diff --git "a/app.py" "b/app.py"
--- "a/app.py"
+++ "b/app.py"
@@ -16,154 +16,80 @@ import hmac
 import hashlib
 from urllib.parse import unquote
 
-from telegram import Update, WebAppInfo, InlineKeyboardButton, InlineKeyboardMarkup
-from telegram.ext import Application, CommandHandler, MessageHandler, filters, ContextTypes
-
-# --- CONFIGURATION ---
-BOT_TOKEN = os.getenv("TELEGRAM_BOT_TOKEN", "6750208873:AAE2hvPlJ99dBdhGa_Brre0IIpUdOvXxHt4")
-ADMIN_TELEGRAM_ID = os.getenv("ADMIN_TELEGRAM_ID", "YOUR_ADMIN_TELEGRAM_ID_HERE") # Replace with actual admin Telegram ID
-FLASK_SECRET_KEY = os.getenv("FLASK_SECRET_KEY", "supersecretkey_telegram_mini_app_unique")
-DATA_FILE = 'cloudeng_tg_data.json'
-REPO_ID = os.getenv("HF_REPO_ID", "Eluza133/Z1e1u") # Default to your repo
-HF_TOKEN_WRITE = os.getenv("HF_TOKEN_WRITE")
-HF_TOKEN_READ = os.getenv("HF_TOKEN_READ") or HF_TOKEN_WRITE
-UPLOAD_FOLDER = 'uploads_tg'
-WEB_APP_URL = os.getenv("WEB_APP_URL") # e.g., https://yourdomain.com
+app = Flask(__name__)
+app.secret_key = os.getenv("FLASK_SECRET_KEY", "supersecretkey_folders_unique_telegram")
+
+# --- Telegram Configuration ---
+BOT_API_TOKEN = os.getenv("TELEGRAM_BOT_TOKEN", "6750208873:AAE2hvPlJ99dBdhGa_Brre0IIpUdOvXxHt4")
+ADMIN_TELEGRAM_IDS = [int(admin_id) for admin_id in os.getenv("ADMIN_TELEGRAM_IDS", "123456789,987654321").split(',') if admin_id.strip()] # Example: "123456,789012"
+# For local testing, you can mock a Telegram user.
+# Example: http://localhost:7860/auth/telegram?mock_user_id=YOUR_TELEGRAM_ID (replace YOUR_TELEGRAM_ID)
+MOCK_TELEGRAM_MODE = os.getenv("MOCK_TELEGRAM_MODE", "False").lower() == "true"
+
 
+DATA_FILE = 'cloudeng_data_tg.json'
+REPO_ID = "Eluza133/Z1e1u" # Replace with your actual Repo ID
+HF_TOKEN_WRITE = os.getenv("HF_TOKEN")
+HF_TOKEN_READ = os.getenv("HF_TOKEN_READ") or HF_TOKEN_WRITE
+UPLOAD_FOLDER = 'uploads'
 os.makedirs(UPLOAD_FOLDER, exist_ok=True)
-logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(name)s - %(levelname)s - %(message)s')
-logger = logging.getLogger(__name__)
 
-app = Flask(__name__)
-app.secret_key = FLASK_SECRET_KEY
 cache = Cache(app, config={'CACHE_TYPE': 'simple'})
+logging.basicConfig(level=logging.INFO)
 
