            # This case should be rare if find_node_by_id worked initially
-            return jsonify({"status": "error", "message": "Не удалось удалить файл из структуры после операции на сервере"}), 500
+            logging.error(f"Error deleting file {hf_path} from HF for {user_id}: {e}")
+            return jsonify({'status': 'error', 'message': f'Ошибка удаления файла с сервера: {str(e)[:100]}'}), 500
 
+    # Always try to remove from DB
+    if remove_node(user_data['filesystem'], file_id):
+        try:
+            save_data(data)
+            return jsonify({'status': 'success', 'message': f'Файл {original_filename} удален.'})
+        except Exception as e:
+            logging.error(f"Delete file DB save error for user {user_id}: {e}")
+            return jsonify({'status': 'error', 'message': 'Файл удален с сервера (если был), но ошибка сохранения базы.'}), 500
     else:
-        return jsonify({"status": "error", "message": "Неизвестный тип элемента"}), 400
-
+         # This case should ideally not happen if file_node was found earlier
+         logging.error(f"Failed to remove node {file_id} from filesystem structure for user {user_id} after finding it initially.")
+         return jsonify({'status': 'error', 'message': 'Ошибка удаления файла из структуры данных.'}), 500
 
-# --- Direct Access Routes (Download/Preview) ---
-# WARNING: These endpoints currently LACK AUTHORIZATION.
-# In a real application, you MUST implement secure access control,
-# e.g., using short-lived signed URLs or token-based authentication.
 
-def find_file_globally(file_id):
-     """Finds a file node by ID across all users. Use with extreme caution."""
-     all_data = load_data()
-     for user_id, user_data in all_data.get('users', {}).items():
-         if 'filesystem' in user_data:
-             file_node, _ = find_node_by_id(user_data['filesystem'], file_id)
-             if file_node and file_node.get('type') == 'file':
-                 return file_node, user_id # Return node and owner ID
-     return None, None
+@app.route('/folder/<folder_id>', methods=['DELETE'])
+def delete_folder_route(folder_id):
+    user_id = session.get('user_id')
+    if not user_id: return jsonify({"status": "error", "message": "Unauthorized"}), 401
+    if folder_id == 'root': return jsonify({'status': 'error', 'message': 'Нельзя удалить корневую папку!'}), 400
 
-@app.route('/download/<file_id>')
-def download_file_unauth(file_id):
-    file_node, owner_id = find_file_globally(file_id)
-    if not file_node:
-        return Response("Файл не найден", status=404)
+    data = load_data()
+    user_data = data['users'].get(user_id)
+    if not user_data: return jsonify({'status': 'error', 'message': 'User data not found'}), 404
 
-    hf_path = file_node.get('path')
-    original_filename = file_node.get('original_filename', f'download_{file_id}')
-    if not hf_path or not REPO_ID:
-        return Response("Ошибка сервера: Путь к файлу или репозиторий не настроен", status=500)
+    folder_node, parent_node = find_node_by_id(user_data['filesystem'], folder_id)
+    if not folder_node or folder_node.get('type') != 'folder' or not parent_node:
+        return jsonify({'status': 'error', 'message': 'Папка не найдена.'}), 404
 
-    file_url = f"https://huggingface.co/datasets/{REPO_ID}/resolve/main/{quote(hf_path)}?download=true"
-    logging.info(f"Attempting unauthenticated download for file ID {file_id} (Owner: {owner_id}) from URL: {file_url}")
+    folder_name = folder_node.get('name', 'папка')
+    if folder_node.get('children'):
+        return jsonify({'status': 'error', 'message': f'Папку "{folder_name}" можно удалить только если она пуста.'}), 400
 
-    try:
-        headers = {}
-        if HF_TOKEN_READ: headers["authorization"] = f"Bearer {HF_TOKEN_READ}"
-        response = requests.get(file_url, headers=headers, stream=True, timeout=60)
-        response.raise_for_status()
+    if remove_node(user_data['filesystem'], folder_id):
+        try:
+            save_data(data)
+            return jsonify({'status': 'success', 'message': f'Папка "{folder_name}" удалена.'})
+        except Exception as e:
+            logging.error(f"Delete empty folder save error for user {user_id}: {e}")
+            # Attempt to add node back? Difficult state to recover.
+            return jsonify({'status': 'error', 'message': 'Ошибка сохранения данных после удаления папки.'}), 500
+    else:
+        logging.error(f"Failed to remove folder node {folder_id} for user {user_id} after finding it.")
+        return jsonify({'status': 'error', 'message': 'Ошибка удаления папки из структуры данных.'}), 500
 
