diff --git "a/app.py" "b/app.py"
--- "a/app.py"
+++ "b/app.py"
@@ -2,9 +2,11 @@ import os
 import hmac
 import hashlib
 import json
-from urllib.parse import unquote, parse_qsl
-from flask import Flask, request, jsonify, Response, session, redirect, url_for, flash, render_template_string, send_file
+from urllib.parse import unquote, parse_qsl, urlencode
+from flask import Flask, request, jsonify, Response, send_file
 from flask_caching import Cache
+import logging
+import threading
 import time
 from datetime import datetime
 from huggingface_hub import HfApi, hf_hub_download, utils as hf_utils
@@ -12,37 +14,282 @@ from werkzeug.utils import secure_filename
 import requests
 from io import BytesIO
 import uuid
-import threading
-import logging
-
-logging.basicConfig(level=logging.INFO)
 
+# --- Configuration ---
 app = Flask(__name__)
-app.secret_key = os.getenv("FLASK_SECRET_KEY", "supersecretkey_folders_unique_telegram")
-
-BOT_TOKEN = os.environ.get('TELEGRAM_BOT_TOKEN', 'YOUR_BOT_TOKEN')
-HOST = '0.0.0.0'
-PORT = 7860
-AUTH_DATA_LIFETIME = 3600
-DATA_FILE = 'cloudeng_data_telegram.json'
-REPO_ID = "Eluza133/Z1e1u"
+app.secret_key = os.getenv("FLASK_SECRET_KEY", "supersecretkey_mini_app_unique")
+BOT_TOKEN = os.getenv('TELEGRAM_BOT_TOKEN', 'YOUR_BOT_TOKEN') # MUST be set
+DATA_FILE = 'cloudeng_mini_app_data.json'
+REPO_ID = "Eluza133/Z1e1u" # Same HF Repo
 HF_TOKEN_WRITE = os.getenv("HF_TOKEN")
 HF_TOKEN_READ = os.getenv("HF_TOKEN_READ") or HF_TOKEN_WRITE
-UPLOAD_FOLDER = 'uploads'
+UPLOAD_FOLDER = 'uploads_mini_app'
 os.makedirs(UPLOAD_FOLDER, exist_ok=True)
 
+# --- Caching and Logging ---
 cache = Cache(app, config={'CACHE_TYPE': 'simple'})
+logging.basicConfig(level=logging.INFO)
+
+# --- Constants ---
+AUTH_DATA_LIFETIME = 3600 # 1 hour validity for initData
+
+# --- Filesystem Utilities ---
+def find_node_by_id(filesystem, node_id):
+    if not filesystem or not isinstance(filesystem, dict):
+        return None, None
+    if filesystem.get('id') == node_id:
+        return filesystem, None
+
+    queue = [(filesystem, None)]
+    visited = {filesystem.get('id')}
+
+    while queue:
+        current_node, parent = queue.pop(0)
+        if current_node.get('type') == 'folder' and 'children' in current_node:
+            for child in current_node.get('children', []):
+                 child_id = child.get('id')
+                 if not child_id: continue # Skip nodes without id
+
+                 if child_id == node_id:
+                    return child, current_node
+                 if child_id not in visited and child.get('type') == 'folder':
+                    visited.add(child_id)
+                    queue.append((child, current_node))
+    return None, None
+
+def add_node(filesystem, parent_id, node_data):
+    parent_node, _ = find_node_by_id(filesystem, parent_id)
+    if parent_node and parent_node.get('type') == 'folder':
+        if 'children' not in parent_node:
+            parent_node['children'] = []
+        # Prevent adding duplicates by id
+        existing_ids = {child.get('id') for child in parent_node['children']}
+        if node_data.get('id') not in existing_ids:
+            parent_node['children'].append(node_data)
+            return True
+    return False
+
+def remove_node(filesystem, node_id):
+    node_to_remove, parent_node = find_node_by_id(filesystem, node_id)
+    if node_to_remove and parent_node and 'children' in parent_node:
+        original_length = len(parent_node['children'])
+        parent_node['children'] = [child for child in parent_node['children'] if child.get('id') != node_id]
+        return len(parent_node['children']) < original_length # Return True if something was removed
+    # Handle root node deletion attempt (should not happen normally)
+    if node_to_remove and node_id == filesystem.get('id'):
+        logging.warning("Attempted to remove root node directly.")
+        return False
+    return False
+
+def get_node_path_list(filesystem, node_id):
+    path_list = []
+    current_id = node_id
+
+    processed_ids = set()
+
+    while current_id and current_id not in processed_ids:
+        processed_ids.add(current_id)
+        node, parent = find_node_by_id(filesystem, current_id)
+        if not node:
+            break
+        path_list.append({
+            'id': node.get('id'),
+            'name': node.get('name', node.get('original_filename', 'Unknown'))
+        })
+        if not parent:
+             break
+        parent_id = parent.get('id')
+        if parent_id == current_id: # Prevent infinite loop if parent is self
+             logging.error(f"Filesystem loop detected at node {current_id}")
+             break
+        current_id = parent_id
+
+    # Ensure root is always first if found, otherwise add default root
+    if not any(p['id'] == 'root' for p in path_list):
+        path_list.append({'id': 'root', 'name': 'Root'})
+
+    # Filter out potential duplicates while preserving order, then reverse
+    final_path = []
+    seen_ids = set()
+    for item in reversed(path_list):
+         if item['id'] not in seen_ids:
+              final_path.append(item)
+              seen_ids.add(item['id'])
+
+    return final_path
+
+
+def initialize_user_filesystem(user_data):
+    if 'filesystem' not in user_data or not isinstance(user_data['filesystem'], dict):
+        user_data['filesystem'] = {
+            "type": "folder",
+            "id": "root",
+            "name": "Root",
+            "children": []
+        }
+
+# --- Data Loading/Saving ---
+@cache.memoize(timeout=120) # Cache for 2 minutes
+def load_data():
+    try:
+        download_db_from_hf()
+        with open(DATA_FILE, 'r', encoding='utf-8') as file:
+            data = json.load(file)
+            if not isinstance(data, dict):
+                logging.warning("Data file is not a dict, initializing empty.")
+                return {'users': {}}
+            data.setdefault('users', {})
+            # Ensure all users have a valid filesystem structure
+            for user_id, user_data in data['users'].items():
+                initialize_user_filesystem(user_data)
+            logging.info("Data loaded and filesystems checked/initialized.")
+            return data
+    except FileNotFoundError:
+        logging.warning(f"{DATA_FILE} not found locally. Initializing empty data.")
+        return {'users': {}}
+    except json.JSONDecodeError:
+        logging.error(f"Error decoding JSON from {DATA_FILE}. Returning empty data.")
+        return {'users': {}}
+    except Exception as e:
+        logging.error(f"Error loading data: {e}")
+        return {'users': {}}
+
+def save_data(data):
+    try:
+        with open(DATA_FILE, 'w', encoding='utf-8') as file:
+            json.dump(data, file, ensure_ascii=False, indent=4)
+        # Upload immediately after saving
+        upload_db_to_hf()
+        cache.clear() # Clear cache after saving
+        logging.info("Data saved locally and upload to HF initiated.")
+    except Exception as e:
+        logging.error(f"Error saving data: {e}")
+        # Consider not raising here to potentially allow app to continue
+        # raise
+
+def upload_db_to_hf():
+    if not HF_TOKEN_WRITE:
+        logging.warning("HF_TOKEN_WRITE not set, skipping database upload.")
+        return
+    try:
+        api = HfApi()
+        api.upload_file(
+            path_or_fileobj=DATA_FILE,
+            path_in_repo=DATA_FILE,
+            repo_id=REPO_ID,
+            repo_type="dataset",
+            token=HF_TOKEN_WRITE,
+            commit_message=f"Backup MiniApp {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}",
+            run_as_future=True # Upload in background
+        )
+        logging.info("Database upload to Hugging Face scheduled.")
+    except Exception as e:
+        logging.error(f"Error scheduling database upload: {e}")
+
+def download_db_from_hf():
+    if not HF_TOKEN_READ:
+        logging.warning("HF_TOKEN_READ not set, skipping database download.")
+        if not os.path.exists(DATA_FILE):
+             with open(DATA_FILE, 'w', encoding='utf-8') as f:
+                 json.dump({'users': {}}, f)
+             logging.info(f"Created empty local database file: {DATA_FILE}")
+        return
+    try:
+        hf_hub_download(
+            repo_id=REPO_ID,
+            filename=DATA_FILE,
+            repo_type="dataset",
+            token=HF_TOKEN_READ,
+            local_dir=".",
+            local_dir_use_symlinks=False,
+            force_download=True, # Ensure we get the latest
+            etag_timeout=10 # Short timeout for checking freshness
+        )
+        logging.info("Database downloaded from Hugging Face")
+    except hf_utils.RepositoryNotFoundError:
+         logging.error(f"Repository {REPO_ID} not found.")
+         if not os.path.exists(DATA_FILE):
+             with open(DATA_FILE, 'w', encoding='utf-8') as f: json.dump({'users': {}}, f)
+    except hf_utils.EntryNotFoundError:
+        logging.warning(f"{DATA_FILE} not found in repo {REPO_ID}. Using/Creating local.")
+        if not os.path.exists(DATA_FILE):
+            with open(DATA_FILE, 'w', encoding='utf-8') as f: json.dump({'users': {}}, f)
+    except requests.exceptions.ConnectionError as e:
+         logging.error(f"Connection error downloading DB from HF: {e}. Using local version if available.")
+    except Exception as e:
+        logging.error(f"Error downloading database: {e}")
+        if not os.path.exists(DATA_FILE):
+            with open(DATA_FILE, 'w', encoding='utf-8') as f: json.dump({'users': {}}, f)
+
+# --- File Type Helper ---
+def get_file_type(filename):
+    if not filename or '.' not in filename: return 'other'
+    ext = filename.lower().split('.')[-1]
+    if ext in ['mp4', 'mov', 'avi', 'webm', 'mkv']: return 'video'
+    if ext in ['jpg', 'jpeg', 'png', 'gif', 'bmp', 'webp', 'svg']: return 'image'
+    if ext == 'pdf': return 'pdf'
+    if ext == 'txt': return 'text'
+    return 'other'
+
+# --- Telegram Validation ---
+def check_telegram_authorization(auth_data: str, bot_token: str) -> dict | None:
+    if not auth_data or not bot_token or bot_token == 'YOUR_BOT_TOKEN':
+        logging.warning("Validation skipped: Missing auth_data or valid BOT_TOKEN.")
+        return None
+    try:
+        parsed_data = dict(parse_qsl(unquote(auth_data)))
+        if "hash" not in parsed_data:
+            logging.error("Hash not found in auth data")
+            return None
+
+        telegram_hash = parsed_data.pop('hash')
+        auth_date_ts = int(parsed_data.get('auth_date', 0))
+        current_ts = int(time.time())
+
+        if abs(current_ts - auth_date_ts) > AUTH_DATA_LIFETIME:
+             logging.warning(f"Auth data expired (Auth: {auth_date_ts}, Now: {current_ts}, Diff: {current_ts - auth_date_ts})")
+             return None
+
+        data_check_string = "\n".join(sorted([f"{k}={v}" for k, v in parsed_data.items()]))
+        secret_key = hmac.new("WebAppData".encode(), bot_token.encode(), hashlib.sha256).digest()
+        calculated_hash = hmac.new(secret_key, data_check_string.encode(), hashlib.sha256).hexdigest()
+
+        if calculated_hash == telegram_hash:
+            user_data_str = parsed_data.get('user')
+            if user_data_str:
+                try:
+                    user_info = json.loads(user_data_str)
+                    if 'id' not in user_info:
+                         logging.error("Validated user data missing 'id'")
+                         return None
+                    return user_info # Success
+                except json.JSONDecodeError:
+                    logging.error("Failed to decode user JSON from auth data")
+                    return None
+            else:
+                logging.warning("No 'user' field in validated auth data")
+                return None # Require user field
+        else:
+            logging.warning("Hash mismatch during validation")
+            return None
+    except Exception as e:
+        logging.error(f"Exception during validation: {e}")
+        return None
 
+
+# --- HTML, CSS, JS Template ---
 HTML_TEMPLATE = """
 <!DOCTYPE html>
 <html lang="ru">
 <head>
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
-    <title>Zeus Cloud TG</title>
+    <title>Zeus Cloud Mini App</title>
     <script src="https://telegram.org/js/telegram-web-app.js"></script>
+    <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;800&display=swap" rel="stylesheet">
     <style>
         :root {
+            --primary: #ff4d6d; --secondary: #00ddeb; --accent: #8b5cf6;
             --tg-theme-bg-color: var(--tg-bg-color, #ffffff);
             --tg-theme-text-color: var(--tg-text-color, #000000);
             --tg-theme-hint-color: var(--tg-hint-color, #999999);
@@ -51,2006 +298,1140 @@ HTML_TEMPLATE = """
             --tg-theme-button-text-color: var(--tg-button-text-color, #ffffff);
             --tg-theme-secondary-bg-color: var(--tg-secondary-bg-color, #f1f1f1);
             --tg-viewport-height: var(--tg-viewport-stable-height, 100vh);
+            --card-bg: var(--tg-theme-secondary-bg-color);
+            --text-light: var(--tg-theme-text-color);
+            --text-dark: var(--tg-theme-text-color); /* Simplified for TG theme */
+            --shadow: 0 4px 15px rgba(0, 0, 0, 0.1);
+            --glass-bg: rgba(128, 128, 128, 0.1);
+            --transition: all 0.2s ease-out;
+            --delete-color: #ff4444;
+            --folder-color: #ffc107;
         }
-
         html { box-sizing: border-box; }
         *, *:before, *:after { box-sizing: inherit; }
-
         body {
-            font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif;
+            font-family: 'Inter', sans-serif;
+            background: var(--tg-theme-bg-color);
+            color: var(--text-light);
+            line-height: 1.5;
             margin: 0;
             padding: 15px;
-            background-color: var(--tg-theme-bg-color);
-            color: var(--tg-theme-text-color);
-            font-size: 16px;
-            line-height: 1.5;
-            display: flex;
-            flex-direction: column;
-            align-items: center;
             min-height: var(--tg-viewport-height);
-            overflow-y: auto;
+            display: flex; flex-direction: column;
             -webkit-font-smoothing: antialiased;
             -moz-osx-font-smoothing: grayscale;
         }
         .container {
-            width: 100%;
-            max-width: 600px;
-            background-color: var(--tg-theme-secondary-bg-color);
-            padding: 20px;
-            border-radius: 10px;
-            margin-bottom: 20px;
-            box-shadow: 0 2px 5px rgba(0,0,0,0.1);
-            text-align: center;
-            flex-shrink: 0;
-        }
-        #loading, #error {
-            padding: 20px;
-            text-align: center;
-        }
-        #content {
-            display: none;
-            width: 100%;
-            flex-direction: column;
-            align-items: center;
-        }
-        #user-info, #profile {
-            margin-bottom: 20px;
-            padding: 15px;
-            background-color: var(--tg-theme-bg-color);
-            border-radius: 8px;
-            text-align: left;
-            width: 100%;
-        }
-        h2 {
-            color: var(--tg-theme-link-color);
-            margin-top: 0;
-            text-align: center;
-            border-bottom: 1px solid var(--tg-theme-hint-color);
-            padding-bottom: 10px;
-            margin-bottom: 15px;
-            font-size: 1.2em;
-        }
-        p { margin: 8px 0; }
-        strong { color: var(--tg-theme-text-color); }
-        .user-value {
-            color: var(--tg-theme-hint-color);
-            word-break: break-all;
-        }
-         .flash {
-            padding: 10px;
-            border-radius: 5px;
-            margin-bottom: 15px;
-            font-weight: bold;
-            text-align: center;
-            width: 100%;
-         }
-        .flash.success {
-            background-color: var(--tg-theme-secondary-bg-color);
-            color: var(--tg-theme-link-color);
-         }
-        .flash.error {
-            background-color: #f8d7da;
-            color: #721c24;
-            border: 1px solid #f5c6cb;
-         }
-
-        .profile-pic {
-            width: 80px;
-            height: 80px;
-            border-radius: 50%;
-            margin: 0 auto 15px auto;
-            display: block;
-            border: 2px solid var(--tg-theme-button-color);
-            background-color: var(--tg-theme-secondary-bg-color);
-            object-fit: cover;
-        }
-        button {
-            background-color: var(--tg-theme-button-color);
-            color: var(--tg-theme-button-text-color);
-            border: none;
-            padding: 12px 20px;
-            border-radius: 8px;
-            cursor: pointer;
-            font-size: 16px;
-            font-weight: 600;
-            transition: opacity 0.2s ease;
-            margin-top: 15px;
-            width: 100%;
-            display: block;
+             width: 100%;
+             max-width: 800px; /* Limit width on larger screens */
+             margin: 0 auto; /* Center container */
+             flex-grow: 1;
+             display: flex;
+             flex-direction: column;
         }
-        button:hover { opacity: 0.85; }
-        button:active { opacity: 0.7; }
-        pre {
-            background-color: var(--tg-theme-bg-color);
-            padding: 10px;
-            border-radius: 5px;
-            overflow-x: auto;
-            font-size: 12px;
-            color: var(--tg-theme-hint-color);
-            border: 1px solid var(--tg-theme-secondary-bg-color);
-            max-height: 200px;
-            width: 100%;
+        #loading, #error-view { padding: 30px; text-align: center; font-size: 1.2em; }
+        #app-content { display: none; flex-grow: 1; flex-direction: column; }
+
+        h1 { font-size: 1.8em; font-weight: 800; text-align: center; margin-bottom: 15px; background: linear-gradient(135deg, var(--primary), var(--accent)); -webkit-background-clip: text; color: transparent; }
+        h2 { font-size: 1.3em; margin-top: 20px; margin-bottom: 10px; color: var(--text-light); border-bottom: 1px solid var(--tg-theme-hint-color); padding-bottom: 5px; }
+        p { margin-bottom: 10px; }
+        input[type=text], input[type=file] {
+             width: 100%; padding: 12px; margin: 8px 0; border: 1px solid var(--tg-theme-hint-color); border-radius: 10px; background: var(--tg-theme-bg-color); color: var(--text-light); font-size: 1em;
+             box-shadow: inset 0 1px 3px rgba(0, 0, 0, 0.05); transition: border-color 0.2s ease;
         }
-
-        .file-grid { display: grid; grid-template-columns: repeat(auto-fill, minmax(150px, 1fr)); gap: 15px; margin-top: 20px; }
-        .item { background: var(--tg-theme-bg-color); padding: 10px; border-radius: 8px; box-shadow: 0 1px 3px rgba(0,0,0,0.1); text-align: center; transition: transform 0.2s ease; display: flex; flex-direction: column; justify-content: space-between; }
-        .item:active { transform: scale(0.98); }
-        .item-preview { max-width: 100%; height: 90px; object-fit: cover; border-radius: 6px; margin-bottom: 8px; cursor: pointer; display: block; margin-left: auto; margin-right: auto;}
-        .item.folder .item-preview { object-fit: contain; font-size: 50px; color: var(--tg-theme-link-color); line-height: 90px; }
-        .item p { font-size: 0.9em; margin: 4px 0; word-break: break-all; text-align: center;}
+        input[type=text]:focus { outline: none; border-color: var(--primary); }
+        input[type=file] { border: none; padding: 5px; }
+
+        .btn { padding: 12px 24px; background: var(--tg-theme-button-color); color: var(--tg-theme-button-text-color); border: none; border-radius: 12px; cursor: pointer; font-size: 1em; font-weight: 600; transition: var(--transition); box-shadow: 0 2px 5px rgba(0,0,0,0.1); display: inline-block; text-decoration: none; margin-top: 5px; margin-right: 5px; text-align: center; }
+        .btn:hover { opacity: 0.85; }
+        .btn:active { transform: scale(0.98); }
+        .btn[disabled] { background-color: var(--tg-theme-hint-color); cursor: not-allowed; opacity: 0.7; }
+        .download-btn { background: var(--secondary); color: black; }
+        .delete-btn { background: var(--delete-color); }
+        .folder-btn { background: var(--folder-color); color: black; }
+        .view-btn { background: var(--accent); }
+
+        .flash { color: var(--tg-theme-button-text-color); text-align: center; margin-bottom: 15px; padding: 10px; border-radius: 10px; font-weight: 500;}
+        .flash.success { background: #28a745; }
+        .flash.error { background: var(--delete-color); }
+
+        .file-grid { display: grid; grid-template-columns: repeat(auto-fill, minmax(130px, 1fr)); gap: 15px; margin-top: 15px; padding-bottom: 20px;}
+
+        .item { background: var(--card-bg); padding: 10px; border-radius: 12px; box-shadow: var(--shadow); text-align: center; transition: var(--transition); display: flex; flex-direction: column; justify-content: space-between; }
+        .item:hover { transform: translateY(-3px); box-shadow: 0 6px 20px rgba(0, 0, 0, 0.12); }
+        .item-preview { width: 100%; height: 90px; object-fit: cover; border-radius: 8px; margin-bottom: 8px; cursor: pointer; display: block; background-color: rgba(128,128,128, 0.1); }
+        .item.folder .item-preview { object-fit: contain; font-size: 50px; color: var(--folder-color); line-height: 90px; text-decoration: none; }
+        .item p { font-size: 0.85em; margin: 4px 0; word-break: break-all; line-height: 1.3; height: 2.6em; overflow: hidden;} /* Show 2 lines */
+        .item p.filename { font-weight: 600; height: auto; max-height: 2.6em;} /* Allow filename more space */
+        .item p.details { font-size: 0.75em; color: var(--tg-theme-hint-color); height: auto; }
         .item a { color: var(--tg-theme-link-color); text-decoration: none; }
-        .item-actions { margin-top: 8px; display: flex; flex-wrap: wrap; gap: 4px; justify-content: center; }
-        .item-actions .btn { font-size: 0.8em; padding: 6px 10px; margin: 0; border-radius: 6px; }
-        .download-btn { background-color: var(--tg-theme-button-color); }
-        .delete-btn { background-color: #e53935; color: white; }
-        .delete-btn:hover { background-color: #c62828; }
-        .view-btn { background-color: var(--tg-theme-link-color); }
-
-        .modal { display: none; position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: rgba(0, 0, 0, 0.85); z-index: 2000; justify-content: center; align-items: center; }
-        .modal-content { max-width: 95%; max-height: 95%; background: var(--tg-theme-bg-color); padding: 10px; border-radius: 10px; overflow: auto; position: relative; }
-        .modal img, .modal video, .modal iframe, .modal pre { max-width: 100%; max-height: 85vh; display: block; margin: auto; border-radius: 8px; }
-        .modal iframe { width: 80vw; height: 85vh; border: none; }
-        .modal pre { background: var(--tg-theme-secondary-bg-color); color: var(--tg-theme-text-color); padding: 15px; border-radius: 8px; white-space: pre-wrap; word-wrap: break-word; text-align: left; max-height: 85vh; overflow-y: auto;}
-        .modal-close-btn { position: absolute; top: 10px; right: 15px; font-size: 24px; color: #aaa; cursor: pointer; background: rgba(0,0,0,0.3); border-radius: 50%; width: 30px; height: 30px; line-height: 30px; text-align: center; }
-        .modal-close-btn:hover { color: #fff; background: rgba(0,0,0,0.5); }
-
-        #progress-container { width: 100%; background: var(--tg-theme-secondary-bg-color); border-radius: 10px; margin: 15px 0; display: none; position: relative; height: 20px; overflow: hidden;}
-        #progress-bar { width: 0%; height: 100%; background: var(--tg-theme-button-color); border-radius: 10px; transition: width 0.3s ease; }
-        #progress-text { position: absolute; width: 100%; text-align: center; line-height: 20px; color: var(--tg-theme-button-text-color); font-size: 0.9em; font-weight: bold;}
-
-        .breadcrumbs { margin-bottom: 20px; font-size: 1em; text-align: left; width: 100%; }
-        .breadcrumbs a { color: var(--tg-theme-link-color); text-decoration: none; }
+        .item a:hover { text-decoration: underline; }
+        .item-actions { margin-top: 8px; display: flex; flex-wrap: wrap; gap: 5px; justify-content: center; }
+        .item-actions .btn { font-size: 0.8em; padding: 4px 8px; }
+
+        .modal { display: none; position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: rgba(0, 0, 0, 0.8); z-index: 2000; justify-content: center; align-items: center; padding: 10px;}
+        .modal-content { width: 100%; height: 100%; background: var(--tg-theme-bg-color); padding: 10px; border-radius: 15px; overflow: hidden; position: relative; display: flex; flex-direction: column; }
+        .modal-body { flex-grow: 1; overflow: auto; display: flex; justify-content: center; align-items: center; }
+        .modal img, .modal video, .modal iframe, .modal pre { max-width: 100%; max-height: 95%; display: block; margin: auto; border-radius: 10px; }
+        .modal iframe { width: 100%; height: 100%; border: none; }
+        .modal pre { background: var(--tg-theme-secondary-bg-color); color: var(--text-light); padding: 15px; border-radius: 8px; white-space: pre-wrap; word-wrap: break-word; text-align: left; max-height: 95%; overflow-y: auto; width: 100%;}
+        .modal-close-btn { position: absolute; top: 15px; right: 15px; font-size: 24px; color: var(--tg-theme-hint-color); cursor: pointer; background: rgba(128,128,128,0.2); border-radius: 50%; width: 30px; height: 30px; line-height: 30px; text-align: center; z-index: 2001;}
+
+        #progress-container { width: 100%; background: var(--tg-theme-secondary-bg-color); border-radius: 10px; margin: 15px 0; display: none; position: relative; height: 20px; overflow: hidden; }
+        #progress-bar { width: 0%; height: 100%; background: var(--primary); border-radius: 10px; transition: width 0.3s ease; }
+        #progress-text { position: absolute; width: 100%; text-align: center; line-height: 20px; color: var(--tg-theme-button-text-color); font-size: 0.9em; font-weight: bold; text-shadow: 1px 1px 1px rgba(0,0,0,0.5); }
+
+        .breadcrumbs { margin-bottom: 15px; font-size: 1em; background: var(--card-bg); padding: 8px 12px; border-radius: 8px; box-shadow: var(--shadow); }
+        .breadcrumbs a { color: var(--tg-theme-link-color); text-decoration: none; font-weight: 500; }
         .breadcrumbs a:hover { text-decoration: underline; }
         .breadcrumbs span { margin: 0 5px; color: var(--tg-theme-hint-color); }
+        .breadcrumbs span.current-folder { font-weight: 600; color: var(--text-light);}
 