-# --- STYLES ---
-BASE_STYLE = '''
-:root {
-    --primary: #0088cc; --secondary: #00ab6c; --accent: #536de6;
-    --background-light: #ffffff; --background-dark: #1c1c1e;
-    --card-bg: rgba(240, 240, 245, 0.95); --card-bg-dark: rgba(44, 44, 46, 0.95);
-    --text-light: #000000; --text-dark: #ffffff; --shadow: 0 8px 25px rgba(0, 0, 0, 0.15);
-    --glass-bg: rgba(200, 200, 200, 0.2); --transition: all 0.3s ease; --delete-color: #ff3b30;
-    --folder-color: #ff9500;
-}
-* { margin: 0; padding: 0; box-sizing: border-box; }
-body { font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', Arial, sans-serif; background: var(--background-light); color: var(--text-light); line-height: 1.5; -webkit-font-smoothing: antialiased; }
-body.dark { background: var(--background-dark); color: var(--text-dark); }
-.container { margin: 0 auto; max-width: 100%; min-height: 100vh; padding: 15px; background: var(--background-light); overflow-x: hidden; }
-body.dark .container { background: var(--background-dark); }
-h1 { font-size: 1.8em; font-weight: 700; text-align: center; margin-bottom: 20px; color: var(--primary); }
-h2 { font-size: 1.4em; margin-top: 25px; margin-bottom:10px; color: var(--text-light); }
-body.dark h2 { color: var(--text-dark); }
-h4 { font-size: 1em; margin-top: 12px; margin-bottom: 4px; color: var(--accent); }
-ol, ul { margin-left: 20px; margin-bottom: 12px; }
-li { margin-bottom: 4px; }
-input, textarea { width: 100%; padding: 12px; margin: 10px 0; border: 1px solid #ccc; border-radius: 10px; background: var(--glass-bg); color: var(--text-light); font-size: 1em; }
-body.dark input, body.dark textarea { border-color: #444; color: var(--text-dark); background: rgba(70,70,70,0.3); }
-input:focus, textarea:focus { outline: none; border-color: var(--primary); box-shadow: 0 0 0 2px var(--primary); }
-.btn { padding: 12px 24px; background: var(--primary); color: white; border: none; border-radius: 10px; cursor: pointer; font-size: 1em; font-weight: 600; transition: var(--transition); box-shadow: 0 4px 10px rgba(0,0,0,0.1); display: inline-block; text-decoration: none; margin-top: 4px; margin-right: 4px; text-align: center; }
-.btn:hover { transform: translateY(-2px); background: #0077b3; box-shadow: 0 6px 15px rgba(0,0,0,0.15); }
-.download-btn { background: var(--secondary); }
-.download-btn:hover { background: #00965e; }
-.delete-btn { background: var(--delete-color); }
-.delete-btn:hover { background: #e03024; }
-.folder-btn { background: var(--folder-color); }
-.folder-btn:hover { background: #e08300; }
-.flash { color: var(--primary); text-align: center; margin-bottom: 12px; padding: 8px; background: rgba(0, 136, 204, 0.1); border-radius: 8px; border: 1px solid var(--primary); }
-.flash.error { color: var(--delete-color); background: rgba(255, 59, 48, 0.1); border-color: var(--delete-color); }
-.file-grid { display: grid; grid-template-columns: repeat(auto-fill, minmax(150px, 1fr)); gap: 15px; margin-top: 15px; }
-.user-list { margin-top: 15px; }
-.user-item { padding: 12px; background: var(--card-bg); border-radius: 12px; margin-bottom: 8px; box-shadow: var(--shadow); transition: var(--transition); }
-body.dark .user-item { background: var(--card-bg-dark); }
-.user-item:hover { transform: translateY(-3px); }
-.user-item a { color: var(--primary); text-decoration: none; font-weight: 600; }
-.user-item a:hover { color: var(--accent); }
-.item { background: var(--card-bg); padding: 12px; border-radius: 12px; box-shadow: var(--shadow); text-align: center; transition: var(--transition); display: flex; flex-direction: column; justify-content: space-between; }
-body.dark .item { background: var(--card-bg-dark); }
-.item:hover { transform: translateY(-3px); }
-.item-preview { width: 100%; height: 100px; object-fit: cover; border-radius: 8px; margin-bottom: 8px; cursor: pointer; display: block; margin-left: auto; margin-right: auto;}
-.item.folder .item-preview { object-fit: contain; font-size: 50px; color: var(--folder-color); line-height: 100px; }
-.item p { font-size: 0.85em; margin: 4px 0; word-break: break-all; }
-.item a { color: var(--primary); text-decoration: none; }
-.item a:hover { color: var(--accent); }
-.item-actions { margin-top: 8px; display: flex; flex-wrap: wrap; gap: 4px; justify-content: center; }
-.item-actions .btn { font-size: 0.8em; padding: 6px 10px; }
-.modal { display: none; position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: rgba(0, 0, 0, 0.7); z-index: 2000; justify-content: center; align-items: center; }
-.modal-content { max-width: 95%; max-height: 95%; background: var(--background-light); padding: 10px; border-radius: 12px; overflow: auto; position: relative; }
-body.dark .modal-content { background: var(--card-bg-dark); }
-.modal img, .modal video, .modal iframe, .modal pre { max-width: 100%; max-height: 85vh; display: block; margin: auto; border-radius: 8px; }
-.modal iframe { width: 90vw; height: 85vh; border: none; }
-.modal pre { background: #eee; color: #333; padding: 12px; border-radius: 6px; white-space: pre-wrap; word-wrap: break-word; text-align: left; max-height: 85vh; overflow-y: auto;}
-body.dark .modal pre { background: #2b2a33; color: var(--text-dark); }
-.modal-close-btn { position: absolute; top: 10px; right: 15px; font-size: 24px; color: #aaa; cursor: pointer; background: rgba(0,0,0,0.3); border-radius: 50%; width: 28px; height: 28px; line-height: 28px; text-align: center; }
-body.dark .modal-close-btn { color: #555; background: rgba(255,255,255,0.15); }
-#progress-container { width: 100%; background: var(--glass-bg); border-radius: 8px; margin: 12px 0; display: none; position: relative; height: 18px; }
-#progress-bar { width: 0%; height: 100%; background: var(--primary); border-radius: 8px; transition: width 0.3s ease; }
-#progress-text { position: absolute; width: 100%; text-align: center; line-height: 18px; color: var(--text-dark); font-size: 0.8em; font-weight: bold; text-shadow: 1px 1px 1px rgba(0,0,0,0.2); }
-.breadcrumbs { margin-bottom: 15px; font-size: 1em; }
-.breadcrumbs a { color: var(--accent); text-decoration: none; }
-.breadcrumbs a:hover { text-decoration: underline; }
-.breadcrumbs span { margin: 0 4px; color: #999; }
-.folder-actions { margin-top: 15px; margin-bottom: 8px; display: flex; gap: 8px; align-items: center; flex-wrap: wrap; }
-.folder-actions input[type=text] { width: auto; flex-grow: 1; margin: 0; min-width: 120px; }
-.folder-actions .btn { margin: 0; flex-shrink: 0;}
-#auth-message { text-align: center; padding: 20px; font-size: 1.2em; }
-@media (max-width: 480px) {
-    .container { padding: 10px; }
-    .file-grid { grid-template-columns: repeat(auto-fill, minmax(120px, 1fr)); gap: 10px; }
-    .item-preview { height: 80px; }
-    .item.folder .item-preview { font-size: 40px; line-height: 80px; }
-    h1 { font-size: 1.6em; }
-    .btn { padding: 10px 20px; font-size: 0.9em; }
-    .item-actions .btn { padding: 5px 8px; font-size: 0.75em;}
-    .folder-actions { flex-direction: column; align-items: stretch; }
-}
-'''
 