-        # Stream response if large? For simplicity, load into BytesIO first
-        file_content = BytesIO(response.content)
-        return send_file(
-            file_content, as_attachment=True, download_name=original_filename,
-            mimetype='application/octet-stream' # Generic mimetype
-        )
-    except requests.exceptions.RequestException as e:
-        logging.error(f"Error downloading file from HF ({hf_path}): {e}")
-        return Response(f"Ошибка скачивания файла: {e}", status=502)
-    except Exception as e:
-        logging.error(f"Unexpected error during download ({hf_path}): {e}")
-        return Response("Внутренняя ошибка сервера при скачивании", status=500)
+@app.route('/text_content/<file_id>')
+def get_text_content_route(file_id):
+    user_id = session.get('user_id')
+    if not user_id: return Response("Unauthorized", status=401)
+    if not HF_TOKEN_READ: return Response("Server configuration error: Read token missing", status=503)
 
+    data = load_data()
+    user_data = data['users'].get(user_id)
+    if not user_data: return Response("User data not found", status=404)
 
-@app.route('/get_text_content/<file_id>')
-def get_text_content_unauth(file_id):
-    file_node, owner_id = find_file_globally(file_id)
-    if not file_node or file_node.get('file_type') != 'text':
-        return Response("Текстовый файл не найден", status=404)
+    file_node, _ = find_node_by_id(user_data['filesystem'], file_id)
+    if not file_node or file_node.get('type') != 'file' or file_node.get('file_type') != 'text':
+        return Response("Text file not found", status=404)
 
     hf_path = file_node.get('path')
-    if not hf_path or not REPO_ID:
-        return Response("Ошибка сервера: Путь к файлу или репозиторий не настроен", status=500)
-
-    file_url = f"https://huggingface.co/datasets/{REPO_ID}/resolve/main/{quote(hf_path)}?download=true"
-    logging.info(f"Attempting unauthenticated text preview for file ID {file_id} (Owner: {owner_id}) from URL: {file_url}")
+    if not hf_path: return Response("Error: File path missing", status=500)
 
+    file_url = f"https://huggingface.co/datasets/{REPO_ID}/resolve/main/{hf_path}?download=true"
     try:
-        headers = {}
-        if HF_TOKEN_READ: headers["authorization"] = f"Bearer {HF_TOKEN_READ}"
+        headers = {"authorization": f"Bearer {HF_TOKEN_READ}"}
         response = requests.get(file_url, headers=headers, timeout=30)
         response.raise_for_status()
-
-        if len(response.content) > 2 * 1024 * 1024: # Limit preview size (e.g., 2MB)
-             return Response("Файл слишком большой для предпросмотра.", status=413)
-
-        # Try decoding with common encodings
-        text_content = None
+        if len(response.content) > 1 * 1024 * 1024: # 1MB limit for preview
+             return Response("File too large for preview.", status=413)
         try: text_content = response.content.decode('utf-8')
-        except UnicodeDecodeError:
-            try: text_content = response.content.decode('windows-1251')
-            except UnicodeDecodeError:
-                 try: text_content = response.content.decode('latin-1')
-                 except Exception: return Response("Не удалось определить кодировку файла.", status=500)
-
+        except UnicodeDecodeError: text_content = response.content.decode('latin-1', errors='replace')
         return Response(text_content, mimetype='text/plain; charset=utf-8')
-
     except requests.exceptions.RequestException as e:
-        logging.error(f"Error fetching text content from HF ({hf_path}): {e}")
-        return Response(f"Ошибка загрузки содержимого: {e}", status=502)
+        logging.error(f"Error fetching text content from HF ({hf_path}) for user {user_id}: {e}")
+        return Response(f"Error loading content: {e}", status=502)
     except Exception as e:
-        logging.error(f"Unexpected error fetching text content ({hf_path}): {e}")
-        return Response("Внутренняя ошибка сервера при получении текста", status=500)
+        logging.error(f"Unexpected error fetching text content ({hf_path}) for user {user_id}: {e}")
+        return Response("Internal server error", status=500)
 