-        .folder-actions { margin-top: 10px; margin-bottom: 10px; display: flex; gap: 8px; align-items: center; flex-wrap: wrap; width: 100%;}
-        .folder-actions input[type=text] { flex-grow: 1; margin: 0; min-width: 120px; padding: 8px; border-radius: 6px; background: var(--tg-theme-bg-color); color: var(--tg-theme-text-color); border: 1px solid var(--tg-theme-secondary-bg-color);}
-        .folder-actions input[type=text]:focus { outline: none; border-color: var(--tg-theme-link-color); }
-        .folder-actions .btn { margin: 0; flex-shrink: 0; width: auto; padding: 8px 12px; font-size: 0.9em;}
-        .folder-btn { background-color: var(--tg-theme-link-color); }
+        .folder-actions { margin-top: 10px; margin-bottom: 15px; display: flex; gap: 10px; align-items: center; flex-wrap: wrap; }
+        .folder-actions input[type=text] { width: auto; flex-grow: 1; margin: 0; min-width: 150px; }
+        .folder-actions .btn { margin: 0; flex-shrink: 0;}
 
-         input[type="file"] {
-             display: block;
-             width: 100%;
-             padding: 10px 0;
-             color: var(--tg-theme-text-color);
-             background: var(--tg-theme-secondary-bg-color);
-             border: 1px solid var(--tg-theme-hint-color);
-             border-radius: 8px;
-             margin: 15px 0;
-             cursor: pointer;
-         }
-         input[type="file"]::file-selector-button {
-              background-color: var(--tg-theme-button-color);
-              color: var(--tg-theme-button-text-color);
-              border: none;
-              padding: 8px 12px;
-              border-radius: 6px;
-              cursor: pointer;
-              margin-right: 10px;
-              transition: opacity 0.2s ease;
-         }
-         input[type="file"]::file-selector-button:hover { opacity: 0.9; }
-         input[type="file"]:focus { outline: none; }
+        #user-info-header { text-align: center; margin-bottom: 15px; font-size: 0.9em; color: var(--tg-theme-hint-color); }
 
         @media (max-width: 480px) {
             body { padding: 10px; }
-            .container { padding: 15px; }
-            .file-grid { grid-template-columns: repeat(auto-fill, minmax(100px, 1fr)); gap: 10px; }
-            .item-preview { height: 70px; }
-            .item.folder .item-preview { font-size: 40px; line-height: 70px; }
-            .item p { font-size: 0.8em;}
-            h2 { font-size: 1.1em; }
-             .item-actions .btn { padding: 5px 8px; font-size: 0.75em; }
-             .modal-close-btn { top: 5px; right: 10px; font-size: 20px; width: 25px; height: 25px; line-height: 25px;}
+            .file-grid { grid-template-columns: repeat(auto-fill, minmax(110px, 1fr)); gap: 10px;}
+            .item-preview { height: 80px; }
+            .item.folder .item-preview { font-size: 40px; line-height: 80px; }
+            h1 { font-size: 1.6em; }
+            .btn { padding: 10px 18px; }
+            .item-actions .btn { padding: 3px 6px; }
+            .breadcrumbs { font-size: 0.9em; padding: 6px 10px; }
         }
     </style>
 </head>
 <body>
+    <div id="loading">Загрузка и проверка данных Telegram...</div>
+    <div id="error-view" style="display: none;"></div>
+    <div id="app-content" class="container">
+        <h1>Zeus Cloud</h1>
+        <div id="user-info-header"></div>
+        <div id="flash-container"></div>
 
-    <div id="loading" class="container">Загрузка данных Telegram...</div>
-    <div id="error" class="container" style="display: none;"></div>
-
-    <div id="content" class="container">
-        <div id="flash-messages" style="width: 100%;">
-            {% with messages = get_flashed_messages(with_categories=true) %}
-                {% if messages %}
-                    {% for category, message in messages %}
-                        <div class="flash {{ category }}">{{ message }}</div>
-                    {% endfor %}
-                {% endif %}
-            {% endwith %}
-        </div>
-
-        <div id="user-info" style="width: 100%;">
-            <h2>Ваш профиль</h2>
-            <p>Загрузка...</p>
-        </div>
-
-        <div class="breadcrumbs"></div>
+        <div class="breadcrumbs" id="breadcrumbs-container"></div>
 
         <div class="folder-actions">
-            <form id="create-folder-form" style="display: contents;">
-                <input type="hidden" name="parent_folder_id" value="{{ current_folder_id }}">
-                <input type="text" name="folder_name" placeholder="Имя новой папки" required>
-                <button type="submit" class="btn folder-btn">Создать</button>
-            </form>
+            <input type="text" id="new-folder-name" placeholder="Имя новой папки" required>
+            <button id="create-folder-btn" class="btn folder-btn">Создать папку</button>
         </div>
 
-        <form id="upload-form" method="POST" enctype="multipart/form-data" action="{{ url_for('dashboard') }}">
-            <input type="hidden" name="current_folder_id" value="{{ current_folder_id }}">
+        <form id="upload-form">
             <input type="file" name="files" id="file-input" multiple required>
             <button type="submit" class="btn" id="upload-btn">Загрузить файлы сюда</button>
         </form>
         <div id="progress-container"><div id="progress-bar"></div><div id="progress-text">0%</div></div>
 
-
-        <h2>Содержимое папки: <span id="current-folder-name">Загрузка...</span></h2>
-        <div id="file-grid" class="file-grid">
-             <p>Загрузка...</p>
+        <h2 id="current-folder-title">Содержимое папки</h2>
+        <div class="file-grid" id="file-grid-container">
+            <!-- Items will be loaded here -->
         </div>
-
     </div>
 
-<div class="modal" id="mediaModal" onclick="closeModal(event)">
-    <div class="modal-content" id="modalContentContainer">
-        <span onclick="closeModalManual()" class="modal-close-btn">×</span>
-        <div id="modalContent"></div>
+    <div class="modal" id="mediaModal" onclick="closeModal(event)">
+        <div class="modal-content">
+             <span onclick="closeModalManual()" class="modal-close-btn">×</span>
+             <div class="modal-body" id="modalContent"></div>
+        </div>
     </div>
-</div>
-
-<script>
-    const tg = window.Telegram.WebApp;
-    const repoId = "{{ REPO_ID }}"; // Передаем REPO_ID из Flask
-    const hfTokenRead = "{{ HF_TOKEN_READ or '' }}"; // Передаем токен для чтения
-
-    const loadingEl = document.getElementById('loading');
-    const errorEl = document.getElementById('error');
-    const contentEl = document.getElementById('content');
-    const userInfoEl = document.getElementById('user-info').querySelector('p');
-    const currentFolderNameEl = document.getElementById('current-folder-name');
-    const fileGridEl = document.getElementById('file-grid');
-    const breadcrumbsEl = document.querySelector('.breadcrumbs');
-    const createFolderForm = document.getElementById('create-folder-form');
-    const folderNameInput = createFolderForm.querySelector('input[name="folder_name"]');
-    const createFolderParentIdInput = createFolderForm.querySelector('input[name="parent_folder_id"]');
-    const uploadForm = document.getElementById('upload-form');
-    const fileInput = document.getElementById('file-input');
-    const uploadBtn = document.getElementById('upload-btn');
-    const progressContainer = document.getElementById('progress-container');
-    const progressBar = document.getElementById('progress-bar');
-    const progressText = document.getElementById('progress-text');
-
-    let currentFolderId = 'root'; // Default to root
-
-    function showLoading() {
-        loadingEl.style.display = 'block';
-        errorEl.style.display = 'none';
-        contentEl.style.display = 'none';
-    }
-
-    function showError(message) {
-        loadingEl.style.display = 'none';
-        errorEl.innerHTML = `<h2>Ошибка</h2><p>${message}</p>`;
-        errorEl.style.display = 'block';
-        contentEl.style.display = 'none';
-        if (tg.HapticFeedback) {
-            tg.HapticFeedback.notificationOccurred('error');
-        }
-    }
 
-    function showContent() {
-        loadingEl.style.display = 'none';
-        errorEl.style.display = 'none';
-        contentEl.style.display = 'flex';
-    }
+    <script>
+        const tg = window.Telegram.WebApp;
+        const loadingEl = document.getElementById('loading');
+        const errorViewEl = document.getElementById('error-view');
+        const appContentEl = document.getElementById('app-content');
+        const userInfoHeaderEl = document.getElementById('user-info-header');
+        const flashContainerEl = document.getElementById('flash-container');
+        const breadcrumbsContainerEl = document.getElementById('breadcrumbs-container');
+        const fileGridContainerEl = document.getElementById('file-grid-container');
+        const currentFolderTitleEl = document.getElementById('current-folder-title');
+        const uploadForm = document.getElementById('upload-form');
+        const fileInput = document.getElementById('file-input');
+        const uploadBtn = document.getElementById('upload-btn');
+        const progressContainer = document.getElementById('progress-container');
+        const progressBar = document.getElementById('progress-bar');
+        const progressText = document.getElementById('progress-text');
+        const newFolderInput = document.getElementById('new-folder-name');
+        const createFolderBtn = document.getElementById('create-folder-btn');
+
+        let currentFolderId = 'root';
+        let validatedInitData = null;
+        let currentUser = null;
+        let currentItems = [];
+
+        // --- API Communication ---
+        async function apiCall(endpoint, method = 'POST', body = {}) {
+            if (!validatedInitData) {
+                showError("Ошибка: Данные авторизации отсутствуют.");
+                throw new Error("Not authenticated");
+            }
+            // Include initData in every authenticated request
+            body.initData = validatedInitData;
 
-    function displayUserInfo(userData) {
-        if (!userData) {
-            userInfoEl.innerHTML = `Данные пользователя отсутствуют.`;
-            return;
-        }
-        let content = '';
-        if(userData.photo_url) {
-             content += `<img src="${userData.photo_url}" alt="Фото профиля" class="profile-pic" onerror="this.style.display='none'">`;
-        } else {
-             content += `<div class="profile-pic" style="display: flex; align-items: center; justify-content: center; background-color: var(--tg-theme-button-color); color: var(--tg-theme-button-text-color); font-size: 32px; font-weight: bold;">${(userData.first_name || '?')[0]}</div>`;
+            try {
+                const response = await fetch(endpoint, {
+                    method: method,
+                    headers: { 'Content-Type': 'application/json' },
+                    body: JSON.stringify(body)
+                });
+                if (!response.ok) {
+                    let errorMsg = `HTTP error ${response.status}`;
+                    try {
+                        const errData = await response.json();
+                        errorMsg = errData.message || errorMsg;
+                    } catch (e) { /* Ignore if error body is not JSON */ }
+                    throw new Error(errorMsg);
+                }
+                return await response.json();
+            } catch (error) {
+                console.error(`API call to ${endpoint} failed:`, error);
+                showFlash(`Ошибка сети или сервера: ${error.message}`, 'error');
+                throw error;
+            }
         }
-        content += `<p><strong>Имя:</strong> <span class="user-value">${userData.first_name || ''} ${userData.last_name || ''}</span></p>`;
-        content += `<p><strong>Username:</strong> <span class="user-value">${userData.username ? '@' + userData.username : 'N/A'}</span></p>`;
-        content += `<p><strong>Язык:</strong> <span class="user-value">${userData.language_code || 'N/A'}</span></p>`;
-        content += `<p><strong>Премиум:</strong> <span class="user-value">${userData.is_premium ? 'Да 👍' : 'Нет'}</span></p>`;
-        userInfoEl.innerHTML = content;
-    }
 
-    function updateBreadcrumbs(path) {
-        let html = '';
-        for (let i = 0; i < path.length; i++) {
-            const crumb = path[i];
-            if (i < path.length - 1) {
-                html += `<a href="#" onclick="loadFolder('${crumb.id}'); return false;">${crumb.name === 'root' ? 'Главная' : crumb.name}</a>`;
-            } else {
-                html += `<span>${crumb.name === 'root' ? 'Главная' : crumb.name}</span>`;
-            }
-            if (i < path.length - 1) {
-                html += `<span>/</span>`;
-            }
+        // --- UI Rendering ---
+        function showLoadingScreen() {
+            loadingEl.style.display = 'block';
+            errorViewEl.style.display = 'none';
+            appContentEl.style.display = 'none';
         }
-        breadcrumbsEl.innerHTML = html;
-    }
 