-# --- HELPER FUNCTIONS ---
-def verify_telegram_data(init_data_str, bot_token_val):
-    if not init_data_str or not bot_token_val:
-        return False
-    
-    parsed_data = {}
-    for pair in init_data_str.split('&'):
-        if '=' in pair:
-            key, value = pair.split('=', 1)
-            parsed_data[key] = unquote(value)
-
-    received_hash = parsed_data.pop('hash', None)
-    if not received_hash:
-        return False
-
-    data_check_arr = [f"{key}={value}" for key, value in sorted(parsed_data.items())]
-    data_check_string = "\n".join(data_check_arr)
-    
-    secret_key = hmac.new("WebAppData".encode(), bot_token_val.encode(), hashlib.sha256).digest()
-    calculated_hash = hmac.new(secret_key, data_check_string.encode(), hashlib.sha256).hexdigest()
-    
-    return calculated_hash == received_hash
+def check_telegram_authorization(init_data_str: str, bot_token: str) -> dict | None:
+    """
+    Validates the initData string from Telegram Web App.
+    Returns user data dictionary if valid, None otherwise.
+    """
+    try:
+        # Telegram.WebApp.initData is URL-encoded, ensure it's decoded if necessary.
+        # Flask's request.get_json() or request.form should handle decoding if initData is part of JSON/form.
+        # If initData_str is directly from JS, it might already be decoded.
+        # For safety, let's try to unquote it if it looks like a query string.
+        if '%' in init_data_str: # Basic check for URL encoding
+            init_data_str = unquote(init_data_str)
+
+        params = {}
+        for item in init_data_str.split('&'):
+            key, value = item.split('=', 1)
+            params[key] = value
+        
+        hash_to_check = params.pop('hash', None)
+        if not hash_to_check:
+            logging.warning("No hash found in initData")
+            return None
+
+        data_check_arr = [f"{k}={v}" for k, v in sorted(params.items())]
+        data_check_string = "\n".join(data_check_arr)
+
+        secret_key = hmac.new("WebAppData".encode(), bot_token.encode(), hashlib.sha256).digest()
+        calculated_hash = hmac.new(secret_key, data_check_string.encode(), hashlib.sha256).hexdigest()
+
+        if calculated_hash == hash_to_check:
+            user_data = params.get("user")
+            if user_data:
+                return json.loads(user_data) # user_data is a JSON string
+            return {} # Should contain user data if auth is valid
+        else:
+            logging.warning(f"Telegram auth hash mismatch. Calculated: {calculated_hash}, Received: {hash_to_check}")
+            return None
+    except Exception as e:
+        logging.error(f"Error in check_telegram_authorization: {e}", exc_info=True)
+        return None
 