 
-# --- Server Start ---
+# --- Main Execution ---
 if __name__ == '__main__':
     if BOT_TOKEN == 'YOUR_BOT_TOKEN':
-        logging.critical("!!! TELEGRAM_BOT_TOKEN is not set or uses placeholder. Validation WILL FAIL. !!!")
+        logging.warning("*"*60)
+        logging.warning("WARNING: Using placeholder Telegram BOT_TOKEN!")
+        logging.warning("Telegram validation will likely FAIL.")
+        logging.warning("Set the TELEGRAM_BOT_TOKEN environment variable.")
+        logging.warning("*"*60)
     if not HF_TOKEN_WRITE:
-        logging.warning("!!! HF_TOKEN (write access) is not set. File uploads, deletions, and backups will fail. !!!")
+        logging.warning("HF_TOKEN (write access) is not set. Uploads, deletions, backups will fail.")
     if not HF_TOKEN_READ:
-        logging.warning("HF_TOKEN_READ is not set. Using HF_TOKEN (write) for reads. Downloads/previews might fail for private repos if HF_TOKEN is also not set.")
-    if not REPO_ID or REPO_ID.startswith("YOUR_"):
-        logging.critical(f"!!! HF_REPO_ID is not set or uses placeholder ('{REPO_ID}'). Application needs a valid Hugging Face dataset repository ID. !!!")
-
-    # Initial DB download and start backup thread only if configured
-    if HF_TOKEN_WRITE and HF_TOKEN_READ and REPO_ID and not REPO_ID.startswith("YOUR_"):
-        logging.info("Performing initial database download...")
-        download_db_from_hf() # Attempt download first
-        if not os.path.exists(DATA_FILE): # If download failed or file absent, create empty
-             with open(DATA_FILE, 'w', encoding='utf-8') as f: json.dump({'users': {}}, f)
-             logging.info(f"Created empty local database file: {DATA_FILE}")
-        threading.Thread(target=periodic_backup, daemon=True).start()
-        logging.info("Periodic backup thread started (every 30 min).")
-    elif HF_TOKEN_READ and REPO_ID and not REPO_ID.startswith("YOUR_"):
-         logging.info("Read-only mode: Performing initial database download.")
-         download_db_from_hf()
-         if not os.path.exists(DATA_FILE):
-             logging.warning(f"Could not download DB and file {DATA_FILE} does not exist locally. Starting with empty state (read-only).")
-             # Don't create the file in read-only to avoid confusion
+        logging.warning("HF_TOKEN_READ is not set (or HF_TOKEN). Downloads/previews might fail.")
+    if not FLASK_SECRET_KEY or FLASK_SECRET_KEY == "supersecretkey_mini_app_unique":
+         logging.warning("Using default/insecure FLASK_SECRET_KEY. Set a strong secret key via environment variable.")
+
+    # Start periodic backup in a separate thread if write token exists
+    if HF_TOKEN_WRITE:
+        logging.info("Attempting initial database download before starting periodic backup.")
+        download_db_from_hf() # Load the latest DB before starting
+        backup_thread = threading.Thread(target=periodic_backup, daemon=True)
+        backup_thread.start()
+        logging.info("Periodic backup thread started.")
     else:
-         logging.warning("HF tokens/repo not fully configured. Database operations with Hugging Face Hub are limited or disabled.")
-         if not os.path.exists(DATA_FILE):
-             with open(DATA_FILE, 'w', encoding='utf-8') as f: json.dump({'users': {}}, f)
-             logging.info(f"Created empty local database file: {DATA_FILE}")
+        logging.warning("Periodic backup disabled (HF_TOKEN_WRITE not set).")
+        # Still try to download if read token exists
+        if HF_TOKEN_READ:
+             logging.info("Attempting initial database download (read-only access).")
+             download_db_from_hf()
+        else:
+             logging.warning("No read/write HF tokens. HF DB operations disabled.")
+             # Ensure local file exists if no download possible
+             if not os.path.exists(DATA_FILE):
+                 with open(DATA_FILE, 'w', encoding='utf-8') as f: json.dump({'users': {}}, f)
+
+    logging.info(f"Starting Flask server for Telegram Mini App on 0.0.0.0:7860")
+    app.run(host='0.0.0.0', port=7860, debug=False) # debug=False for production
 
-    logging.info(f"Starting Flask server on {HOST}:{PORT}")
-    # Use waitress or gunicorn for production instead of debug=True
-    # from waitress import serve
-    # serve(app, host=HOST, port=PORT)
-    app.run(host=HOST, port=PORT, debug=False) # debug=False is crucial for production
\ No newline at end of file
+# --- END OF FILE app.py ---
\ No newline at end of file