-    function displayItems(items) {
-        fileGridEl.innerHTML = ''; // Clear current items
-        if (items.length === 0) {
-            fileGridEl.innerHTML = '<p style="width: 100%; text-align: center; color: var(--tg-theme-hint-color);">Эта папка пуста.</p>';
-            return;
+        function showError(message) {
+            loadingEl.style.display = 'none';
+            errorViewEl.innerHTML = `<h2>Ошибка</h2><p>${message}</p><button class='btn' onclick='window.location.reload()'>Перезагрузить</button>`;
+            errorViewEl.style.display = 'block';
+            appContentEl.style.display = 'none';
+            if (tg.HapticFeedback) tg.HapticFeedback.notificationOccurred('error');
         }
 
-        items.forEach(item => {
-            let itemHtml = `<div class="item ${item.type}">`;
-            if (item.type === 'folder') {
-                 itemHtml += `<a href="#" onclick="loadFolder('${item.id}'); return false;" class="item-preview" title="Перейти в папку ${item.name}">📁</a>`;
-                 itemHtml += `<p title="${item.name}"><b>${item.name.length > 15 ? item.name.substring(0, 15) + '...' : item.name}</b></p>`;
-                 itemHtml += `<div class="item-actions">`;
-                 itemHtml += `<a href="#" onclick="loadFolder('${item.id}'); return false;" class="btn folder-btn">Открыть</a>`;
-                 if (item.id !== 'root') { // Cannot delete root
-                      itemHtml += `<button class="btn delete-btn" onclick="deleteFolder('${item.id}', '${item.name}');">Удалить</button>`;
-                 }
-                 itemHtml += `</div>`;
-            } else if (item.type === 'file') {
-                 const previewable = ['image', 'video', 'pdf', 'text'].includes(item.file_type);
-                 let previewContent = '';
-                 let clickAction = '';
-                 let hfUrl = hfFileUrl(item.path);
-                 let downloadUrl = hfFileUrl(item.path, true);
-
-                 if (item.file_type === 'image') {
-                    previewContent = `<img class="item-preview" src="${hfUrl}" alt="${item.original_filename}" loading="lazy">`;
-                    clickAction = `openModal('${hfUrl}', '${item.file_type}', '${item.id}')`;
-                 } else if (item.file_type === 'video') {
-                     previewContent = `<video class="item-preview" preload="metadata" muted loading="lazy"><source src="${downloadUrl}#t=0.5"></video>`;
-                     clickAction = `openModal('${downloadUrl}', '${item.file_type}', '${item.id}')`;
-                 } else if (item.file_type === 'pdf') {
-                      previewContent = `<div class="item-preview" style="font-size: 50px; line-height: 90px; color: var(--tg-theme-link-color); text-align: center;">📄</div>`;
-                     clickAction = `openModal('${downloadUrl}', '${item.file_type}', '${item.id}')`;
-                 } else if (item.file_type === 'text') {
-                      previewContent = `<div class="item-preview" style="font-size: 50px; line-height: 90px; color: var(--tg-theme-link-color); text-align: center;">📝</div>`;
-                     clickAction = `openModal('{{ url_for('get_text_content', file_id='ITEM_ID_PLACEHOLDER') }}'.replace('ITEM_ID_PLACEHOLDER', '${item.id}'), '${item.file_type}', '${item.id}')`;
-                 } else {
-                      previewContent = `<div class="item-preview" style="font-size: 50px; line-height: 90px; color: var(--tg-theme-hint-color); text-align: center;">❓</div>`;
-                 }
+        function showAppContent() {
+            loadingEl.style.display = 'none';
+            errorViewEl.style.display = 'none';
+            appContentEl.style.display = 'flex'; // Use flex for container layout
+        }
 
-                 if (previewable) {
-                     itemHtml += `<div style="cursor: pointer;" onclick="${clickAction}">${previewContent}</div>`;
-                 } else {
-                     itemHtml += previewContent; // No click for non-previewable
+        function showFlash(message, type = 'success') {
+             const flashDiv = document.createElement('div');
+             flashDiv.className = `flash ${type}`;
+             flashDiv.textContent = message;
+             flashContainerEl.innerHTML = ''; // Clear previous messages
+             flashContainerEl.appendChild(flashDiv);
+             // Auto-remove after 5 seconds
+             setTimeout(() => {
+                 if (flashDiv.parentNode === flashContainerEl) {
+                      flashContainerEl.removeChild(flashDiv);
                  }
+             }, 5000);
+             if (tg.HapticFeedback) tg.HapticFeedback.notificationOccurred(type);
+        }
 
+        function renderBreadcrumbs(breadcrumbs) {
+            breadcrumbsContainerEl.innerHTML = '';
+            breadcrumbs.forEach((crumb, index) => {
+                if (index > 0) {
+                    breadcrumbsContainerEl.appendChild(document.createTextNode(' / '));
+                }
+                if (index === breadcrumbs.length - 1) {
+                     const span = document.createElement('span');
+                     span.className = 'current-folder';
+                     span.textContent = crumb.name;
+                     breadcrumbsContainerEl.appendChild(span);
+                     currentFolderTitleEl.textContent = `Содержим��е: ${crumb.name}`;
+                } else {
+                    const link = document.createElement('a');
+                    link.href = '#';
+                    link.textContent = crumb.name;
+                    link.onclick = (e) => { e.preventDefault(); loadFolderContent(crumb.id); };
+                    breadcrumbsContainerEl.appendChild(link);
+                }
+            });
+        }
 
-                 itemHtml += `<p title="${item.original_filename}">${item.original_filename.length > 15 ? item.original_filename.substring(0, 15) + '...' : item.original_filename}</p>`;
-                 itemHtml += `<p style="font-size: 0.7em; color: var(--tg-theme-hint-color);">${item.upload_date}</p>`;
-                 itemHtml += `<div class="item-actions">`;
-                 itemHtml += `<a href="${downloadUrl}" class="btn download-btn" download>Скачать</a>`;
-                 if (previewable) {
-                     itemHtml += `<button class="btn view-btn" onclick="${clickAction}">Просмотр</button>`;
-                 }
-                 itemHtml += `<button class="btn delete-btn" onclick="deleteFile('${item.id}', '${item.original_filename}');">Удалить</button>`;
-                 itemHtml += `</div>`;
+        function renderItems(items) {
+            fileGridContainerEl.innerHTML = ''; // Clear previous items
+            if (!items || items.length === 0) {
+                 fileGridContainerEl.innerHTML = '<p>Эта папка пуста.</p>';
+                 return;
             }
-            itemHtml += `</div>`;
-            fileGridEl.innerHTML += itemHtml;
-        });
-    }
-
-    function hfFileUrl(path, download = false) {
-        let url = `https://huggingface.co/datasets/${repoId}/resolve/main/${path}`;
-        // Note: token needed for private repos only. This example assumes public or read-access by URL.
-        // If repo is private AND token needed for resolve, this gets complex.
-        // For this example, we assume public or tokenless read resolve works.
-        // If not, you'd need a backend endpoint to proxy authenticated downloads/previews.
-        // if (hfTokenRead) url += `?token=${hfTokenRead}`; // Resolve usually doesn't use token in URL query param
-        if (download) url += '?download=true'; // download param is for browser hint
-        return url;
-    }
+            items.forEach(item => {
+                const itemDiv = document.createElement('div');
+                itemDiv.className = `item ${item.type}`;
+                let previewHtml = '';
+                let actionsHtml = '';
+                let filenameDisplay = item.original_filename || item.name || 'Unnamed';
+
+                // Truncate long filenames for display
+                const maxLen = 25;
+                let truncatedFilename = filenameDisplay.length > maxLen
+                    ? filenameDisplay.substring(0, maxLen - 3) + '...'
+                    : filenameDisplay;
+
+
+                if (item.type === 'folder') {
+                    previewHtml = `<a href="#" class="item-preview" title="Перейти в папку ${item.name}" onclick="event.preventDefault(); loadFolderContent('${item.id}')">📁</a>`;
+                    actionsHtml = `
+                        <button class="btn folder-btn" onclick="loadFolderContent('${item.id}')">Открыть</button>
+                        <button class="btn delete-btn" onclick="deleteFolder('${item.id}', '${item.name}')">Удалить</button>
+                    `;
+                    truncatedFilename = item.name; // Use folder name
+                } else if (item.type === 'file') {
+                    const previewable = ['image', 'video', 'pdf', 'text'].includes(item.file_type);
+                    const dlUrl = `/download/${item.id}`; // Simple download URL
+                    let viewFuncCall = '';
+
+                    if (item.file_type === 'image') {
+                         previewHtml = `<img class="item-preview" src="/preview_thumb/${item.id}" alt="${filenameDisplay}" loading="lazy" onerror="this.style.display='none'" onclick="openModal('/download/${item.id}', 'image', '${item.id}')">`;
+                         viewFuncCall = `openModal('/download/${item.id}', 'image', '${item.id}')`;
+                     } else if (item.file_type === 'video') {
+                         previewHtml = `<div class="item-preview" style="font-size: 50px; line-height: 90px; color: var(--accent);" onclick="openModal('/download/${item.id}', 'video', '${item.id}')">▶️</div>`;
+                         viewFuncCall = `openModal('/download/${item.id}', 'video', '${item.id}')`;
+                     } else if (item.file_type === 'pdf') {
+                         previewHtml = `<div class="item-preview" style="font-size: 50px; line-height: 90px; color: var(--accent);" onclick="openModal('/download/${item.id}', 'pdf', '${item.id}')">📄</div>`;
+                         viewFuncCall = `openModal('/download/${item.id}', 'pdf', '${item.id}')`;
+                     } else if (item.file_type === 'text') {
+                         previewHtml = `<div class="item-preview" style="font-size: 50px; line-height: 90px; color: var(--secondary);" onclick="openModal('/get_text_content/${item.id}', 'text', '${item.id}')">📝</div>`;
+                         viewFuncCall = `openModal('/get_text_content/${item.id}', 'text', '${item.id}')`;
+                     } else {
+                        previewHtml = '<div class="item-preview" style="font-size: 50px; line-height: 90px; color: #aaa;">❓</div>';
+                    }
 
-    async function openModal(srcOrUrl, type, itemId) {
-        const modal = document.getElementById('mediaModal');
-        const modalContent = document.getElementById('modalContent');
-        modalContent.innerHTML = '<p style="color: var(--tg-theme-text-color);">Загрузка...</p>';
-        modal.style.display = 'flex';
-
-        try {
-            if (type === 'image') {
-                modalContent.innerHTML = `<img src="${srcOrUrl}" alt="Просмотр изображения">`;
-            } else if (type === 'video') {
-                modalContent.innerHTML = `<video controls autoplay style='max-width: 95%; max-height: 85vh;'><source src="${srcOrUrl}" type="video/mp4">Ваш браузер не поддерживает видео.</video>`;
-            } else if (type === 'pdf') {
-                // Using Google Docs Viewer or similar is often more reliable than iframe src directly
-                 modalContent.innerHTML = `<iframe src="https://docs.google.com/viewer?url=${encodeURIComponent(srcOrUrl)}&embedded=true" title="Просмотр PDF" style="width: 80vw; height: 85vh;"></iframe>`;
-                 // Alternative: Direct iframe might work for some servers/browsers
-                 // modalContent.innerHTML = `<iframe src="${srcOrUrl}" title="Просмотр PDF" style="width: 80vw; height: 85vh;"></iframe>`;
-            } else if (type === 'text') {
-                // For text, fetch via backend endpoint which handles authentication if needed
-                const response = await fetch(srcOrUrl); // srcOrUrl is already the backend endpoint URL
-                if (!response.ok) {
-                     const errorText = await response.text();
-                     throw new Error(`Ошибка загрузки текста (${response.status}): ${errorText}`);
+                    actionsHtml = `<a href="${dlUrl}" class="btn download-btn" target="_blank" rel="noopener noreferrer">Скачать</a>`;
+                    if (previewable) {
+                        actionsHtml += `<button class="btn view-btn" onclick="${viewFuncCall}">Просмотр</button>`;
+                    }
+                    actionsHtml += `<button class="btn delete-btn" onclick="deleteFile('${item.id}', '${filenameDisplay}')">Удалить</button>`;
                 }
-                const text = await response.text();
-                const escapedText = text.replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">"); // Basic HTML escaping
-                modalContent.innerHTML = `<pre>${escapedText}</pre>`;
-            } else {
-                 modalContent.innerHTML = '<p style="color: var(--tg-theme-text-color);">Предпросмотр для этого типа файла не поддерживается.</p>';
-            }
-             if (tg.HapticFeedback) { tg.HapticFeedback.impactOccurred('light'); }
 
-        } catch (error) {
-             console.error("Error loading modal content:", error);
-             modalContent.innerHTML = `<p style="color: red;">Не удалось загрузить содержимое для предпросмотра.<br>${error.message}</p>`;
-             if (tg.HapticFeedback) { tg.HapticFeedback.notificationOccurred('error'); }
+                itemDiv.innerHTML = `
+                    ${previewHtml}
+                    <p class="filename" title="${filenameDisplay}">${truncatedFilename}</p>
+                    ${item.upload_date ? `<p class="details">${item.upload_date.split(' ')[0]}</p>` : ''}
+                    <div class="item-actions">${actionsHtml}</div>
+                `;
+                fileGridContainerEl.appendChild(itemDiv);
+            });
         }
-    }
 
-    function closeModal(event) {
-        const modal = document.getElementById('mediaModal');
-        if (event.target === modal) {
-            closeModalManual();
-        }
-    }
+        // --- Modal Logic ---
+        async function openModal(srcOrUrl, type, itemId) {
+            const modal = document.getElementById('mediaModal');
+            const modalContent = document.getElementById('modalContent');
+            modalContent.innerHTML = '<p>Загрузка...</p>';
+            modal.style.display = 'flex';
 
-    function closeModalManual() {
-         const modal = document.getElementById('mediaModal');
-         modal.style.display = 'none';
-         const video = modal.querySelector('video');
-         if (video) { video.pause(); video.removeAttribute('src'); video.load(); } // Stop video playback
-         const iframe = modal.querySelector('iframe');
-         if (iframe) iframe.src = 'about:blank'; // Clear iframe content
-         document.getElementById('modalContent').innerHTML = ''; // Clear other content
-         if (tg.HapticFeedback) { tg.HapticFeedback.impactOccurred('light'); }
-    }
-
-    async function loadFolder(folderId) {
-        currentFolderId = folderId;
-        history.pushState({ folder_id: folderId }, '', `?folder_id=${folderId}`); // Update URL and history
-        fileGridEl.innerHTML = '<p style="width: 100%; text-align: center; color: var(--tg-theme-hint-color);">Загрузка содержимого папки...</p>';
-        currentFolderNameEl.textContent = 'Загрузка...'; // Reset folder name
-        createFolderParentIdInput.value = folderId; // Update create folder form
-
-        try {
-            const response = await fetch(`/dashboard?folder_id=${folderId}`);
-            if (!response.ok) {
-                 const text = await response.text(); // Get raw response text
-                 // Check if it's a redirect (e.g., login page HTML)
-                 if (text.includes('<title>Zeus Cloud</title>') || text.includes('<title>Регистрация - Zeus Cloud</title>')) {
-                      showError("Сессия истекла или ошибка авторизации. Попробуйте перезапустить Mini App.");
-                      return;
-                 }
-                 throw new Error(`HTTP error! status: ${response.status}`);
-            }
-            // Assuming the endpoint returns a JSON object with folder data
-            const data = await response.json();
-
-            if (data.status === 'ok') {
-                currentFolderNameEl.textContent = data.current_folder_name === 'root' ? 'Главная' : data.current_folder_name;
-                displayItems(data.items);
-                updateBreadcrumbs(data.breadcrumbs);
-                 uploadForm.querySelector('input[name="current_folder_id"]').value = currentFolderId; // Update upload form target
-            } else {
-                showError(data.message || 'Неизвестная ошибка при загрузке папки.');
+            try {
+                // For PDF, use Google Docs viewer for broader compatibility
+                if (type === 'pdf') {
+                    modalContent.innerHTML = `<iframe src="https://docs.google.com/gview?url=${encodeURIComponent(window.location.origin + srcOrUrl)}&embedded=true" title="Просмотр PDF"></iframe>`;
+                } else if (type === 'image') {
+                    modalContent.innerHTML = `<img src="${srcOrUrl}" alt="Просмотр изображения">`;
+                } else if (type === 'video') {
+                    modalContent.innerHTML = `<video controls autoplay style='max-width: 100%; max-height: 100%;'><source src="${srcOrUrl}">Ваш браузер не поддерживает видео.</video>`;
+                } else if (type === 'text') {
+                    const response = await fetch(srcOrUrl); // Use the dedicated text route
+                    if (!response.ok) throw new Error(`Ошибка загрузки текста: ${response.statusText}`);
+                    const text = await response.text();
+                    const escapedText = text.replace(/</g, "<").replace(/>/g, ">"); // Basic escaping
+                    modalContent.innerHTML = `<pre>${escapedText}</pre>`;
+                } else {
+                    modalContent.innerHTML = '<p>Предпросмотр для этого типа файла не поддерживается.</p>';
+                }
+            } catch (error) {
+                console.error("Error loading modal content:", error);
+                modalContent.innerHTML = `<p>Не удалось загрузить содержимое для предпросмотра. ${error.message}</p>`;
+                 if (tg.HapticFeedback) tg.HapticFeedback.notificationOccurred('error');
             }
-
-        } catch (error) {
-            console.error("Error loading folder:", error);
-             let userMessage = 'Не удалось загрузить содержимое папки. Проверьте соединение или попробуйте позже.';
-             if (error.message.includes('HTTP error! status:')) {
-                 userMessage = `Ошибка загрузки папки: ${error.message}`;
-             }
-            showError(userMessage);
         }
-    }
 
-    async function postForm(formId, successCallback) {
-        const form = document.getElementById(formId);
-        const formData = new FormData(form);
-        const submitButton = form.querySelector('button[type="submit"]');
-        submitButton.disabled = true;
-        const originalButtonText = submitButton.textContent;
-        submitButton.textContent = 'Отправка...';
-
-        try {
-            const response = await fetch(form.action, {
-                method: form.method,
-                body: formData,
-                // Remove Content-Type header for FormData to let browser set it correctly (includes boundary)
-            });
-
-             const data = await response.json(); // Assuming JSON response for status/messages
-
-            if (data.status === 'ok') {
-                 if (tg.HapticFeedback) { tg.HapticFeedback.notificationOccurred('success'); }
-                 showFlashMessage(data.message, 'success');
-                 successCallback(data); // Call success handler to update UI (e.g., reload folder)
-            } else {
-                 if (tg.HapticFeedback) { tg.HapticFeedback.notificationOccurred('error'); }
-                 showFlashMessage(data.message || 'Произошла ошибка.', 'error');
+        function closeModal(event) {
+            const modal = document.getElementById('mediaModal');
+            // Close if clicking on the background, not the content itself
+            if (event.target === modal) {
+                closeModalManual();
             }
-        } catch (error) {
-            console.error("Form submission error:", error);
-             if (tg.HapticFeedback) { tg.HapticFeedback.notificationOccurred('error'); }
-            showFlashMessage('Ошибка сети или сервера при отправке формы.', 'error');
-        } finally {
-            submitButton.disabled = false;
-            submitButton.textContent = originalButtonText;
         }
-    }
 