-def get_tg_user_display_name(tg_user_obj):
-    if not tg_user_obj: return "Unknown User"
-    first_name = tg_user_obj.get('first_name', '')
-    last_name = tg_user_obj.get('last_name', '')
-    username = tg_user_obj.get('username')
-    
-    if first_name and last_name: return f"{first_name} {last_name}"
-    if first_name: return first_name
-    if username: return username
-    return f"User {tg_user_obj.get('id')}"
 
 def find_node_by_id(filesystem, node_id):
     if not filesystem: return None, None
     if filesystem.get('id') == node_id:
         return filesystem, None
+
     queue = [(filesystem, None)]
     while queue:
         current_node, parent = queue.pop(0)
         if current_node.get('type') == 'folder' and 'children' in current_node:
-            for child in current_node['children']:
+            for i, child in enumerate(current_node['children']):
                 if child.get('id') == node_id:
                     return child, current_node
                 if child.get('type') == 'folder':
@@ -184,46 +110,66 @@ def remove_node(filesystem, node_id):
     if node_to_remove and parent_node and 'children' in parent_node:
         parent_node['children'] = [child for child in parent_node['children'] if child.get('id') != node_id]
         return True
-    # Handle root node removal attempt if it's the target (should not happen for files/folders within root)
-    elif node_to_remove and node_id == filesystem.get('id') and not parent_node:
-        logger.error("Attempted to remove root node itself via remove_node, which is not supported this way.")
-        return False # Or handle as a special case if needed
+    # Special case: removing root's child directly if filesystem is root and parent_node is None
+    if node_to_remove and filesystem.get('id') == 'root' and parent_node is None:
+        if 'children' in filesystem:
+            filesystem['children'] = [child for child in filesystem['children'] if child.get('id') != node_id]
+            return True
     return False
 
 
 def get_node_path_string(filesystem, node_id):
     path_list = []
     current_id = node_id
+
     while current_id:
         node, parent = find_node_by_id(filesystem, current_id)
-        if not node: break
+        if not node:
+            break
         if node.get('id') != 'root':
              path_list.append(node.get('name', node.get('original_filename', '')))
-        if not parent: break
+        if not parent:
+             break
         current_id = parent.get('id') if parent else None
     return " / ".join(reversed(path_list)) or "Root"
 
-def initialize_user_filesystem(user_data):
-    if 'filesystem' not in user_data:
-        user_data['filesystem'] = {
-            "type": "folder", "id": "root", "name": "root", "children": []
+
+def initialize_user_filesystem(user_data_storage_entry): # Expects the value part of data['users'][telegram_id_str]
+    if 'filesystem' not in user_data_storage_entry:
+        user_data_storage_entry['filesystem'] = {
+            "type": "folder",
+            "id": "root",
+            "name": "root", # Could be user's TG name, but "root" is fine
+            "children": []
         }
+    # Migration logic for old 'files' list, if any, could go here
+    # For simplicity, new TG users start with an empty root folder.
+
 