-    async function deleteItem(itemId, itemName, itemType) {
-        const confirmMessage = itemType === 'file'
-            ? `Вы уверены, что хотите удалить файл "${itemName}"?`
-            : `Удалить папку "${itemName}"? Папку можно удалить только если она пуста.`;
-
-        if (confirm(confirmMessage)) {
-            const deleteUrl = itemType === 'file' ? `/delete_file/${itemId}` : `/delete_folder/${itemId}`;
-            const postData = { current_view_folder_id: currentFolderId }; // Pass current view folder ID
+        function closeModalManual() {
+            const modal = document.getElementById('mediaModal');
+            modal.style.display = 'none';
+            const video = modal.querySelector('video');
+            if (video) { video.pause(); video.src = ''; } // Stop playback and clear source
+            const iframe = modal.querySelector('iframe');
+            if (iframe) iframe.src = 'about:blank'; // Clear iframe
+            document.getElementById('modalContent').innerHTML = ''; // Clear content
+        }
 
-             // Simple POST request for delete
+        // --- Folder Operations ---
+        async function loadFolderContent(folderId) {
+            currentFolderId = folderId;
+            console.log(`Loading folder: ${folderId}`);
             try {
-                const response = await fetch(deleteUrl, {
-                    method: 'POST',
-                    headers: { 'Content-Type': 'application/json' },
-                    body: JSON.stringify(postData)
-                });
-
-                const data = await response.json();
-
+                const data = await apiCall('/get_dashboard_data', 'POST', { folder_id: folderId });
                 if (data.status === 'ok') {
-                    if (tg.HapticFeedback) { tg.HapticFeedback.notificationOccurred('success'); }
-                    showFlashMessage(data.message, 'success');
-                    // Reload current folder after deletion, or navigate up if folder was deleted
-                    if (itemType === 'folder' && data.redirect_to_folder_id) {
-                        loadFolder(data.redirect_to_folder_id);
-                    } else {
-                        loadFolder(currentFolderId);
-                    }
+                     currentItems = data.items || [];
+                     renderBreadcrumbs(data.breadcrumbs || [{'id': 'root', 'name': 'Root'}]);
+                     renderItems(currentItems.sort((a, b) => (a.type !== 'folder') - (b.type !== 'folder') || a.name.localeCompare(b.name))); // Folders first, then by name
                 } else {
-                    if (tg.HapticFeedback) { tg.HapticFeedback.notificationOccurred('error'); }
-                    showFlashMessage(data.message || `Произошла ошибка при удалении ${itemType}.`, 'error');
+                    showFlash(data.message || 'Не удалось загрузить содержимое папки.', 'error');
                 }
             } catch (error) {
-                console.error(`Error deleting ${itemType}:`, error);
-                 if (tg.HapticFeedback) { tg.HapticFeedback.notificationOccurred('error'); }
-                showFlashMessage(`Ошибка сети или сервера при удалении ${itemType}.`, 'error');
+                // Error already handled by apiCall
             }
         }
-    }
-
-    function deleteFile(fileId, fileName) {
-        deleteItem(fileId, fileName, 'file');
-    }
-
-    function deleteFolder(folderId, folderName) {
-        deleteItem(folderId, folderName, 'folder');
-    }
-
-    function showFlashMessage(message, type) {
-        const flashContainer = document.getElementById('flash-messages');
-        const msgDiv = document.createElement('div');
-        msgDiv.classList.add('flash', type);
-        msgDiv.textContent = message;
-        flashContainer.appendChild(msgDiv);
-
-        // Auto-remove flash message after a few seconds
-        setTimeout(() => {
-            msgDiv.remove();
-        }, 5000);
-    }
 
-
-    // --- Main Logic ---
-    tg.ready();
-    tg.expand();
-    tg.setHeaderColor(tg.themeParams.secondary_bg_color || '#f1f1f1');
-    document.body.style.backgroundColor = tg.themeParams.bg_color || '#ffffff';
-
-    // Check if initData exists
-    if (!tg.initData || !tg.initDataUnsafe || Object.keys(tg.initDataUnsafe).length === 0) {
-        showError("Не удалось получить данные Telegram (initData). Приложение должно быть запущено из Telegram.");
-    } else {
-        // Send initData to backend for validation
-        fetch('/validate', {
-            method: 'POST',
-            headers: { 'Content-Type': 'application/json' },
-            body: JSON.stringify({ initData: tg.initData })
-        })
-        .then(response => {
-            if (!response.ok) {
-                // Handle non-200 responses as errors
-                return response.json().then(errData => {
-                     throw new Error(errData.message || `HTTP error ${response.status}`);
-                }).catch(() => {
-                     throw new Error(`HTTP error ${response.status}`);
-                });
+        async function handleCreateFolder() {
+            const folderName = newFolderInput.value.trim();
+            if (!folderName) {
+                showFlash('Введите имя папки.', 'error');
+                return;
             }
-            return response.json();
-        })
-        .then(data => {
-            if (data.status === 'ok') {
-                showContent();
-                displayUserInfo(data.user);
-                // Determine initial folder from URL or default to root
-                const urlParams = new URLSearchParams(window.location.search);
-                const initialFolderId = urlParams.get('folder_id') || 'root';
-                loadFolder(initialFolderId); // Load initial folder content
-                if (tg.HapticFeedback) { tg.HapticFeedback.notificationOccurred('success'); }
-
-            } else {
-                showError(data.message || 'Ошибка авторизации Telegram.');
-            }
-        })
-        .catch(error => {
-            console.error("Validation fetch error:", error);
-            showError(`Ошибка валидации на сервере: ${error.message}. Попробуйте позже.`);
-        });
-    }
-
-    // Handle browser back/forward buttons
-    window.addEventListener('popstate', (event) => {
-        const folderId = event.state && event.state.folder_id ? event.state.folder_id : 'root';
-        loadFolder(folderId);
-    });
-
-
-    // --- Form Submissions (using JS to prevent full page reload) ---
-
-    // Upload form
-    uploadForm.addEventListener('submit', function(e) {
-        e.preventDefault();
-
-        const files = fileInput.files;
-        if (files.length === 0) {
-             showFlashMessage('Пожалуйста, выберите файлы для загрузки.', 'error');
-             return;
-        }
-         if (files.length > 20) {
-             showFlashMessage('Максимум 20 файлов за раз!', 'error');
-             return;
-         }
-
-        progressContainer.style.display = 'block';
-        progressBar.style.width = '0%';
-        progressText.textContent = '0%';
-        uploadBtn.disabled = true;
-        uploadBtn.textContent = 'Загрузка...';
-         if (tg.HapticFeedback) { tg.HapticFeedback.impactOccurred('rigid'); }
-
-
-        const formData = new FormData(uploadForm);
-        const xhr = new XMLHttpRequest();
-
-        xhr.upload.addEventListener('progress', function(event) {
-            if (event.lengthComputable) {
-                const percentComplete = Math.round((event.loaded / event.total) * 100);
-                progressBar.style.width = percentComplete + '%';
-                progressText.textContent = percentComplete + '%';
-                 // Optional: provide haptic feedback at intervals
-                 // if (percentComplete > 0 && percentComplete % 25 === 0 && tg.HapticFeedback) {
-                 //      tg.HapticFeedback.impactOccurred('light');
-                 // }
-            }
-        });
+             if (!/^[a-zA-Z0-9 _\-]+$/.test(folderName)) {
+                showFlash('Имя папки может содержать буквы, цифры, пробелы, тире и подчеркивания.', 'error');
+                 return;
+             }
 
-        xhr.addEventListener('load', function() {
-            uploadBtn.disabled = false;
-            uploadBtn.textContent = 'Загрузить фай��ы сюда';
-            progressContainer.style.display = 'none';
-             if (tg.HapticFeedback) { tg.HapticFeedback.notificationOccurred('success'); }
+            createFolderBtn.disabled = true;
+            createFolderBtn.textContent = 'Создание...';
 
             try {
-                 const response = JSON.parse(xhr.responseText);
-                 if (response.status === 'ok') {
-                      showFlashMessage(response.message, 'success');
-                      loadFolder(currentFolderId); // Reload current folder after successful upload
-                 } else {
-                      showFlashMessage(response.message || 'Ошибка загрузки файла.', 'error');
-                 }
-            } catch (e) {
-                 console.error("Error parsing upload response:", e);
-                 showFlashMessage('Произошла ошибка при обработке ответа сервера.', 'error');
+                const data = await apiCall('/create_folder', 'POST', {
+                    parent_folder_id: currentFolderId,
+                    folder_name: folderName
+                });
+                if (data.status === 'ok') {
+                    showFlash(`Папка "${folderName}" создана.`);
+                    newFolderInput.value = '';
+                    loadFolderContent(currentFolderId); // Refresh content
+                } else {
+                    showFlash(data.message || 'Не удалось создать папку.', 'error');
+                }
+            } catch (error) {
+                 // Error handled by apiCall
+            } finally {
+                 createFolderBtn.disabled = false;
+                 createFolderBtn.textContent = 'Создать папку';
             }
-
-        });
-
-        xhr.addEventListener('error', function() {
-             if (tg.HapticFeedback) { tg.HapticFeedback.notificationOccurred('error'); }
-            showFlashMessage('Произошла ошибка во время загрузки файла.', 'error');
-            uploadBtn.disabled = false;
-            uploadBtn.textContent = 'Загрузить файлы сюда';
-            progressContainer.style.display = 'none';
-        });
-
-        xhr.addEventListener('abort', function() {
-             if (tg.HapticFeedback) { tg.HapticFeedback.notificationOccurred('warning'); }
-            showFlashMessage('Загрузка файла отменена.', 'error');
-            uploadBtn.disabled = false;
-            uploadBtn.textContent = 'Загрузить файлы сюда';
-            progressContainer.style.display = 'none';
-        });
-
-        xhr.open('POST', uploadForm.action, true);
-        xhr.send(formData);
-    });
-
-    // Create Folder form
-    createFolderForm.addEventListener('submit', async function(e) {
-        e.preventDefault();
-        if (!folderNameInput.value.trim()) {
-            showFlashMessage('Имя папки не может быть пустым!', 'error');
-            return;
-        }
-         const folderName = folderNameInput.value.trim();
-         // Simple check for disallowed characters - refine if needed
-        if (!/^[a-zA-Z0-9 _.-]+$/.test(folderName)) {
-             showFlashMessage('Имя папки может содержать буквы, цифры, пробелы, тире и точки.', 'error');
-             return;
         }
 
+        async function deleteFolder(folderId, folderName) {
+            if (!confirm(`Вы уверены, что хотите удалить папку "${folderName}"? Папку можно удалить только если она пуста.`)) {
+                return;
+            }
+            try {
+                 const data = await apiCall(`/delete_folder/${folderId}`, 'POST', { current_folder_id: currentFolderId });
+                 if (data.status === 'ok') {
+                     showFlash(`Папка "${folderName}" удалена.`);
+                     loadFolderContent(currentFolderId); // Refresh
+                 } else {
+                     showFlash(data.message || 'Не удалось удалить папку.', 'error');
+                 }
+             } catch (error) {
+                  // Error handled by apiCall
+             }
+        }
 
-        await postForm('create-folder-form', (data) => {
-            folderNameInput.value = ''; // Clear input
-            loadFolder(currentFolderId); // Reload current folder
-        });
-    });
-
-
-    // Listen for messages from the parent window (if needed, e.g., from the bot)
-    // tg.onEvent('message_from_bot', (event) => {
-    //    console.log('Message from bot:', event);
-    // });
-
-    // Example: Show a confirmation dialog when closing if there's unsaved work
-    // tg.enableClosingConfirmation();
-
-
-</script>
-</body>
-</html>
-"""
-
-
-def check_telegram_authorization(auth_data: str, bot_token: str) -> dict | None:
-    if not auth_data:
-        logging.error("Auth data is empty.")
-        return None
-
-    try:
-        parsed_data = dict(parse_qsl(unquote(auth_data)))
-        if "hash" not in parsed_data:
-            logging.error("Hash not found in auth data.")
-            return None
-
-        telegram_hash = parsed_data.pop('hash')
-
-        auth_date_ts = int(parsed_data.get('auth_date', 0))
-        current_ts = int(time.time())
-        if current_ts - auth_date_ts > AUTH_DATA_LIFETIME:
-             logging.warning(f"Auth data expired. Auth time: {auth_date_ts}, Current time: {current_ts}, Diff: {current_ts - auth_date_ts}")
-             return None
-
-        data_check_string = "\n".join(sorted([f"{k}={v}" for k, v in parsed_data.items()]))
-
-        secret_key = hmac.new("WebAppData".encode(), bot_token.encode(), hashlib.sha256).digest()
-        calculated_hash = hmac.new(secret_key, data_check_string.encode(), hashlib.sha256).hexdigest()
-
-        if calculated_hash == telegram_hash:
-            user_data_str = parsed_data.get('user')
-            if user_data_str:
-                try:
-                    user_data = json.loads(user_data_str)
-                    if 'id' not in user_data:
-                         logging.error("User data is missing 'id'.")
-                         return None
-                    return user_data
-                except json.JSONDecodeError:
-                    logging.error("Could not decode user JSON.")
-                    return None
-            else:
-                 logging.error("No 'user' field found in validated data.")
-                 return None
-        else:
-            logging.warning(f"Hash mismatch. Calculated: {calculated_hash}, Received: {telegram_hash}")
-            # logging.debug(f"Data check string:\n{data_check_string}") # Uncomment for deep debug
-            return None
-
-    except Exception as e:
-        logging.exception("Error during Telegram authorization check:")
-        return None
-
-
-def find_node_by_id(filesystem, node_id):
-    if filesystem.get('id') == node_id:
-        return filesystem, None
-
-    queue = [(filesystem, None)]
-    while queue:
-        current_node, parent = queue.pop(0)
-        if current_node.get('type') == 'folder' and 'children' in current_node:
-            for i, child in enumerate(current_node['children']):
-                if child.get('id') == node_id:
-                    return child, current_node
-                if child.get('type') == 'folder':
-                    queue.append((child, current_node))
-    return None, None
-
-def add_node(filesystem, parent_id, node_data):
-    parent_node, _ = find_node_by_id(filesystem, parent_id)
-    if parent_node and parent_node.get('type') == 'folder':
-        if 'children' not in parent_node:
-            parent_node['children'] = []
-        parent_node['children'].append(node_data)
-        return True
-    return False
-
-def remove_node(filesystem, node_id):
-    node_to_remove, parent_node = find_node_by_id(filesystem, node_id)
-    if node_to_remove and parent_node and 'children' in parent_node:
-        parent_node['children'] = [child for child in parent_node['children'] if child.get('id') != node_id]
-        return True
-    return False
-
-def get_node_path(filesystem, node_id, path_elements=None):
-    if path_elements is None:
-        path_elements = []
-    node, parent = find_node_by_id(filesystem, node_id)
-    if node:
-         # Use node's name or original_filename for path string, but ID for internal path construction
-         path_elements.append({'id': node.get('id'), 'name': node.get('name', node.get('original_filename', ''))})
-         if parent:
-             return get_node_path(filesystem, parent['id'], path_elements)
-    return list(reversed(path_elements)) # Reverse to get path from root
-
-def get_node_path_string(filesystem, node_id):
-    path_list = get_node_path(filesystem, node_id)
-    # Filter out the 'root' name for the string representation unless it's just root
-    string_parts = [p['name'] for p in path_list if p['id'] != 'root' or len(path_list) == 1]
-    return " / ".join(string_parts) or "Root"
-
-
-def initialize_user_filesystem(user_data):
-    if 'filesystem' not in user_data:
-        user_data['filesystem'] = {
-            "type": "folder",
-            "id": "root",
-            "name": "root",
-            "children": []
-        }
-    # Handle potential old 'files' structure during migration if needed, but assuming fresh start here.
-
-
-@cache.memoize(timeout=300)
-def load_data():
-    try:
-        download_db_from_hf()
-        with open(DATA_FILE, 'r', encoding='utf-8') as file:
-            data = json.load(file)
-            if not isinstance(data, dict):
-                logging.warning("Data is not in dict format, initializing empty database")
-                return {'users': {}}
-            data.setdefault('users', {})
-            # Initialize filesystem for any users loaded without one
-            for user_id, user_data in data['users'].items():
-                 initialize_user_filesystem(user_data)
-            logging.info("Data successfully loaded and initialized")
-            return data
-    except FileNotFoundError:
-        logging.warning(f"{DATA_FILE} not found, initializing empty database.")
-        return {'users': {}}
-    except json.JSONDecodeError:
-         logging.error(f"Error decoding JSON from {DATA_FILE}, initializing empty database.")
-         return {'users': {}}
-    except Exception as e:
-        logging.exception("Error loading data:")
-        return {'users': {}}
-
-def save_data(data):
-    try:
-        # It's safer to save to a temporary file first and then replace
-        temp_file = DATA_FILE + '.tmp'
-        with open(temp_file, 'w', encoding='utf-8') as file:
-            json.dump(data, file, ensure_ascii=False, indent=4)
-        os.replace(temp_file, DATA_FILE)
+         async function deleteFile(fileId, fileName) {
+            if (!confirm(`Вы уверены, что хотите удалить файл "${fileName}"?`)) {
+                return;
+            }
+             try {
+                 const data = await apiCall(`/delete_file/${fileId}`, 'POST', { current_folder_id: currentFolderId });
+                 if (data.status === 'ok') {
+                     showFlash(`Файл "${fileName}" удален.`);
+                     loadFolderContent(currentFolderId); // Refresh
+                 } else {
+                     showFlash(data.message || 'Не удалось удалить файл.', 'error');
+                 }
+             } catch (error) {
+                  // Error handled by apiCall
+             }
+        }
 
-        upload_db_to_hf()
-        cache.clear()
-        logging.info("Data saved and uploaded to HF")
-    except Exception as e:
-        logging.exception("Error saving data:")
-        raise
 
-def upload_db_to_hf():
-    if not HF_TOKEN_WRITE:
-        logging.warning("HF_TOKEN_WRITE not set, skipping database upload.")
-        return
-    try:
-        api = HfApi()
-        api.upload_file(
-            path_or_fileobj=DATA_FILE,
-            path_in_repo=DATA_FILE,
-            repo_id=REPO_ID,
-            repo_type="dataset",
-            token=HF_TOKEN_WRITE,
-            commit_message=f"Backup {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}"
-        )
-        logging.info("Database uploaded to Hugging Face")
-    except Exception as e:
-        logging.exception("Error uploading database:")
+        // --- File Upload ---
+        function handleFileUpload(event) {
+             event.preventDefault();
+             const files = fileInput.files;
+             if (files.length === 0) {
+                 showFlash('Выберите файлы для загрузки.', 'error');
+                 return;
+             }
+              if (files.length > 20) {
+                  showFlash('Максимум 20 файлов за раз!', 'error');
+                  return;
+              }
+
+             progressContainer.style.display = 'block';
+             progressBar.style.width = '0%';
+             progressText.textContent = '0%';
+             uploadBtn.disabled = true;
+             uploadBtn.textContent = 'Загрузка...';
+
+             const formData = new FormData();
+             for (let i = 0; i < files.length; i++) {
+                 formData.append('files', files[i]);
+             }
+             formData.append('current_folder_id', currentFolderId);
+             formData.append('initData', validatedInitData); // Add initData here
 
-def download_db_from_hf():
-    if not HF_TOKEN_READ and not HF_TOKEN_WRITE:
-        logging.warning("No HF_TOKENs set, skipping database download.")
-        if not os.path.exists(DATA_FILE):
-             with open(DATA_FILE, 'w', encoding='utf-8') as f:
-                 json.dump({'users': {}}, f)
-             logging.info(f"Created empty local database file: {DATA_FILE}")
-        return
-    try:
-        # Use HF_TOKEN_WRITE if READ token is not set, for flexibility
-        token_to_use = HF_TOKEN_READ if HF_TOKEN_READ else HF_TOKEN_WRITE
-        hf_hub_download(
-            repo_id=REPO_ID,
-            filename=DATA_FILE,
-            repo_type="dataset",
-            token=token_to_use,
-            local_dir=".",
-            local_dir_use_symlinks=False
-        )
-        logging.info("Database downloaded from Hugging Face")
-    except hf_utils.RepositoryNotFoundError:
-         logging.error(f"Repository {REPO_ID} not found.")
-         if not os.path.exists(DATA_FILE):
-             with open(DATA_FILE, 'w', encoding='utf-8') as f:
-                 json.dump({'users': {}}, f)
-             logging.info(f"Created empty local database file: {DATA_FILE}")
-    except hf_utils.EntryNotFoundError:
-        logging.warning(f"{DATA_FILE} not found in repository {REPO_ID}. Initializing empty database.")
-        if not os.path.exists(DATA_FILE):
-            with open(DATA_FILE, 'w', encoding='utf-8') as f:
-                json.dump({'users': {}}, f)
-            logging.info(f"Created empty local database file: {DATA_FILE}")
-    except Exception as e:
-        logging.exception("Error downloading database:")
-        if not os.path.exists(DATA_FILE):
-            with open(DATA_FILE, 'w', encoding='utf-8') as f:
-                json.dump({'users': {}}, f)
-            logging.info(f"Created empty local database file: {DATA_FILE}")
+             const xhr = new XMLHttpRequest();
 
+             xhr.upload.addEventListener('progress', function(event) {
+                 if (event.lengthComputable) {
+                     const percentComplete = Math.round((event.loaded / event.total) * 100);
+                     progressBar.style.width = percentComplete + '%';
+                     progressText.textContent = percentComplete + '%';
+                 }
+             });
+
+             xhr.addEventListener('load', function() {
+                 uploadBtn.disabled = false;
+                 uploadBtn.textContent = 'Загрузить файлы сюда';
+                 progressContainer.style.display = 'none';
+                 fileInput.value = ''; // Reset file input
+
+                 if (xhr.status >= 200 && xhr.status < 300) {
+                     try {
+                         const data = JSON.parse(xhr.responseText);
+                         if (data.status === 'ok') {
+                              showFlash(data.message || `${files.length} файл(ов) загружено.`);
+                              loadFolderContent(currentFolderId); // Refresh
+                         } else {
+                              showFlash(data.message || 'Ошибка при обработке загрузки на сервере.', 'error');
+                         }
+                     } catch (e) {
+                         showFlash('Некорректный ответ от сервера после загрузки.', 'error');
+                     }
+                 } else {
+                      showFlash(`Ошибка загрузки: ${xhr.statusText || xhr.status}`, 'error');
+                 }
+             });
+
+             xhr.addEventListener('error', function() {
+                 showFlash('Ошибка сети во время загрузки.', 'error');
+                 uploadBtn.disabled = false;
+                 uploadBtn.textContent = 'Загрузить файлы сюда';
+                 progressContainer.style.display = 'none';
+             });
+
+             xhr.addEventListener('abort', function() {
+                 showFlash('Загрузка отменена.', 'error');
+                 uploadBtn.disabled = false;
+                 uploadBtn.textContent = 'Загрузить файлы сюда';
+                 progressContainer.style.display = 'none';
+             });
+
+             xhr.open('POST', '/upload', true);
+             // Do not set Content-Type, browser will set it correctly for FormData
+             xhr.send(formData);
+        }
 
-def periodic_backup():
-    if not HF_TOKEN_WRITE:
-         logging.warning("Periodic backup disabled: HF_TOKEN_WRITE not set.")
-         return
-    while True:
-        time.sleep(1800) # 30 minutes
-        try:
-            save_data(load_data()) # Ensure we save the latest state
-        except Exception as e:
-            logging.error(f"Periodic backup failed: {e}")
 
+        // --- Initialization ---
+        function initializeApp() {
+            tg.ready();
+            tg.expand();
+            // Set background color based on theme
+            document.body.style.backgroundColor = tg.themeParams.bg_color || '#ffffff';
+            tg.setHeaderColor(tg.themeParams.secondary_bg_color || '#f1f1f1');
 
-def get_file_type(filename):
-    filename_lower = filename.lower()
-    if filename_lower.endswith(('.mp4', '.mov', '.avi', '.webm', '.mkv')):
-        return 'video'
-    elif filename_lower.endswith(('.jpg', '.jpeg', '.png', '.gif', '.bmp', '.webp', '.svg')):
-        return 'image'
-    elif filename_lower.endswith('.pdf'):
-        return 'pdf'
-    elif filename_lower.endswith('.txt'):
-        return 'text'
-    return 'other'
+            if (!tg.initData) {
+                 showError("Ошибка: Не удалось получить данные авторизации Telegram (initData). Попробуйте перезапустить Mini App.");
+                 return;
+            }
+            validatedInitData = tg.initData; // Store raw initData
+
+             // Validate initData with backend
+             fetch('/validate_init_data', {
+                 method: 'POST',
+                 headers: { 'Content-Type': 'application/json' },
+                 body: JSON.stringify({ initData: validatedInitData })
+             })
+             .then(response => response.json())
+             .then(data => {
+                 if (data.status === 'ok' && data.user) {
+                     currentUser = data.user;
+                     userInfoHeaderEl.textContent = `Пользователь: ${currentUser.first_name || ''} ${currentUser.last_name || ''} (@${currentUser.username || currentUser.id})`;
+                     showAppContent();
+                     loadFolderContent('root'); // Load root folder initially
+                 } else {
+                     throw new Error(data.message || 'Не удалось верифицировать пользователя.');
+                 }
+             })
+             .catch(error => {
+                 console.error("Validation failed:", error);
+                 showError(`Ошибка авторизации: ${error.message}. Попробуйте перезапустить.`);
+                 validatedInitData = null; // Invalidate data on error
+             });
+
+            // Add event listeners
+            uploadForm.addEventListener('submit', handleFileUpload);
+            createFolderBtn.addEventListener('click', handleCreateFolder);
+
+            // Handle back button (optional, can conflict with folder navigation)
+            // tg.BackButton.onClick(() => {
+            //     // Implement back navigation logic if needed, e.g., go to parent folder
+            //     console.log("Back button clicked");
+            // });
+            // if (currentFolderId !== 'root') {
+            //     tg.BackButton.show();
+            // } else {
+            //     tg.BackButton.hide();
+            // }
+        }
 
-def get_user_data(user_id):
-    data = load_data()
-    user_id_str = str(user_id) # Ensure ID is string key
-    return data['users'].get(user_id_str)
-
-def save_user_data(user_id, user_data):
-    data = load_data()
-    user_id_str = str(user_id)
-    data['users'][user_id_str] = user_data
-    save_data(data)
-
-def get_current_user():
-    user_id = session.get('user_id')
-    if user_id:
-        return get_user_data(user_id)
-    return None
-
-def requires_auth(f):
-    from functools import wraps
-    @wraps(f)
-    def decorated(*args, **kwargs):
-        if 'user_id' not in session:
-            # For Mini App, return JSON error or specific response
-            # For traditional web, redirect to login
-            # Since this is a single-file Mini App, we assume JSON API calls
-            return jsonify({"status": "error", "message": "Authentication required"}), 401
-        return f(*args, **kwargs)
-    return decorated
+        // --- Start the App ---
+        initializeApp();
 
-@app.route('/')
-def index():
-    current_folder_id = request.args.get('folder_id', 'root')
-    # Pass dummy folder ID to template for initial JS load
-    return Response(render_template_string(HTML_TEMPLATE, current_folder_id=current_folder_id, REPO_ID=REPO_ID, HF_TOKEN_READ=HF_TOKEN_READ), mimetype='text/html')
+    </script>
+</body>
+</html>
+"""
 
 
-@app.route('/validate', methods=['POST'])
-def validate_data():
-    if BOT_TOKEN == 'YOUR_BOT_TOKEN':
-         logging.warning("Using placeholder BOT_TOKEN. Validation will fail.")
-         # Decide whether to allow bypassing for testing or return error
-         # For security, better return error in production if token is default
-         # return jsonify({"status": "error", "message": "Server configuration error: BOT_TOKEN not set"}), 500
-         # Allowing bypass for local testing:
-         # if request.remote_addr in ['127.0.0.1', '::1']:
-         #      dummy_user = {"id": 123, "first_name": "Тестовый", "last_name": "Пользователь", "username": "test_user", "language_code": "ru", "is_premium": False}
-         #      session['user_id'] = dummy_user['id']
-         #      session['user_data'] = dummy_user # Store basic data in session
-         #      data = load_data()
-         #      if str(dummy_user['id']) not in data['users']:
-         #          data['users'][str(dummy_user['id'])] = {**dummy_user, 'created_at': datetime.now().strftime('%Y-%m-%d %H:%M:%S'), 'filesystem': {"type": "folder", "id": "root", "name": "root", "children": []}}
-         #          save_data(data)
-         #      return jsonify({"status": "ok", "user": dummy_user})
-         # else:
-         return jsonify({"status": "error", "message": "BOT_TOKEN не настроен на сервере"}), 500
+# --- Flask Routes ---
 
+@app.route('/')
+def index():
+    """ Serves the main Mini App HTML shell. """
+    return Response(HTML_TEMPLATE, mimetype='text/html')
 
+@app.route('/validate_init_data', methods=['POST'])
+def validate_init_data():
+    """ Validates Telegram initData and ensures user exists in DB. """
     data = request.get_json()
     if not data or 'initData' not in data:
-        return jsonify({"status": "error", "message": "Missing initData in request"}), 400
-
-    init_data_string = data['initData']
-    validated_user_data = check_telegram_authorization(init_data_string, BOT_TOKEN)
+        return jsonify({"status": "error", "message": "Missing initData"}), 400
 
-    if validated_user_data:
-        user_id = validated_user_data['id']
-        session['user_id'] = user_id # Use Telegram user ID as primary session key
-        session['user_data'] = validated_user_data # Store the validated user data
+    init_data = data['initData']
+    user_info = check_telegram_authorization(init_data, BOT_TOKEN)
 
-        # Load/create user in database
+    if user_info and 'id' in user_info:
+        tg_user_id = str(user_info['id'])
         db_data = load_data()
-        user_id_str = str(user_id)
-        if user_id_str not in db_data['users']:
-            db_data['users'][user_id_str] = {
-                **validated_user_data, # Save all Telegram data
-                'created_at': datetime.now().strftime('%Y-%m-%d %H:%M:%S'),
-                'filesystem': {"type": "folder", "id": "root", "name": "root", "children": []}
-            }
-            logging.info(f"New user registered: {user_id}")
-        else:
-             # Optionally update user data (username, photo_url etc.) on subsequent logins
-             db_data['users'][user_id_str].update(validated_user_data)
-             logging.info(f"User {user_id} logged in.")
+        users = db_data.setdefault('users', {})
 
+        if tg_user_id not in users:
+            logging.info(f"New user detected: {tg_user_id}. Initializing filesystem.")
+            users[tg_user_id] = {
+                'user_info': user_info, # Store basic TG info
+                'created_at': datetime.now().strftime('%Y-%m-%d %H:%M:%S')
+            }
+            initialize_user_filesystem(users[tg_user_id])
+            try:
+                save_data(db_data) # Save immediately for new user
+            except Exception as e:
+                 logging.error(f"Failed to save data for new user {tg_user_id}: {e}")
+                 # Allow login but maybe show warning later? Or deny login?
+                 return jsonify({"status": "error", "message": "Ошибка сохранения данных нового пользователя."}), 500
+        elif 'user_info' not in users[tg_user_id]: # Update user info if missing
+            users[tg_user_id]['user_info'] = user_info
+            try:
+                save_data(db_data)
+            except Exception as e:
+                logging.warning(f"Failed to update user_info for {tg_user_id}: {e}")
 
-        # Ensure filesystem is initialized (backward compatibility)
-        initialize_user_filesystem(db_data['users'][user_id_str])
+        # Ensure filesystem is initialized for existing users too (backward compatibility)
+        if 'filesystem' not in users[tg_user_id]:
+             initialize_user_filesystem(users[tg_user_id])
+             try:
+                 save_data(db_data)
+             except Exception as e:
+                 logging.warning(f"Failed to initialize filesystem for existing user {tg_user_id}: {e}")
 
-        try:
-            save_data(db_data)
-        except Exception as e:
-             logging.error(f"Error saving user data {user_id} after validation: {e}")
-             # Continue anyway, but log error
 
-        return jsonify({"status": "ok", "user": validated_user_data})
+        return jsonify({"status": "ok", "user": user_info})
     else:
-        session.pop('user_id', None)
-        session.pop('user_data', None)
-        return jsonify({"status": "error", "message": "Invalid Telegram authorization data"}), 403 # 403 Forbidden
-
-@app.route('/dashboard', methods=['GET', 'POST'])
-@requires_auth
-def dashboard():
-    user_id = session['user_id']
+        logging.warning(f"Validation failed for initData: {init_data[:100]}...")
+        return jsonify({"status": "error", "message": "Недействительные данные авторизации."}), 403
+
+
+@app.route('/get_dashboard_data', methods=['POST'])
+def get_dashboard_data():
+    """ Returns folder content and breadcrumbs for the validated user. """
+    data = request.get_json()
+    if not data or 'initData' not in data or 'folder_id' not in data:
+        return jsonify({"status": "error", "message": "Неполный запрос"}), 400
+
+    user_info = check_telegram_authorization(data['initData'], BOT_TOKEN)
+    if not user_info or 'id' not in user_info:
+        return jsonify({"status": "error", "message": "Не авторизован"}), 403
+
+    tg_user_id = str(user_info['id'])
+    folder_id = data['folder_id']
     db_data = load_data()
-    user_data = db_data['users'].get(str(user_id))
+    user_data = db_data.get('users', {}).get(tg_user_id)
 
     if not user_data or 'filesystem' not in user_data:
-         # This should not happen if validate worked, but as a fallback
-         logging.error(f"User data or filesystem missing for validated user ID: {user_id}")
-         session.pop('user_id', None)
-         session.pop('user_data', None)
-         return jsonify({"status": "error", "message": "Internal server error: User data corrupted."}), 500
+         logging.error(f"User data or filesystem missing for validated user {tg_user_id}")
+         return jsonify({"status": "error", "message": "Ошибка данных пользователя"}), 500
+
+    current_folder, _ = find_node_by_id(user_data['filesystem'], folder_id)
+
+    if not current_folder or current_folder.get('type') != 'folder':
+        logging.warning(f"Folder {folder_id} not found for user {tg_user_id}. Defaulting to root.")
+        folder_id = 'root' # Default to root if invalid folder requested
+        current_folder, _ = find_node_by_id(user_data['filesystem'], folder_id)
+        if not current_folder: # Should not happen if root always exists
+             logging.error(f"CRITICAL: Root folder not found for user {tg_user_id}")
+             return jsonify({"status": "error", "message": "Критическая ошибка: Корневая папка отсутствует"}), 500
+
+    items_in_folder = current_folder.get('children', [])
+    breadcrumbs = get_node_path_list(user_data['filesystem'], folder_id)
+
+    # Prepare data for JSON (avoid sending huge structures if possible)
+    current_folder_info = {
+        'id': current_folder.get('id'),
+        'name': current_folder.get('name', 'Root')
+    }
 
+    return jsonify({
+        "status": "ok",
+        "items": items_in_folder,
+        "breadcrumbs": breadcrumbs,
+        "current_folder": current_folder_info
+    })
 
-    if request.method == 'POST':
-        if not HF_TOKEN_WRITE:
-             return jsonify({"status": "error", "message": "Загрузка невозможна: токен для записи не настроен."}), 503
 
-        files = request.files.getlist('files')
-        target_folder_id = request.form.get('current_folder_id', 'root')
+@app.route('/upload', methods=['POST'])
+def upload_files():
+    """ Handles file uploads for the validated user. """
+    init_data = request.form.get('initData')
+    current_folder_id = request.form.get('current_folder_id', 'root')
+    files = request.files.getlist('files')
 
-        if not files or all(not f.filename for f in files):
-             return jsonify({"status": "error", "message": "Файлы для загрузки не выбраны."}), 400
+    user_info = check_telegram_authorization(init_data, BOT_TOKEN)
+    if not user_info or 'id' not in user_info:
+        return jsonify({"status": "error", "message": "Не авторизован"}), 403
 
-        if len(files) > 20:
-            return jsonify({"status": "error", "message": "Максимум 20 файлов за раз!"}), 400
+    tg_user_id = str(user_info['id'])
 
-        target_folder_node, _ = find_node_by_id(user_data['filesystem'], target_folder_id)
+    if not HF_TOKEN_WRITE:
+        return jsonify({'status': 'error', 'message': 'Загрузка невозможна: токен HF не настроен.'}), 500
 
-        if not target_folder_node or target_folder_node.get('type') != 'folder':
-             logging.error(f"Upload failed: Target folder {target_folder_id} not found for user {user_id}")
-             return jsonify({"status": "error", "message": "Целевая папка для загрузки не найдена!"}), 404
+    if not files or all(not f.filename for f in files):
+        return jsonify({'status': 'error', 'message': 'Файлы для загрузки не выбраны.'}), 400
 
-        api = HfApi()
-        uploaded_count = 0
-        errors = []
-        uploaded_file_paths = [] # Track successful HF uploads for cleanup if DB save fails
-
-        for file in files:
-            if file and file.filename:
-                original_filename = secure_filename(file.filename)
-                # Create a unique filename for HF Hub storage using Telegram user ID and UUID
-                name_part, ext_part = os.path.splitext(original_filename)
-                unique_suffix = uuid.uuid4().hex[:8]
-                unique_filename = f"{name_part}_{unique_suffix}{ext_part}"
-                file_id = uuid.uuid4().hex # Unique ID for database node
-
-                # Use user ID in HF path for robustness
-                hf_path = f"cloud_files/{user_id}/{target_folder_id}/{unique_filename}"
-                temp_path = os.path.join(UPLOAD_FOLDER, f"{file_id}_{unique_filename}")
+    if len(files) > 20:
+         return jsonify({'status': 'error', 'message': 'Максимум 20 файлов за раз!'}), 400
 
-                try:
-                    file.save(temp_path)
-
-                    api.upload_file(
-                        path_or_fileobj=temp_path,
-                        path_in_repo=hf_path,
-                        repo_id=REPO_ID,
-                        repo_type="dataset",
-                        token=HF_TOKEN_WRITE,
-                        commit_message=f"User {user_id} uploaded {original_filename} to folder {target_folder_id}"
-                    )
-                    uploaded_file_paths.append(hf_path) # Add to cleanup list if DB fails
-
-                    file_info = {
-                        'type': 'file',
-                        'id': file_id,
-                        'original_filename': original_filename,
-                        'unique_filename': unique_filename,
-                        'path': hf_path, # Store full HF path
-                        'file_type': get_file_type(original_filename),
-                        'upload_date': datetime.now().strftime('%Y-%m-%d %H:%M:%S')
-                    }
+    db_data = load_data()
+    user_data = db_data.get('users', {}).get(tg_user_id)
+    if not user_data or 'filesystem' not in user_data:
+         return jsonify({"status": "error", "message": "Ошибка данных пользователя"}), 500
+
+    target_folder_node, _ = find_node_by_id(user_data['filesystem'], current_folder_id)
+    if not target_folder_node or target_folder_node.get('type') != 'folder':
+         return jsonify({'status': 'error', 'message': 'Целевая папка не найдена!'}), 404
+
+    api = HfApi()
+    uploaded_count = 0
+    errors = []
+    needs_save = False
+
+    for file in files:
+        if file and file.filename:
+            original_filename = secure_filename(file.filename)
+            name_part, ext_part = os.path.splitext(original_filename)
+            unique_suffix = uuid.uuid4().hex[:8]
+            unique_filename = f"{name_part}_{unique_suffix}{ext_part}"
+            file_id = uuid.uuid4().hex
+
+            # Use TG User ID in the path
+            hf_path = f"cloud_files/{tg_user_id}/{current_folder_id}/{unique_filename}"
+            temp_path = os.path.join(UPLOAD_FOLDER, f"{file_id}_{unique_filename}")
 