 @cache.memoize(timeout=300)
 def load_data():
     try:
-        download_db_from_hf()
+        if os.path.exists(DATA_FILE): # Only download if it exists on HF or local is missing
+            download_db_from_hf() 
+        
+        if not os.path.exists(DATA_FILE): # If still not exists, create empty
+             with open(DATA_FILE, 'w', encoding='utf-8') as f:
+                 json.dump({'users': {}}, f)
+             logging.info(f"Created empty local database file: {DATA_FILE}")
+
         with open(DATA_FILE, 'r', encoding='utf-8') as file:
             data = json.load(file)
-        if not isinstance(data, dict):
-            data = {'users': {}}
-        data.setdefault('users', {})
-        for user_id, user_data_val in data['users'].items():
-            initialize_user_filesystem(user_data_val)
-        logger.info("Data successfully loaded and initialized")
-        return data
+            if not isinstance(data, dict):
+                logging.warning("Data is not in dict format, initializing empty database")
+                return {'users': {}}
+            data.setdefault('users', {})
+            # User data is now keyed by str(telegram_user_id)
+            for tg_user_id_str, user_storage_entry in data['users'].items():
+                initialize_user_filesystem(user_storage_entry) # Pass the dict value directly
+            logging.info("Data successfully loaded and initialized for Telegram users")
+            return data
     except Exception as e:
-        logger.error(f"Error loading data: {e}")
+        logging.error(f"Error loading data: {e}")
         return {'users': {}}
 
 def save_data(data):
@@ -232,163 +178,492 @@ def save_data(data):
             json.dump(data, file, ensure_ascii=False, indent=4)
         upload_db_to_hf()
         cache.clear()
-        logger.info("Data saved and uploaded to HF")
+        logging.info("Data saved and uploaded to HF")
     except Exception as e:
-        logger.error(f"Error saving data: {e}")
+        logging.error(f"Error saving data: {e}")
         raise
 
 def upload_db_to_hf():
     if not HF_TOKEN_WRITE:
-        logger.warning("HF_TOKEN_WRITE not set, skipping database upload.")
+        logging.warning("HF_TOKEN_WRITE not set, skipping database upload.")
         return
     try:
         api = HfApi()
         api.upload_file(
-            path_or_fileobj=DATA_FILE, path_in_repo=DATA_FILE, repo_id=REPO_ID,
-            repo_type="dataset", token=HF_TOKEN_WRITE,
+            path_or_fileobj=DATA_FILE,
+            path_in_repo=DATA_FILE,
+            repo_id=REPO_ID,
+            repo_type="dataset",
+            token=HF_TOKEN_WRITE,
             commit_message=f"Backup {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}"
         )
-        logger.info("Database uploaded to Hugging Face")
+        logging.info("Database uploaded to Hugging Face")
     except Exception as e:
-        logger.error(f"Error uploading database: {e}")
+        logging.error(f"Error uploading database: {e}")
 
 def download_db_from_hf():
     if not HF_TOKEN_READ:
-        logger.warning("HF_TOKEN_READ not set, skipping database download.")
+        logging.warning("HF_TOKEN_READ not set, skipping database download.")
         if not os.path.exists(DATA_FILE):
-             with open(DATA_FILE, 'w', encoding='utf-8') as f: json.dump({'users': {}}, f)
+             with open(DATA_FILE, 'w', encoding='utf-8') as f:
+                 json.dump({'users': {}}, f)
         return
     try:
         hf_hub_download(
-            repo_id=REPO_ID, filename=DATA_FILE, repo_type="dataset",
-            token=HF_TOKEN_READ, local_dir=".", local_dir_use_symlinks=False
+            repo_id=REPO_ID,
+            filename=DATA_FILE,
+            repo_type="dataset",
+            token=HF_TOKEN_READ,
+            local_dir=".",
+            local_dir_use_symlinks=False,
+            force_download=True # Ensure we get the latest if available
         )
-        logger.info("Database downloaded from Hugging Face")
-    except (hf_utils.RepositoryNotFoundError, hf_utils.EntryNotFoundError):
-        logger.warning(f"{DATA_FILE} or repo {REPO_ID} not found. Initializing empty database.")
+        logging.info("Database downloaded from Hugging Face")
+    except hf_utils.RepositoryNotFoundError:
+         logging.warning(f"Repository {REPO_ID} not found.")
+         if not os.path.exists(DATA_FILE):
+             with open(DATA_FILE, 'w', encoding='utf-8') as f:
+                 json.dump({'users': {}}, f)
+    except hf_utils.EntryNotFoundError:
+        logging.warning(f"{DATA_FILE} not found in repository {REPO_ID}. Initializing empty database if local also missing.")
         if not os.path.exists(DATA_FILE):
-            with open(DATA_FILE, 'w', encoding='utf-8') as f: json.dump({'users': {}}, f)
+            with open(DATA_FILE, 'w', encoding='utf-8') as f:
+                json.dump({'users': {}}, f)
     except Exception as e:
-        logger.error(f"Error downloading database: {e}")
+        logging.error(f"Error downloading database: {e}")
         if not os.path.exists(DATA_FILE):
-            with open(DATA_FILE, 'w', encoding='utf-8') as f: json.dump({'users': {}}, f)
+            with open(DATA_FILE, 'w', encoding='utf-8') as f:
+                json.dump({'users': {}}, f)
 