-                    if add_node(user_data['filesystem'], target_folder_id, file_info):
-                        uploaded_count += 1
-                    else:
-                        errors.append(f"Ошибка добавления метаданных для {original_filename}.")
-                        logging.error(f"Failed to add node metadata for file {file_id} to folder {target_folder_id} for user {user_id}. HF Path: {hf_path}")
-                        # Don't delete from HF here, cleanup after save_data attempt
-
-                except Exception as e:
-                    logging.exception(f"Error uploading file {original_filename} for {user_id} to HF Path {hf_path}:")
-                    errors.append(f"Ошибка загрузки файла {original_filename}: {e}")
-                finally:
-                    if os.path.exists(temp_path):
-                        os.remove(temp_path)
-
-        # Attempt to save data after all files processed
-        if uploaded_count > 0 or errors: # Only save if something was attempted
             try:
-                save_data(db_data)
-                logging.info(f"{uploaded_count} files uploaded, DB updated for user {user_id}")
+                file.save(temp_path)
+                api.upload_file(
+                    path_or_fileobj=temp_path, path_in_repo=hf_path,
+                    repo_id=REPO_ID, repo_type="dataset", token=HF_TOKEN_WRITE,
+                    commit_message=f"User {tg_user_id} uploaded {original_filename} to {current_folder_id}"
+                )
+
+                file_info = {
+                    'type': 'file', 'id': file_id,
+                    'original_filename': original_filename, 'unique_filename': unique_filename,
+                    'path': hf_path, 'file_type': get_file_type(original_filename),
+                    'upload_date': datetime.now().strftime('%Y-%m-%d %H:%M:%S')
+                }
+
+                if add_node(user_data['filesystem'], current_folder_id, file_info):
+                    uploaded_count += 1
+                    needs_save = True
+                else:
+                    # This case (add_node failing after folder check) should be rare
+                    errors.append(f"Ошибка добавления метаданных для {original_filename}.")
+                    logging.error(f"Failed add_node for {file_id} to {current_folder_id} for {tg_user_id}")
+                    try: # Attempt to clean up orphaned HF file
+                         api.delete_file(path_in_repo=hf_path, repo_id=REPO_ID, repo_type="dataset", token=HF_TOKEN_WRITE)
+                    except Exception as del_err:
+                         logging.error(f"Failed deleting orphaned HF file {hf_path}: {del_err}")
+
             except Exception as e:
-                 logging.exception(f"Error saving data after upload for user {user_id}:")
-                 save_error_message = 'Файлы загружены на сервер, но произошла ошибка сохранения метаданных.'
-                 errors.append(save_error_message)
-                 # Attempt to clean up uploaded files from HF if DB save failed critically
-                 logging.warning(f"Attempting to clean up {len(uploaded_file_paths)} files from HF due to DB save error.")
-                 for path_to_clean in uploaded_file_paths:
-                     try:
-                          api.delete_file(path_in_repo=path_to_clean, repo_id=REPO_ID, repo_type="dataset", token=HF_TOKEN_WRITE)
-                          logging.info(f"Cleaned up file {path_to_clean} from HF.")
-                     except Exception as clean_err:
-                          logging.error(f"Failed to clean up file {path_to_clean} from HF after DB error: {clean_err}")
-                 # If DB save failed, the metadata might be lost. The files on HF might be orphaned
-                 # or some metadata might be partially added. Manual cleanup might be needed.
-
-        response_message = f'{uploaded_count} файл(ов) успешно загружено!' if uploaded_count > 0 else 'Файлы для загрузки не выбраны или произошли ошибки.'
-        if errors:
-            response_message += " Ошибки: " + "; ".join(errors)
-
-        return jsonify({"status": "ok" if not errors else "error", "message": response_message})
-
-
-    else: # GET request for dashboard
-        current_folder_id = request.args.get('folder_id', 'root')
-        current_folder, parent_folder = find_node_by_id(user_data['filesystem'], current_folder_id)
-
-        if not current_folder or current_folder.get('type') != 'folder':
-            logging.warning(f"Folder ID {current_folder_id} not found or not a folder for user {user_id}. Redirecting to root.")
-            current_folder_id = 'root'
-            current_folder, parent_folder = find_node_by_id(user_data['filesystem'], current_folder_id)
-            if not current_folder:
-                 logging.error(f"CRITICAL: Root folder not found for user {user_id}")
-                 session.pop('user_id', None)
-                 session.pop('user_data', None)
-                 return jsonify({"status": "error", "message": "Internal server error: Root folder not found."}), 500
-
-
-        items_in_folder = sorted(current_folder.get('children', []), key=lambda x: (x['type'] != 'folder', x.get('name', x.get('original_filename', '')).lower()))
-
-        breadcrumbs_list = get_node_path(user_data['filesystem'], current_folder_id)
-
-        # This GET endpoint now returns JSON data for the JS to render
-        return jsonify({
-            "status": "ok",
-            "current_folder_id": current_folder_id,
-            "current_folder_name": current_folder.get('name', 'root'),
-            "items": items_in_folder,
-            "breadcrumbs": breadcrumbs_list,
-            # Do NOT send user_data here, it's already sent during validate and stored in JS
-        })
+                logging.error(f"Upload error for {original_filename} ({tg_user_id}): {e}")
+                errors.append(f"Ошибка загрузки {original_filename}: {e}")
+            finally:
+                if os.path.exists(temp_path):
+                    try: os.remove(temp_path)
+                    except OSError as e: logging.error(f"Error removing temp file {temp_path}: {e}")
+
+    if needs_save:
+        try:
+            save_data(db_data)
+        except Exception as e:
+             logging.error(f"Error saving DB after upload for {tg_user_id}: {e}")
+             errors.append("Ошибка сохранения метаданных после загрузки.")
+
+    final_message = f"{uploaded_count} файл(ов) загружено."
+    if errors:
+        final_message += " Ошибки: " + "; ".join(errors)
+
+    return jsonify({
+        "status": "ok" if not errors else "error", # Consider status based on errors
+        "message": final_message
+    })
 
 
 @app.route('/create_folder', methods=['POST'])
-@requires_auth
 def create_folder():
-    user_id = session['user_id']
-    db_data = load_data()
-    user_data = db_data['users'].get(str(user_id))
+    """ Creates a new folder for the validated user. """
+    data = request.get_json()
+    if not data or 'initData' not in data or 'parent_folder_id' not in data or 'folder_name' not in data:
+         return jsonify({"status": "error", "message": "Неполный запрос"}), 400
 
-    if not user_data or 'filesystem' not in user_data:
-         logging.error(f"User data or filesystem missing during create_folder for user ID: {user_id}")
-         session.pop('user_id', None)
-         session.pop('user_data', None)
-         return jsonify({"status": "error", "message": "Internal server error."}), 500
+    user_info = check_telegram_authorization(data['initData'], BOT_TOKEN)
+    if not user_info or 'id' not in user_info:
+        return jsonify({"status": "error", "message": "Не авторизован"}), 403
 
-    parent_folder_id = request.form.get('parent_folder_id', 'root')
-    folder_name = request.form.get('folder_name', '').strip()
+    tg_user_id = str(user_info['id'])
+    parent_folder_id = data['parent_folder_id']
+    folder_name = data['folder_name'].strip()
 
     if not folder_name:
-        return jsonify({"status": "error", "message": "Имя папки не может быть пустым!"}), 400
-
-    # Basic validation for folder name characters
-    if not /^[a-zA-Z0-9 _.-]+$/.test(folder_name):
-         return jsonify({"status": "error", "message": "Имя папки может содержать буквы, цифры, пробелы, тире и точки."}), 400
+        return jsonify({'status': 'error', 'message': 'Имя папки не может быть пустым!'}), 400
+    if not folder_name.replace(' ', '').replace('-', '').replace('_', '').isalnum():
+        return jsonify({'status': 'error', 'message': 'Имя папки содержит недопустимые символы.'}), 400
 
+    db_data = load_data()
+    user_data = db_data.get('users', {}).get(tg_user_id)
+    if not user_data or 'filesystem' not in user_data:
+         return jsonify({"status": "error", "message": "Ошибка данных пользователя"}), 500
 
     folder_id = uuid.uuid4().hex
     folder_data = {
-        'type': 'folder',
-        'id': folder_id,
-        'name': folder_name,
-        'children': []
+        'type': 'folder', 'id': folder_id,
+        'name': folder_name, 'children': []
     }
 
     if add_node(user_data['filesystem'], parent_folder_id, folder_data):
         try:
             save_data(db_data)
-            return jsonify({"status": "ok", "message": f'Папка "{folder_name}" успешно создана.', "folder_id": folder_id, "parent_folder_id": parent_folder_id})
+            return jsonify({'status': 'ok', 'message': f'Папка "{folder_name}" создана.'})
         except Exception as e:
-            logging.exception(f"Error saving data after creating folder for user {user_id}:")
-            return jsonify({"status": "error", "message": "Ошибка сохранения данных при создании папки."}), 500
+            logging.error(f"Create folder save error ({tg_user_id}): {e}")
+            # Attempt to remove node if save failed? Complex recovery.
+            return jsonify({'status': 'error', 'message': 'Ошибка сохранения данных.'}), 500
     else:
-        return jsonify({"status": "error", "message": "Не удалось найти родительскую папку."}), 404
+        # Could fail if parent_folder_id is invalid or already contains that ID (UUID collision unlikely)
+        return jsonify({'status': 'error', 'message': 'Не удалось найти родительскую папку или добавить узел.'}), 400
 
 
 @app.route('/download/<file_id>')
-@requires_auth
-def download_file(file_id):
-    user_id = session['user_id']
-    db_data = load_data()
-    user_data = db_data['users'].get(str(user_id))
-
-    if not user_data or 'filesystem' not in user_data:
-         logging.error(f"User data or filesystem missing during download_file for user ID: {user_id}")
-         # Cannot return JSON here, this is a direct download route
-         flash('Internal server error: User data corrupted.', 'error')
-         return redirect(url_for('index'))
-
-
-    file_node, _ = find_node_by_id(user_data['filesystem'], file_id)
-
-    if not file_node or file_node.get('type') != 'file':
-         flash('Файл не найден!', 'error')
-         # Attempt to redirect back to the folder user was viewing
-         current_view_folder_id = request.args.get('current_view_folder_id', 'root')
-         return redirect(url_for('index', folder_id=current_view_folder_id)) # Redirect to index to reload Mini App
-
+def download_file_route(file_id):
+    """ Serves the file for download. NO AUTH HERE - relies on unguessable ID and/or public repo. """
+    # Security Note: This route currently lacks explicit auth per request.
+    # Assumes file_id is hard to guess. For private repos, access depends
+    # solely on HF_TOKEN_READ being correctly configured and the repo permissions.
+    # A more secure approach would involve validating initData or a temporary token first.
+
+    db_data = load_data() # Load data to find file path
+    file_node = None
+    owner_user_id = None
+
+    # Search across all users (less efficient, but needed without user context)
+    for user_id, user_data in db_data.get('users', {}).items():
+         if 'filesystem' in user_data:
+             node, _ = find_node_by_id(user_data['filesystem'], file_id)
+             if node and node.get('type') == 'file':
+                 file_node = node
+                 owner_user_id = user_id
+                 break
+
+    if not file_node:
+         return Response("Файл не найден", status=404)
 
     hf_path = file_node.get('path')
-    original_filename = file_node.get('original_filename', 'downloaded_file')
+    original_filename = file_node.get('original_filename', f'{file_id}_download')
 
     if not hf_path:
-        flash('Ошибка: Путь к файлу не найден в метаданных.', 'error')
-        return redirect(url_for('index', folder_id=request.args.get('current_view_folder_id', 'root'))) # Redirect back
+        logging.error(f"Missing HF path for file ID {file_id} (owner: {owner_user_id})")
+        return Response("Ошибка: Путь к файлу не найден", status=500)
 
-
-    file_url = f"https://huggingface.co/datasets/{REPO_ID}/resolve/main/{hf_path}"
+    file_url = f"https://huggingface.co/datasets/{REPO_ID}/resolve/main/{hf_path}?download=true"
 
     try:
         headers = {}
-        # Pass token if available for private repos, although resolve often works without it in headers
         if HF_TOKEN_READ:
             headers["authorization"] = f"Bearer {HF_TOKEN_READ}"
 
-        # Stream the response to avoid loading large files into memory
-        response = requests.get(file_url, headers=headers, stream=True)
-        response.raise_for_status()
+        # Use stream=True for potentially large files
+        response = requests.get(file_url, headers=headers, stream=True, timeout=30) # 30 sec timeout
+        response.raise_for_status() # Check for 4xx/5xx errors
 
-        # Use Flask's send_file from a stream
+        # Stream the response
         return Response(response.iter_content(chunk_size=8192),
-                        headers={
-                            'Content-Disposition': f'attachment; filename="{original_filename}"',
-                            'Content-Type': response.headers.get('Content-Type', 'application/octet-stream')
-                        })
+                        mimetype=response.headers.get('Content-Type', 'application/octet-stream'),
+                        headers={"Content-Disposition": f"attachment; filename=\"{original_filename}\""})
 
     except requests.exceptions.RequestException as e:
-        logging.exception(f"Error downloading file from HF ({hf_path}) for user {user_id}:")
-        flash(f'Ошибка скачивания файла {original_filename}: {e}', 'error')
-        return redirect(url_for('index', folder_id=request.args.get('current_view_folder_id', 'root'))) # Redirect back
+        logging.error(f"Error downloading file from HF ({hf_path}, owner: {owner_user_id}): {e}")
+        status_code = e.response.status_code if e.response is not None else 502
+        return Response(f"Ошибка скачивания файла ({status_code})", status=status_code)
     except Exception as e:
-        logging.exception(f"Unexpected error during download ({hf_path}) for user {user_id}:")
-        flash('Произошла непредвиденная ошибка при скачивании файла.', 'error')
-        return redirect(url_for('index', folder_id=request.args.get('current_view_folder_id', 'root'))) # Redirect back
+        logging.error(f"Unexpected error during download ({hf_path}, owner: {owner_user_id}): {e}")
+        return Response("Внутренняя ошибка сервера при скачивании", status=500)
 
 
 @app.route('/delete_file/<file_id>', methods=['POST'])
-@requires_auth
-def delete_file(file_id):
-    user_id = session['user_id']
-    db_data = load_data()
-    user_data = db_data['users'].get(str(user_id))
+def delete_file_route(file_id):
+    """ Deletes a file for the validated user. """
+    data = request.get_json()
+    if not data or 'initData' not in data or 'current_folder_id' not in data: # current_folder_id used for context/logging
+        return jsonify({"status": "error", "message": "Неполный запрос"}), 400
 
-    if not user_data or 'filesystem' not in user_data:
-         logging.error(f"User data or filesystem missing during delete_file for user ID: {user_id}")
-         session.pop('user_id', None)
-         session.pop('user_data', None)
-         return jsonify({"status": "error", "message": "Internal server error."}), 500
+    user_info = check_telegram_authorization(data['initData'], BOT_TOKEN)
+    if not user_info or 'id' not in user_info:
+        return jsonify({"status": "error", "message": "Не авторизован"}), 403
 
+    tg_user_id = str(user_info['id'])
 
-    file_node, parent_node = find_node_by_id(user_data['filesystem'], file_id)
-    # current_view_folder_id is sent in JSON body now
-    request_data = request.get_json()
-    current_view_folder_id = request_data.get('current_view_folder_id', 'root')
+    if not HF_TOKEN_WRITE:
+        return jsonify({'status': 'error', 'message': 'Удаление невозможно: токен HF не настроен.'}), 500
+
+    db_data = load_data()
+    user_data = db_data.get('users', {}).get(tg_user_id)
+    if not user_data or 'filesystem' not in user_data:
+        return jsonify({"status": "error", "message": "Ошибка данных пользователя"}), 500
 
+    file_node, parent_node = find_node_by_id(user_data['filesystem'], file_id)
 
     if not file_node or file_node.get('type') != 'file' or not parent_node:
-        return jsonify({"status": "error", "message": "Файл не найден или не может быть удален."}), 404
+        return jsonify({'status': 'error', 'message': 'Файл не найден или не может быть удален.'}), 404
 
     hf_path = file_node.get('path')
     original_filename = file_node.get('original_filename', 'файл')
+    needs_save = False
 
-    if not hf_path:
-        logging.warning(f"File {original_filename} (ID: {file_id}) for user {user_id} has no HF path. Removing from DB only.")
-        if remove_node(user_data['filesystem'], file_id):
-            try:
-                save_data(db_data)
-                return jsonify({"status": "ok", "message": f'Метаданные файла "{original_filename}" удалены (путь отсутствовал).'})
-            except Exception as e:
-                logging.exception(f"Error saving data after deleting metadata (no path) for user {user_id}:")
-                return jsonify({"status": "error", "message": "Ошибка сохранения данных после удаления метаданных."}), 500
-        else:
-             logging.error(f"Failed to remove file node {file_id} (no path) from DB for user {user_id}.")
-             return jsonify({"status": "error", "message": "Ошибка удаления метаданных файла из базы данных."}), 500
+    # Attempt HF deletion first (if path exists)
+    if hf_path:
+        try:
+            api = HfApi()
+            api.delete_file(
+                path_in_repo=hf_path, repo_id=REPO_ID, repo_type="dataset", token=HF_TOKEN_WRITE,
+                commit_message=f"User {tg_user_id} deleted {original_filename}"
+            )
+            logging.info(f"Deleted file {hf_path} from HF Hub for user {tg_user_id}")
+        except hf_utils.EntryNotFoundError:
+            logging.warning(f"File {hf_path} not found on HF Hub for delete attempt ({tg_user_id}).")
+            # Continue to remove from DB anyway
+        except Exception as e:
+            logging.error(f"Error deleting file from HF Hub ({hf_path}, {tg_user_id}): {e}")
+            return jsonify({'status': 'error', 'message': f'Ошибка удаления файла с сервера: {e}'}), 500
 
+    # Remove from DB structure
+    if remove_node(user_data['filesystem'], file_id):
+        needs_save = True
+        logging.info(f"Removed file node {file_id} from DB for user {tg_user_id}")
+    else:
+        # This would be strange if find_node_by_id succeeded earlier
+        logging.error(f"Failed to remove file node {file_id} from DB structure for {tg_user_id} after HF delete.")
+        # Potentially inconsistent state, but proceed.
 
-    if not HF_TOKEN_WRITE:
-         return jsonify({"status": "error", "message": "Удаление невозможно: токен для записи не настроен."}), 503
+    if needs_save:
+        try:
+            save_data(db_data)
+            return jsonify({'status': 'ok', 'message': f'Файл {original_filename} удален.'})
+        except Exception as e:
+            logging.error(f"Delete file DB save error ({tg_user_id}): {e}")
+            return jsonify({'status': 'error', 'message': 'Файл удален с сервера, но ошибка сохранения базы данных.'}), 500
+    else:
+        # If HF path was missing and remove_node failed (e.g., file not found initially)
+         return jsonify({'status': 'error', 'message': 'Файл не найден в базе данных для удаления.'}), 404
 
-    try:
-        api = HfApi()
-        api.delete_file(
-            path_in_repo=hf_path,
-            repo_id=REPO_ID,
-            repo_type="dataset",
-            token=HF_TOKEN_WRITE,
-            commit_message=f"User {user_id} deleted file {original_filename} (ID: {file_id})"
-        )
-        logging.info(f"Deleted file {hf_path} from HF Hub for user {user_id}")
 
-        if remove_node(user_data['filesystem'], file_id):
-            try:
-                save_data(db_data)
-                return jsonify({"status": "ok", "message": f'Файл "{original_filename}" успешно удален!'})
-            except Exception as e:
-                logging.exception(f"Error saving data after deleting file from HF for user {user_id}:")
-                return jsonify({"status": "error", "message": "Файл удален с сервера, но произошла ошибка обновления базы данных."}), 500
-        else:
-             logging.error(f"Failed to remove file node {file_id} from DB for user {user_id} after HF deletion.")
-             return jsonify({"status": "error", "message": "Файл удален с сервера, но не найден в базе данных для удаления."}), 500
 
+@app.route('/delete_folder/<folder_id>', methods=['POST'])
+def delete_folder_route(folder_id):
+    """ Deletes an empty folder for the validated user. """
+    if folder_id == 'root':
+         return jsonify({'status': 'error', 'message': 'Нельзя удалить корневую папку!'}), 400
 
-    except hf_utils.EntryNotFoundError:
-        logging.warning(f"File {hf_path} not found on HF Hub during delete attempt for user {user_id}. Removing from DB.")
-        if remove_node(user_data['filesystem'], file_id):
-            try:
-                save_data(db_data)
-                return jsonify({"status": "ok", "message": f'Файл "{original_filename}" не найден на сервере, удален из базы.'})
-            except Exception as e:
-                 logging.exception(f"Error saving data after deleting metadata (HF not found) for user {user_id}:")
-                 return jsonify({"status": "error", "message": "Ошибка сохранения данных после удаления метаданных (файл не найден на сервере)."})
-        else:
-             logging.error(f"Failed to remove file node {file_id} (HF not found) from DB for user {user_id}.")
-             return jsonify({"status": "error", "message": "Файл не найден ни на сервере, ни в базе данных."}), 500
+    data = request.get_json()
+    if not data or 'initData' not in data or 'current_folder_id' not in data: # current_folder_id is parent context
+         return jsonify({"status": "error", "message": "Неполный запрос"}), 400
 
-    except Exception as e:
-        logging.exception(f"Error deleting file {hf_path} for {user_id}:")
-        return jsonify({"status": "error", "message": f'Ошибка удаления файла "{original_filename}": {e}'}), 500
+    user_info = check_telegram_authorization(data['initData'], BOT_TOKEN)
+    if not user_info or 'id' not in user_info:
+        return jsonify({"status": "error", "message": "Не авторизован"}), 403
 
+    tg_user_id = str(user_info['id'])
 
-@app.route('/delete_folder/<folder_id>', methods=['POST'])
-@requires_auth
-def delete_folder(folder_id):
-    user_id = session['user_id']
     db_data = load_data()
-    user_data = db_data['users'].get(str(user_id))
-
+    user_data = db_data.get('users', {}).get(tg_user_id)
     if not user_data or 'filesystem' not in user_data:
-         logging.error(f"User data or filesystem missing during delete_folder for user ID: {user_id}")
-         session.pop('user_id', None)
-         session.pop('user_data', None)
-         return jsonify({"status": "error", "message": "Internal server error."}), 500
-
-    if folder_id == 'root':
-         return jsonify({"status": "error", "message": "Нельзя удалить корневую папку!"}), 400
-
-    request_data = request.get_json()
-    current_view_folder_id = request_data.get('current_view_folder_id', 'root')
+        return jsonify({"status": "error", "message": "Ошибка данных пользователя"}), 500
 
     folder_node, parent_node = find_node_by_id(user_data['filesystem'], folder_id)
 
     if not folder_node or folder_node.get('type') != 'folder' or not parent_node:
-        return jsonify({"status": "error", "message": "Папка не найдена или не может быть удалена."}), 404
+        return jsonify({'status': 'error', 'message': 'Папка не найдена или не может быть удалена.'}), 404
 
     folder_name = folder_node.get('name', 'папка')
 
     if folder_node.get('children'):
-        return jsonify({"status": "error", "message": f'Папку "{folder_name}" можно удалить только если она пуста.'}), 400
+        return jsonify({'status': 'error', 'message': f'Папку "{folder_name}" можно удалить только если она пуста.'}), 400
+
+    # Note: We don't explicitly delete folders on HF Hub here, as HF manages directories implicitly.
+    # If the folder structure on HF needs cleanup, it might require separate logic or rely on deleting parent folders.
 
     if remove_node(user_data['filesystem'], folder_id):
         try:
             save_data(db_data)
-            redirect_to_folder_id = parent_node.get('id', 'root')
-            return jsonify({"status": "ok", "message": f'Пустая папка "{folder_name}" успешно удалена.', "redirect_to_folder_id": redirect_to_folder_id})
+            return jsonify({'status': 'ok', 'message': f'Папка "{folder_name}" удалена.'})
         except Exception as e:
-            logging.exception(f"Error saving data after deleting empty folder for user {user_id}:")
-            return jsonify({"status": "error", "message": "Ошибка сохранения данных после удаления папки."}), 500
+            logging.error(f"Delete folder save error ({tg_user_id}): {e}")
+            return jsonify({'status': 'error', 'message': 'Ошибка сохранения базы данных после удаления папки.'}), 500
     else:
-        logging.error(f"Failed to remove folder node {folder_id} from DB for user {user_id}.")
-        return jsonify({"status": "error", "message": "Не удалось удалить папку из базы данных."}), 500
+        logging.error(f"Failed to remove empty folder node {folder_id} from DB for {tg_user_id}")
+        return jsonify({'status': 'error', 'message': 'Не удалось удалить папку из базы данных.'}), 500
 
 
 @app.route('/get_text_content/<file_id>')
-@requires_auth
-def get_text_content(file_id):
-    user_id = session['user_id']
+def get_text_content_route(file_id):
+    """ Serves text file content. NO AUTH HERE - see download route notes. """
     db_data = load_data()
-    user_data = db_data['users'].get(str(user_id))
+    file_node = None
+    owner_user_id = None
 
-    if not user_data or 'filesystem' not in user_data:
-         logging.error(f"User data or filesystem missing during get_text_content for user ID: {user_id}")
-         # Cannot return JSON here usually, it's fetched by JS for modal content
-         return Response("Internal server error: User data corrupted.", status=500)
-
-    file_node, _ = find_node_by_id(user_data['filesystem'], file_id)
+    for user_id, user_data in db_data.get('users', {}).items():
+         if 'filesystem' in user_data:
+             node, _ = find_node_by_id(user_data['filesystem'], file_id)
+             if node and node.get('type') == 'file' and node.get('file_type') == 'text':
+                 file_node = node
+                 owner_user_id = user_id
+                 break
 
-    if not file_node or file_node.get('type') != 'file' or file_node.get('file_type') != 'text':
-        return Response("Текстовый файл не найден или недоступен для предпросмотра.", status=404)
+    if not file_node:
+        return Response("Текстовый файл не найден", status=404)
 
     hf_path = file_node.get('path')
     if not hf_path:
-         logging.error(f"Text file {file_id} for user {user_id} has no HF path.")
-         return Response("Ошибка: путь к файлу отсутствует", status=500)
+        return Response("Ошибка: путь к файлу отсутствует", status=500)
 
-    file_url = f"https://huggingface.co/datasets/{REPO_ID}/resolve/main/{hf_path}"
+    file_url = f"https://huggingface.co/datasets/{REPO_ID}/resolve/main/{hf_path}?download=true"
 
     try:
         headers = {}
         if HF_TOKEN_READ:
             headers["authorization"] = f"Bearer {HF_TOKEN_READ}"
 
-        response = requests.get(file_url, headers=headers)
+        response = requests.get(file_url, headers=headers, timeout=15) # 15 sec timeout for text files
         response.raise_for_status()
 
-        if len(response.content) > 1 * 1024 * 1024: # Limit text file size for preview
-             return Response("Файл слишком большой для предпросмотра.", status=413)
+        # Limit preview size
+        max_preview_size = 1 * 1024 * 1024 # 1 MB
+        if len(response.content) > max_preview_size:
+             return Response("Файл слишком большой для предпросмотра (>1MB).", status=413)
 
-        try:
-            text_content = response.content.decode('utf-8')
+        # Try common encodings
+        text_content = None
+        try: text_content = response.content.decode('utf-8')
         except UnicodeDecodeError:
-            try:
-                text_content = response.content.decode('latin-1')
-            except Exception:
-                 logging.error(f"Could not decode text file {hf_path} for user {user_id}.")
-                 return Response("Не удалось определить кодировку файла.", status=500)
+            try: text_content = response.content.decode('cp1251') # Windows Cyrillic
+            except UnicodeDecodeError:
+                 try: text_content = response.content.decode('latin-1') # Fallback
+                 except Exception: pass
+
+        if text_content is None:
+             return Response("Не удалось определить кодировку файла.", status=500)
 
-        return Response(text_content, mimetype='text/plain')
+        return Response(text_content, mimetype='text/plain; charset=utf-8') # Specify charset
 
     except requests.exceptions.RequestException as e:
-        logging.exception(f"Error fetching text content from HF ({hf_path}) for user {user_id}:")
-        return Response(f"Ошибка загрузки содержимого: {e}", status=502)
+        logging.error(f"Error fetching text content from HF ({hf_path}, owner {owner_user_id}): {e}")
+        status_code = e.response.status_code if e.response is not None else 502
+        return Response(f"Ошибка загрузки содержимого ({status_code})", status=status_code)
     except Exception as e:
-        logging.exception(f"Unexpected error fetching text content ({hf_path}) for user {user_id}:")
+        logging.error(f"Unexpected error fetching text content ({hf_path}, owner {owner_user_id}): {e}")
         return Response("Внутренняя ошибка сервера", status=500)
 