 def periodic_backup():
     while True:
-        time.sleep(1800)
+        time.sleep(1800) # Backup every 30 minutes
+        logging.info("Attempting periodic backup...")
+        data = load_data() # Load current data before saving (or just save current state if save_data handles loading)
+        # save_data implicitly uploads, so this might be redundant if data is saved frequently
+        # The main purpose of save_data(data) is to ensure data is written to disk then uploaded.
+        # A direct call to upload_db_to_hf() might be better if we only want to backup the existing disk file.
+        # However, frequent load/save operations are handled by endpoints. This is more of a fallback.
         upload_db_to_hf()
 
+
 def get_file_type(filename):
     filename_lower = filename.lower()
-    if filename_lower.endswith(('.mp4', '.mov', '.avi', '.webm', '.mkv')): return 'video'
-    elif filename_lower.endswith(('.jpg', '.jpeg', '.png', '.gif', '.bmp', '.webp', '.svg')): return 'image'
-    elif filename_lower.endswith('.pdf'): return 'pdf'
-    elif filename_lower.endswith('.txt'): return 'text'
+    if filename_lower.endswith(('.mp4', '.mov', '.avi', '.webm', '.mkv')):
+        return 'video'
+    elif filename_lower.endswith(('.jpg', '.jpeg', '.png', '.gif', '.bmp', '.webp', '.svg')):
+        return 'image'
+    elif filename_lower.endswith('.pdf'):
+        return 'pdf'
+    elif filename_lower.endswith('.txt'):
+        return 'text'
     return 'other'
 