 
-@app.route('/logout')
-def logout():
-    # This is unlikely to be used in a Mini App, but included for completeness
-    # Mini Apps are typically closed rather than logged out of explicitly.
-    session.pop('user_id', None)
-    session.pop('user_data', None)
-    # For Mini App, just return a message or blank page, closing is handled by JS
-    return "Logged out. Please close the Mini App."
-
-
-# --- ADMIN PANEL (using separate login for simplicity in this single file) ---
-ADMIN_USERNAME = os.getenv("ADMIN_USERNAME", "admin")
-ADMIN_PASSWORD = os.getenv("ADMIN_PASSWORD", "adminpass") # CHANGE ME!
-
-@app.route('/admhosto_login', methods=['GET', 'POST'])
-def admhosto_login():
-    if request.method == 'POST':
-        username = request.form.get('username')
-        password = request.form.get('password')
-        if username == ADMIN_USERNAME and password == ADMIN_PASSWORD:
-            session['is_admin'] = True
-            flash('Админ вход успешен.')
-            return redirect(url_for('admin_panel'))
-        else:
-            flash('Неверный логин или пароль администратора.', 'error')
-    html = '''
-<!DOCTYPE html><html lang="ru"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>Админ Логин</title><link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;800&display=swap" rel="stylesheet">
-<style>
-    body { font-family: 'Inter', sans-serif; background-color: #f5f6fa; color: #2a1e5a; display: flex; justify-content: center; align-items: center; min-height: 100vh;}
-    .container { background: #fff; padding: 30px; border-radius: 15px; box-shadow: 0 10px 30px rgba(0, 0, 0, 0.1); text-align: center; max-width: 400px; width: 90%;}
-    h1 { color: #ff4d6d; margin-bottom: 20px; }
-    input[type="text"], input[type="password"] { width: 100%; padding: 12px; margin: 10px 0; border: 1px solid #ddd; border-radius: 8px; }
-    button { background-color: #5288c1; color: white; padding: 12px 20px; border: none; border-radius: 8px; cursor: pointer; font-size: 1em; margin-top: 15px;}
-    .flash { padding: 10px; margin-bottom: 15px; border-radius: 8px; }
-    .flash.error { background-color: #f8d7da; color: #721c24; }
-</style>
-</head><body><div class="container"><h1>Админ Логин</h1>
-{% with messages = get_flashed_messages() %}{% if messages %}{% for message in messages %}<div class="flash {{ 'error' if 'ошибка' in message.lower() else '' }}">{{ message }}</div>{% endfor %}{% endif %}{% endwith %}
-<form method="POST">
-<input type="text" name="username" placeholder="Username" required>
-<input type="password" name="password" placeholder="Password" required>
-<button type="submit">Войти как Админ</button>
-</form></div></body></html>
-    '''
-    return render_template_string(html)
-
-
-def is_admin():
-     return session.get('is_admin', False)
-
-@app.route('/admhosto')
-def admin_panel():
-    if not is_admin():
-        flash('Доступ запрещен.', 'error')
-        return redirect(url_for('admhosto_login'))
-
-    data = load_data()
-    users = data.get('users', {})
-
-    user_details = []
-    for user_id, udata in users.items():
-        file_count = 0
-        folder_count = 0
-        # Simple recursive count
-        def count_items(folder):
-             count = 0
-             folder_c = 0
-             if 'children' in folder:
-                 for item in folder['children']:
-                      if item.get('type') == 'file':
-                          count += 1
-                      elif item.get('type') == 'folder':
-                          folder_c += 1
-                          f_c, deep_f_c = count_items(item) # Recursive call
-                          count += f_c
-                          folder_c += deep_f_c # Include nested folders
-             return count, folder_c
-        file_count, folder_count = count_items(udata.get('filesystem', {}))
-
-
-        user_details.append({
-            'id': user_id,
-            'username': udata.get('username', 'N/A'),
-            'first_name': udata.get('first_name', 'N/A'),
-            'created_at': udata.get('created_at', 'N/A'),
-            'file_count': file_count,
-            'folder_count': folder_count # Includes subfolders
-        })
-
-    html = '''
-<!DOCTYPE html><html lang="ru"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>Админ-панель</title>
-<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;800&display=swap" rel="stylesheet">
-<style>
-    body { font-family: 'Inter', sans-serif; background-color: #f5f6fa; color: #2a1e5a;}
-    .container { margin: 20px auto; max-width: 900px; padding: 25px; background: #fff; border-radius: 15px; box-shadow: 0 10px 30px rgba(0, 0, 0, 0.1); }
-    h1 { color: #ff4d6d; text-align: center; margin-bottom: 25px; }
-    h2 { color: #5288c1; margin-top: 20px; }
-    .user-list { margin-top: 15px; }
-    .user-item { background: #eee; padding: 15px; border-radius: 10px; margin-bottom: 10px; display: flex; justify-content: space-between; align-items: center; flex-wrap: wrap; }
-    .user-info { flex-grow: 1; margin-right: 10px; }
-    .user-item a { color: #ff4d6d; text-decoration: none; font-weight: 600; }
-    .user-item a:hover { text-decoration: underline; }
-    .user-actions button { background: #e53935; color: white; border: none; padding: 5px 10px; border-radius: 5px; cursor: pointer; font-size: 0.9em; }
-    .user-actions button:hover { background: #c62828; }
-    .flash { padding: 10px; margin-bottom: 15px; border-radius: 8px; }
-    .flash.error { background-color: #f8d7da; color: #721c24; }
-</style>
-</head><body><div class="container"><h1>Админ-панель</h1>
-{% with messages = get_flashed_messages() %}{% if messages %}{% for message in messages %}<div class="flash {{ 'error' if 'ошибка' in message.lower() else '' }}">{{ message }}</div>{% endfor %}{% endif %}{% endwith %}
-<h2>Пользователи</h2><div class="user-list">
-{% for user in user_details %}
-<div class="user-item">
-    <div class="user-info">
-        <a href="{{ url_for('admin_user_files', user_id=user.id) }}">ID: {{ user.id }} | @{{ user.username }} ({{ user.first_name }})</a>
-        <p>Зарегистрирован: {{ user.created_at }}</p>
-        <p>Файлов: {{ user.file_count }} | Папок: {{ user.folder_count }}</p>
-    </div>
-    <div class="user-actions">
-         <form method="POST" action="{{ url_for('admin_delete_user', user_id=user.id) }}" style="display: inline;" onsubmit="return confirm('УДАЛИТЬ пользователя ID {{ user.id }} и ВСЕ его файлы? НЕОБРАТИМО!');">
-            <button type="submit">Удалить пользователя</button>
-         </form>
-    </div>
-</div>
-{% else %}<p>Пользователей нет.</p>{% endfor %}</div></div></body></html>'''
-    return render_template_string(html, user_details=user_details)
-
-@app.route('/admhosto/user/<int:user_id>')
-def admin_user_files(user_id):
-    if not is_admin():
-        flash('Доступ запрещен.', 'error')
-        return redirect(url_for('admhosto_login'))
-
-    db_data = load_data()
-    user_data = db_data.get('users', {}).get(str(user_id))
-    if not user_data:
-        flash(f'Пользователь ID {user_id} не найден.', 'error')
-        return redirect(url_for('admin_panel'))
-
-    all_files = []
-    def collect_files(folder, current_path_id='root'):
-         if not folder or 'children' not in folder: return
-
-         parent_path_str = get_node_path_string(user_data.get('filesystem', {}), current_path_id)
-
-         for item in folder['children']:
-              if item.get('type') == 'file':
-                  item_copy = item.copy() # Avoid modifying original data while iterating
-                  item_copy['parent_path_str'] = parent_path_str
-                  all_files.append(item_copy)
-              elif item.get('type') == 'folder':
-                  collect_files(item, item.get('id'))
-
-    collect_files(user_data.get('filesystem', {}))
-    all_files.sort(key=lambda x: x.get('upload_date', ''), reverse=True)
-
-    html = '''
-<!DOCTYPE html><html lang="ru"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><title>Файлы пользователя ID {{ user_id }}</title>
-<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;800&display=swap" rel="stylesheet">
-<style>
-    body { font-family: 'Inter', sans-serif; background-color: #f5f6fa; color: #2a1e5a;}
-    .container { margin: 20px auto; max-width: 1000px; padding: 25px; background: #fff; border-radius: 15px; box-shadow: 0 10px 30px rgba(0, 0, 0, 0.1); }
-    h1 { color: #ff4d6d; text-align: center; margin-bottom: 25px; }
-    .file-grid { display: grid; grid-template-columns: repeat(auto-fill, minmax(200px, 1fr)); gap: 20px; margin-top: 20px; }
-    .file-item { background: #eee; padding: 15px; border-radius: 10px; box-shadow: 0 2px 5px rgba(0,0,0,0.1); text-align: center; display: flex; flex-direction: column; justify-content: space-between; }
-    .file-preview { max-width: 100%; height: 100px; object-fit: contain; border-radius: 8px; margin-bottom: 10px; display: block; margin-left: auto; margin-right: auto; cursor: pointer;}
-    .file-info p { font-size: 0.9em; margin: 4px 0; word-break: break-all; }
-    .admin-file-actions { margin-top: 10px; display: flex; flex-wrap: wrap; gap: 5px; justify-content: center; }
-    .admin-file-actions a, .admin-file-actions button { font-size: 0.8em; padding: 6px 10px; margin: 0; border-radius: 6px; cursor: pointer;}
-    .download-btn { background-color: #5288c1; color: white; border: none; }
-    .delete-btn { background-color: #e53935; color: white; border: none; }
-     .view-btn { background-color: #2481cc; color: white; border: none; }
-    .flash { padding: 10px; margin-bottom: 15px; border-radius: 8px; }
-    .flash.error { background-color: #f8d7da; color: #721c24; }
-
-    .modal { display: none; position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: rgba(0, 0, 0, 0.85); z-index: 2000; justify-content: center; align-items: center; }
-    .modal-content { max-width: 95%; max-height: 95%; background: #fff; padding: 10px; border-radius: 10px; overflow: auto; position: relative; }
-    .modal img, .modal video, .modal iframe, .modal pre { max-width: 100%; max-height: 85vh; display: block; margin: auto; border-radius: 8px; }
-    .modal iframe { width: 80vw; height: 85vh; border: none; }
-    .modal pre { background: #eee; color: #333; padding: 15px; border-radius: 8px; white-space: pre-wrap; word-wrap: break-word; text-align: left; max-height: 85vh; overflow-y: auto;}
-    .modal-close-btn { position: absolute; top: 10px; right: 15px; font-size: 24px; color: #aaa; cursor: pointer; background: rgba(0,0,0,0.3); border-radius: 50%; width: 30px; height: 30px; line-height: 30px; text-align: center; }
-</style>
-</head><body><div class="container"><h1>Файлы пользователя ID: {{ user_id }}</h1>
-<p>Telegram Username: @{{ user_data.username or 'N/A' }} | Имя: {{ user_data.first_name }} {{ user_data.last_name or '' }}</p>
-<a href="{{ url_for('admin_panel') }}" class="btn" style="margin-bottom: 20px;">Назад к пользователям</a>
-{% with messages = get_flashed_messages() %}{% if messages %}{% for message in messages %}<div class="flash {{ 'error' if 'ошибка' in message.lower() else '' }}">{{ message }}</div>{% endfor %}{% endif %}{% endwith %}
-<div class="file-grid">
-{% for file in files %}
-<div class="file-item">
-    <div class="file-info">
-    {% set previewable = file.file_type in ['image', 'video', 'pdf', 'text'] %}
-    {% set hf_file_url = 'https://huggingface.co/datasets/' + REPO_ID + '/resolve/main/' + file.path %}
-    {% set hf_download_url = hf_file_url + '?download=true' %}
-
-    {% if file.file_type == 'image' %} <img class="file-preview" src="{{ hf_file_url }}" loading="lazy" onclick="openModal('{{ hf_file_url }}', '{{ file.file_type }}', '{{ file.id }}')">
-    {% elif file.file_type == 'video' %} <video class="file-preview" preload="metadata" muted onclick="openModal('{{ hf_download_url }}', '{{ file.file_type }}', '{{ file.id }}')"><source src="{{ hf_download_url }}#t=0.5"></video>
-    {% elif file.file_type == 'pdf' %} <div class="file-preview" style="font-size: 40px; line-height: 100px; text-align: center; color: #2481cc;" onclick="openModal('https://docs.google.com/viewer?url={{ hf_download_url | urlencode }}&embedded=true', '{{ file.file_type }}', '{{ file.id }}')">📄</div>
-    {% elif file.file_type == 'text' %} <div class="file-preview" style="font-size: 40px; line-height: 100px; text-align: center; color: #00ddeb;" onclick="openModal('{{ url_for('get_text_content', file_id=file.id) }}', '{{ file.file_type }}', '{{ file.id }}')">📝</div>
-    {% else %} <div class="file-preview" style="font-size: 40px; line-height: 100px; text-align: center; color: #aaa;">❓</div> {% endif %}
-
-    <p title="{{ file.original_filename }}"><b>{{ file.original_filename | truncate(25) }}</b></p>
-    <p style="font-size: 0.8em; color: #555;">В папке: {{ file.parent_path_str }}</p>
-    <p style="font-size: 0.8em; color: #555;">Загружен: {{ file.upload_date }}</p>
-    <p style="font-size: 0.7em; color: #999;">ID: {{ file.id }}</p>
-    <p style="font-size: 0.7em; color: #999; word-break: break-all;">Path: {{ file.path }}</p>
-    </div>
-    <div class="admin-file-actions">
-        <a href="{{ url_for('download_file', file_id=file.id) }}" class="btn download-btn">Скачать</a>
-        {% if previewable %}
-             {% set admin_preview_url = hf_file_url if file.file_type != 'text' else url_for('get_text_content', file_id=file.id) %}
-             {% if file.file_type == 'pdf' %}
-                 {% set admin_preview_url = 'https://docs.google.com/viewer?url=' + (hf_download_url | urlencode) + '&embedded=true' %}
-             {% elif file.file_type == 'video' %}
-                 {% set admin_preview_url = hf_download_url %}
-             {% endif %}
-
-            <button class="btn view-btn" onclick="openModal('{{ admin_preview_url }}', '{{ file.file_type }}', '{{ file.id }}')">Просмотр</button>
-        {% endif %}
-        <form method="POST" action="{{ url_for('admin_delete_file', user_id=user_id, file_id=file.id) }}" style="display: inline-block;" onsubmit="return confirm('Удалить файл {{ file.original_filename }} пользователя {{ user_id }}?');">
-             <button type="submit" class="btn delete-btn">Удалить</button>
-        </form>
-    </div>
-</div>
-{% else %} <p>У пользователя нет файлов.</p> {% endif %}
-</div></div>
-
-<div class="modal" id="mediaModal" onclick="closeModal(event)">
-    <div class="modal-content" id="modalContentContainer">
-        <span onclick="closeModalManual()" class="modal-close-btn">×</span>
-        <div id="modalContent"></div>
-    </div>
-</div>
-
-<script>
- // Keep modal functions needed for admin panel
- async function openModal(srcOrUrl, type, itemId) {
-     const modal = document.getElementById('mediaModal');
-     const modalContent = document.getElementById('modalContent');
-     modalContent.innerHTML = '<p style="color: #333;">Загрузка...</p>';
-     modal.style.display = 'flex';
-
-     try {
-         if (type === 'image') {
-             modalContent.innerHTML = `<img src="${srcOrUrl}" alt="Просмотр изображения">`;
-         } else if (type === 'video') {
-             modalContent.innerHTML = `<video controls autoplay style='max-width: 95%; max-height: 85vh;'><source src="${srcOrUrl}" type="video/mp4">Ваш браузер не поддерживает видео.</video>`;
-         } else if (type === 'pdf') {
-              modalContent.innerHTML = `<iframe src="${srcOrUrl}" title="Просмотр PDF" style="width: 80vw; height: 85vh;"></iframe>`;
-         } else if (type === 'text') {
-             const response = await fetch(srcOrUrl);
-             if (!response.ok) {
-                  const errorText = await response.text();
-                  throw new Error(`Ошибка загрузки текста (${response.status}): ${errorText}`);
-             }
-             const text = await response.text();
-             const escapedText = text.replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">");
-             modalContent.innerHTML = `<pre>${escapedText}</pre>`;
-         } else {
-              modalContent.innerHTML = '<p style="color: #333;">Предпросмотр для этого типа файла не поддерживается.</p>';
-         }
-     } catch (error) {
-          console.error("Error loading modal content:", error);
-          modalContent.innerHTML = `<p style="color: red;">Не удалось загрузить содержимое для предпросмотра.<br>${error.message}</p>`;
-     }
- }
-
- function closeModal(event) {
-     const modal = document.getElementById('mediaModal');
-     if (event.target === modal) {
-         closeModalManual();
-     }
- }
-
- function closeModalManual() {
-      const modal = document.getElementById('mediaModal');
-      modal.style.display = 'none';
-      const video = modal.querySelector('video');
-      if (video) { video.pause(); video.removeAttribute('src'); video.load(); }
-      const iframe = modal.querySelector('iframe');
-      if (iframe) iframe.src = 'about:blank';
-      document.getElementById('modalContent').innerHTML = '';
- }
-</script>
-
-</body></html>'''
-    # Add truncate filter for Jinja2
-    def truncate_filter(s, length=25, killwords=False, end='...'):
-        if len(s) <= length:
-            return s
-        if killwords:
-            return s[:length] + end
-        words = s.split()
-        result = []
-        l = 0
-        for word in words:
-            if l + len(word) + len(result) > length:
-                break
-            result.append(word)
-            l += len(word)
-        return ' '.join(result) + end if result else s[:length] + end
-
-    app.jinja_env.filters['truncate'] = truncate_filter
-
-
-    return render_template_string(html, user_id=user_id, user_data=user_data, files=all_files, REPO_ID=REPO_ID)
-
-
-@app.route('/admhosto/delete_user/<int:user_id>', methods=['POST'])
-def admin_delete_user(user_id):
-    if not is_admin():
-        flash('Доступ запрещен.', 'error')
-        return redirect(url_for('admhosto_login'))
-    if not HF_TOKEN_WRITE:
-         flash('Удаление невозможно: токен для записи не настроен.', 'error')
-         return redirect(url_for('admin_panel'))
-
-    db_data = load_data()
-    user_id_str = str(user_id)
-
-    if user_id_str not in db_data['users']:
-        flash(f'Пользователь ID {user_id} не найден!', 'error')
-        return redirect(url_for('admin_panel'))
-
-    user_data = db_data['users'][user_id_str]
-    logging.warning(f"ADMIN ACTION: Attempting to delete user ID {user_id} and all their data.")
-
-    try:
-        api = HfApi()
-        user_folder_path_on_hf = f"cloud_files/{user_id_str}"
-
-        logging.info(f"Attempting to delete HF Hub folder: {user_folder_path_on_hf} for user {user_id}")
-        # Use allow_missing=True in case the folder doesn't exist (e.g., new user with no files)
-        api.delete_folder(
-            folder_path=user_folder_path_on_hf,
-            repo_id=REPO_ID,
-            repo_type="dataset",
-            token=HF_TOKEN_WRITE,
-            commit_message=f"ADMIN ACTION: Deleted all files/folders for user ID {user_id}"
-        )
-        logging.info(f"Successfully initiated deletion of folder {user_folder_path_on_hf} on HF Hub (or it was missing).")
-
-    except Exception as e:
-        logging.exception(f"Error during HF Hub folder deletion for user ID {user_id}:")
-        # Do NOT return here. We want to attempt DB cleanup even if HF failed.
-        flash(f'Ошибка при удалении файлов пользователя ID {user_id} с сервера: {e}. Проверьте HF Hub. Пользователь будет удален из базы.', 'error')
-
-
-    try:
-        del db_data['users'][user_id_str]
-        save_data(db_data)
-        flash(f'Пользователь ID {user_id} успешно удален из базы данных!')
-        logging.info(f"ADMIN ACTION: Successfully deleted user ID {user_id} from database.")
-    except Exception as e:
-        logging.exception(f"Error saving data after deleting user ID {user_id}:")
-        flash(f'Ошибка при удалении пользователя ID {user_id} из базы данных: {e}', 'error')
-
-    return redirect(url_for('admin_panel'))
-
-
-@app.route('/admhosto/delete_file/<int:user_id>/<file_id>', methods=['POST'])
-def admin_delete_file(user_id, file_id):
-    if not is_admin():
-        flash('Доступ запрещен.', 'error')
-        return redirect(url_for('admhosto_login'))
-    if not HF_TOKEN_WRITE:
-         flash('Удаление невозможно: токен для записи не настроен.', 'error')
-         return redirect(url_for('admin_user_files', user_id=user_id))
+@app.route('/preview_thumb/<file_id>')
+def preview_thumb_route(file_id):
+    """ Serves a potentially resized image preview. NO AUTH HERE. """
+    # Placeholder: This currently just redirects to the full download.
+    # Real implementation would require image processing (e.g., Pillow)
+    # to generate thumbnails server-side, or rely on client-side rendering only.
+    # For simplicity, we redirect.
+    # return redirect(url_for('download_file_route', file_id=file_id))
 
+    # Attempt direct serving like download, relying on browser caching/rendering
     db_data = load_data()
-    user_id_str = str(user_id)
-    user_data = db_data.get('users', {}).get(user_id_str)
-    if not user_data:
-        flash(f'Пользователь ID {user_id} не найден.', 'error')
-        return redirect(url_for('admin_panel'))
-
-    file_node, parent_node = find_node_by_id(user_data.get('filesystem', {}), file_id)
-
-    if not file_node or file_node.get('type') != 'file' or not parent_node:
-        flash('Файл не найден в структуре пользователя.', 'error')
-        return redirect(url_for('admin_user_files', user_id=user_id))
-
+    file_node = None
+    owner_user_id = None
+
+    for user_id, user_data in db_data.get('users', {}).items():
+        if 'filesystem' in user_data:
+            node, _ = find_node_by_id(user_data['filesystem'], file_id)
+            if node and node.get('type') == 'file' and node.get('file_type') == 'image':
+                 file_node = node
+                 owner_user_id = user_id
+                 break
+
+    if not file_node: return Response("Изображение не найдено", status=404)
     hf_path = file_node.get('path')
-    original_filename = file_node.get('original_filename', 'файл')
+    if not hf_path: return Response("Путь к файлу не найден", status=500)
 
-    if not hf_path:
-        logging.warning(f"ADMIN ACTION: File {original_filename} (ID: {file_id}) for user {user_id} has no HF path. Removing from DB only.")
-        if remove_node(user_data['filesystem'], file_id):
-            try:
-                save_data(db_data)
-                flash(f'Метаданные файла "{original_filename}" удалены (путь отсутствовал).')
-            except Exception as e:
-                 logging.exception(f"Admin delete file metadata save error (no path) for user {user_id}:")
-                 flash('Ошибка сохранения данных после удаления метаданных (путь отсутствовал).', 'error')
-        else:
-             logging.error(f"Admin failed to remove file node {file_id} (no path) from DB for user {user_id}.")
-             flash('Ошибка удаления метаданных файла из базы данных.', 'error')
-        return redirect(url_for('admin_user_files', user_id=user_id))
+    # Serve directly without download=true for potential browser caching
+    file_url = f"https://huggingface.co/datasets/{REPO_ID}/resolve/main/{hf_path}"
 
     try:
-        api = HfApi()
-        api.delete_file(
-            path_in_repo=hf_path,
-            repo_id=REPO_ID,
-            repo_type="dataset",
-            token=HF_TOKEN_WRITE,
-            commit_message=f"ADMIN ACTION: Deleted file {original_filename} (ID: {file_id}) for user ID {user_id}"
-        )
-        logging.info(f"ADMIN ACTION: Deleted file {hf_path} from HF Hub for user ID {user_id}")
-
-        if remove_node(user_data['filesystem'], file_id):
-            try:
-                save_data(db_data)
-                flash(f'Файл "{original_filename}" успешно удален!')
-            except Exception as e:
-                logging.exception(f"Admin delete file DB update error for user {user_id}:")
-                flash('Файл удален с сервера, но произошла ошибка обновления базы данных.', 'error')
-        else:
-             logging.error(f"Admin failed to remove file node {file_id} from DB for user {user_id} after HF deletion.")
-             flash('Файл удален с сервера, но не найден в базе данных для удаления.', 'error')
-
-    except hf_utils.EntryNotFoundError:
-        logging.warning(f"ADMIN ACTION: File {hf_path} not found on HF Hub during delete for user {user_id}. Removing from DB.")
-        if remove_node(user_data['filesystem'], file_id):
-            try:
-                save_data(db_data)
-                flash(f'Файл "{original_filename}" не найден на сервере, удален из базы.')
-            except Exception as e:
-                 logging.exception(f"Admin delete file metadata save error (HF not found) for user {user_id}:")
-                 flash('Ошибка сохранения данных после удаления метаданных (файл не найден на сервере).', 'error')
-        else:
-            logging.error(f"Admin failed to remove file node {file_id} (HF not found) from DB for user {user_id}.")
-            flash('Файл не найден ни на сервере, ни в базе данных.', 'error')
-
+        headers = {}
+        if HF_TOKEN_READ: headers["authorization"] = f"Bearer {HF_TOKEN_READ}"
+        response = requests.get(file_url, headers=headers, stream=True, timeout=20)
+        response.raise_for_status()
+        return Response(response.iter_content(chunk_size=8192), mimetype=response.headers.get('Content-Type', 'image/jpeg'))
+    except requests.exceptions.RequestException as e:
+        logging.error(f"Error fetching preview from HF ({hf_path}, owner: {owner_user_id}): {e}")
+        return Response(f"Ошибка загрузки превью ({e.response.status_code if e.response else 502})", status=e.response.status_code if e.response else 502)
     except Exception as e:
-        logging.exception(f"ADMIN ACTION: Error deleting file {hf_path} for user {user_id}:")
-        flash(f'Ошибка удаления файла "{original_filename}": {e}', 'error')
-
-    return redirect(url_for('admin_user_files', user_id=user_id))
-
-@app.route('/admhosto/logout')
-def admhosto_logout():
-    session.pop('is_admin', None)
-    flash('Вы успешно вышли из админ-панели.')
-    return redirect(url_for('admhosto_login'))
+        logging.error(f"Unexpected error during preview ({hf_path}, owner: {owner_user_id}): {e}")
+        return Response("Внутренняя ошибка сервера при загрузке превью", status=500)
 
 
+# --- Main Execution ---
 if __name__ == '__main__':
-    if not BOT_TOKEN or BOT_TOKEN == 'YOUR_BOT_TOKEN':
-        logging.error("\n*** ERROR: TELEGRAM_BOT_TOKEN is not set or is the default placeholder. Telegram validation will FAIL. ***\n")
+    if BOT_TOKEN == 'YOUR_BOT_TOKEN':
+        logging.critical("\n" + "*"*60 +
+                         "\n CRITICAL: TELEGRAM_BOT_TOKEN is not set or is 'YOUR_BOT_TOKEN'. " +
+                         "\n Telegram authentication WILL FAIL. Set the environment variable." +
+                         "\n" + "*"*60)
     if not HF_TOKEN_WRITE:
-        logging.warning("\n*** WARNING: HF_TOKEN (write access) is not set. File uploads, deletions, and backups will FAIL. ***\n")
+        logging.warning("HF_TOKEN (write access) is not set. File uploads, deletions will fail.")
     if not HF_TOKEN_READ:
-        logging.warning("\n*** WARNING: HF_TOKEN_READ is not set. Falling back to HF_TOKEN. File downloads/previews might fail for private repos if HF_TOKEN is also not set. ***\n")
-    if ADMIN_PASSWORD == 'adminpass':
-        logging.warning("\n*** WARNING: Using default ADMIN_PASSWORD. CHANGE IT! ***\n")
+        logging.warning("HF_TOKEN_READ is not set. File downloads/previews might fail for private repos.")
 
-    logging.info("Performing initial database operations before starting.")
-
-    # Ensure DATA_FILE exists before download/upload attempts
-    if not os.path.exists(DATA_FILE):
-         with open(DATA_FILE, 'w', encoding='utf-8') as f:
-              json.dump({'users': {}}, f)
-         logging.info(f"Created empty local database file: {DATA_FILE}")
-
-    # Always attempt download on startup
+    # Initial DB download before starting server
+    logging.info("Performing initial database download...")
     download_db_from_hf()
+    logging.info("Initial download attempt complete.")
 
-    # Start periodic backup thread only if HF_TOKEN_WRITE is set
-    if HF_TOKEN_WRITE and BOT_TOKEN != 'YOUR_BOT_TOKEN': # Only backup if write token and bot token are set
-        logging.info("Starting periodic backup thread.")
-        threading.Thread(target=periodic_backup, daemon=True).start()
-    else:
-        logging.warning("Periodic backup disabled.")
-
+    # No periodic backup thread in this version for simplicity. Save triggers upload.
 
-    app.run(host=HOST, port=PORT, debug=False) # debug=False for production
\ No newline at end of file
+    app.run(debug=False, host='0.0.0.0', port=7860)
\ No newline at end of file