-def is_admin_user():
-    return session.get('telegram_user_id') and str(session.get('telegram_user_id')) == str(ADMIN_TELEGRAM_ID)
-
-# --- HTML TEMPLATES ---
-APP_SHELL_HTML = """
-<!DOCTYPE html><html lang="ru">
-<head>
-    <meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no">
-    <title>Zeus Cloud Mini App</title>
-    <script src="https://telegram.org/js/telegram-web-app.js"></script>
-    <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;800&display=swap" rel="stylesheet">
-    <style>""" + BASE_STYLE + """</style>
-    <script>
-        function setTelegramTheme() {
-            if (window.Telegram && window.Telegram.WebApp) {
-                const tg = window.Telegram.WebApp;
-                tg.ready();
-                if (tg.colorScheme === 'dark') {
-                    document.body.classList.add('dark');
-                }
-                tg.onEvent('themeChanged', function() {
-                    if (tg.colorScheme === 'dark') {
-                        document.body.classList.add('dark');
-                    } else {
-                        document.body.classList.remove('dark');
-                    }
-                });
-                tg.expand(); // Expand the Mini App to full height
+
+BASE_STYLE = '''
+:root {
+    --primary: #ff4d6d; --secondary: #00ddeb; --accent: #8b5cf6;
+    --background-light: #f5f6fa; --background-dark: #1a1625;
+    --card-bg: rgba(255, 255, 255, 0.95); --card-bg-dark: rgba(40, 35, 60, 0.95);
+    --text-light: #2a1e5a; --text-dark: #e8e1ff; --shadow: 0 10px 30px rgba(0, 0, 0, 0.2);
+    --glass-bg: rgba(255, 255, 255, 0.15); --transition: all 0.3s ease; --delete-color: #ff4444;
+    --folder-color: #ffc107;
+}
+* { margin: 0; padding: 0; box-sizing: border-box; }
+body { font-family: 'Inter', sans-serif; background: var(--background-light); color: var(--text-light); line-height: 1.6; -webkit-font-smoothing: antialiased; -moz-osx-font-smoothing: grayscale; }
+body.dark { background: var(--background-dark); color: var(--text-dark); }
+.container { margin: 10px auto; max-width: 100%; padding: 15px; background: var(--card-bg); border-radius: 20px; box-shadow: var(--shadow); overflow-x: hidden; }
+body.dark .container { background: var(--card-bg-dark); }
+h1 { font-size: 1.8em; font-weight: 800; text-align: center; margin-bottom: 20px; background: linear-gradient(135deg, var(--primary), var(--accent)); -webkit-background-clip: text; color: transparent; }
+h2 { font-size: 1.3em; margin-top: 25px; color: var(--text-light); }
+body.dark h2 { color: var(--text-dark); }
+h4 { font-size: 1em; margin-top: 12px; margin-bottom: 4px; color: var(--accent); }
+ol, ul { margin-left: 18px; margin-bottom: 12px; }
+li { margin-bottom: 4px; }
+input, textarea { width: 100%; padding: 12px; margin: 10px 0; border: none; border-radius: 12px; background: var(--glass-bg); color: var(--text-light); font-size: 1em; box-shadow: inset 0 2px 8px rgba(0, 0, 0, 0.1); }
+body.dark input, body.dark textarea { color: var(--text-dark); background: rgba(255,255,255,0.05); }
+input:focus, textarea:focus { outline: none; box-shadow: 0 0 0 3px var(--primary); }
+.btn { padding: 12px 24px; background: var(--primary); color: white; border: none; border-radius: 12px; cursor: pointer; font-size: 1em; font-weight: 600; transition: var(--transition); box-shadow: var(--shadow); display: inline-block; text-decoration: none; margin-top: 4px; margin-right: 4px; }
+.btn:hover { transform: scale(1.03); background: #e6415f; }
+.download-btn { background: var(--secondary); }
+.download-btn:hover { background: #00b8c5; }
+.delete-btn { background: var(--delete-color); }
+.delete-btn:hover { background: #cc3333; }
+.folder-btn { background: var(--folder-color); }
+.folder-btn:hover { background: #e6a000; }
+.flash { color: var(--secondary); text-align: center; margin-bottom: 12px; padding: 8px; background: rgba(0, 221, 235, 0.1); border-radius: 8px; }
+.flash.error { color: var(--delete-color); background: rgba(255, 68, 68, 0.1); }
+.file-grid { display: grid; grid-template-columns: repeat(auto-fill, minmax(150px, 1fr)); gap: 15px; margin-top: 15px; }
+.user-list { margin-top: 15px; }
+.user-item { padding: 12px; background: var(--card-bg); border-radius: 14px; margin-bottom: 8px; box-shadow: var(--shadow); transition: var(--transition); }
+body.dark .user-item { background: var(--card-bg-dark); }
+.user-item:hover { transform: translateY(-4px); }
+.user-item a { color: var(--primary); text-decoration: none; font-weight: 600; }
+.user-item a:hover { color: var(--accent); }
+.item { background: var(--card-bg); padding: 12px; border-radius: 14px; box-shadow: var(--shadow); text-align: center; transition: var(--transition); display: flex; flex-direction: column; justify-content: space-between; }
+body.dark .item { background: var(--card-bg-dark); }
+.item:hover { transform: translateY(-4px); }
+.item-preview { max-width: 100%; height: 100px; object-fit: cover; border-radius: 8px; margin-bottom: 8px; cursor: pointer; display: block; margin-left: auto; margin-right: auto;}
+.item.folder .item-preview { object-fit: contain; font-size: 50px; color: var(--folder-color); line-height: 100px; }
+.item p { font-size: 0.85em; margin: 4px 0; word-break: break-all; }
+.item a { color: var(--primary); text-decoration: none; }
+.item a:hover { color: var(--accent); }
+.item-actions { margin-top: 8px; display: flex; flex-wrap: wrap; gap: 4px; justify-content: center; }
+.item-actions .btn { font-size: 0.8em; padding: 4px 8px; }
+.modal { display: none; position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: rgba(0, 0, 0, 0.85); z-index: 2000; justify-content: center; align-items: center; }
+.modal-content { max-width: 95vw; max-height: 95vh; background: #fff; padding: 8px; border-radius: 12px; overflow: auto; position: relative; }
+body.dark .modal-content { background: var(--card-bg-dark); }
+.modal img, .modal video, .modal iframe, .modal pre { max-width: 100%; max-height: 80vh; display: block; margin: auto; border-radius: 8px; }
+.modal iframe { width: 90vw; height: 80vh; border: none; }
+.modal pre { background: #eee; color: #333; padding: 12px; border-radius: 6px; white-space: pre-wrap; word-wrap: break-word; text-align: left; max-height: 80vh; overflow-y: auto;}
+body.dark .modal pre { background: #2b2a33; color: var(--text-dark); }
+.modal-close-btn { position: absolute; top: 10px; right: 15px; font-size: 24px; color: #aaa; cursor: pointer; background: rgba(0,0,0,0.5); border-radius: 50%; width: 24px; height: 24px; line-height: 24px; text-align: center; }
+body.dark .modal-close-btn { color: #555; background: rgba(255,255,255,0.2); }
+#progress-container { width: 100%; background: var(--glass-bg); border-radius: 8px; margin: 12px 0; display: none; position: relative; height: 18px; }
+#progress-bar { width: 0%; height: 100%; background: var(--primary); border-radius: 8px; transition: width 0.3s ease; }
+#progress-text { position: absolute; width: 100%; text-align: center; line-height: 18px; color: white; font-size: 0.8em; font-weight: bold; text-shadow: 1px 1px 1px rgba(0,0,0,0.5); }
+.breadcrumbs { margin-bottom: 15px; font-size: 1em; }
+.breadcrumbs a { color: var(--accent); text-decoration: none; }
+.breadcrumbs a:hover { text-decoration: underline; }
+.breadcrumbs span { margin: 0 4px; color: #aaa; }
+.folder-actions { margin-top: 15px; margin-bottom: 8px; display: flex; gap: 8px; align-items: center; flex-wrap: wrap; }
+.folder-actions input[type=text] { width: auto; flex-grow: 1; margin: 0; min-width: 120px; }
+.folder-actions .btn { margin: 0; flex-shrink: 0;}
+#tg-user-info { margin-bottom: 15px; padding: 10px; background: var(--glass-bg); border-radius: 8px; text-align: center; font-size: 0.9em;}
+body.dark #tg-user-info { background: rgba(255,255,255,0.05); }
+@media (max-width: 480px) {
+    .container { padding: 10px; margin: 5px auto; }
+    .file-grid { grid-template-columns: repeat(auto-fill, minmax(120px, 1fr)); gap: 10px; }
+    .item-preview { height: 80px; }
+    .item.folder .item-preview { font-size: 40px; line-height: 80px; }
+    .item p { font-size: 0.8em;}
+    .breadcrumbs { font-size: 0.9em; }
+    .btn { padding: 10px 20px; font-size: 0.9em; }
+    .item-actions .btn { padding: 3px 6px; font-size: 0.7em;}
+    h1 { font-size: 1.6em; }
+}
+'''
+
+@app.route('/')
+def index_page():
+    # This page will initiate Telegram authentication
+    # It will not require prior Flask session auth.
+    # After TG auth, it redirects to dashboard.
+    html = '''
+<!DOCTYPE html><html lang="ru"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no">
+<title>Zeus Cloud Aut</title><link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;800&display=swap" rel="stylesheet">
+<script src="https://telegram.org/js/telegram-web-app.js"></script>
+<style>''' + BASE_STYLE + '''
+body { display: flex; justify-content: center; align-items: center; min-height: 100vh; text-align: center; }
+.auth-container p { font-size: 1.2em; }
+</style></head><body class="dark"> <div class="container auth-container"> <h1>Zeus Cloud</h1> <p id="auth-status">Аутентификация через Telegram...</p> </div>
+<script>
+    Telegram.WebApp.ready();
+    Telegram.WebApp.expand(); // Expand the Mini App to full height
+
+    async function authenticateWithTelegram() {
+        const statusEl = document.getElementById('auth-status');
+        const initData = Telegram.WebApp.initData;
+
+        if (!initData && !{{ 'true' if MOCK_TELEGRAM_MODE else 'false' }}) { // Allow mock mode to proceed
+            statusEl.innerHTML = "Ошибка: Пожалуйста, откройте это приложение через вашего Telegram бота.";
+            Telegram.WebApp.showAlert("Ошибка: Пожалуйста, откройте это приложение через вашего Telegram бота.");
+            return;
+        }
+        
+        let authPayload = { initData: initData };
+        let authUrl = '/auth/telegram';
+
+        // Mocking for local development
+        if ({{ 'true' if MOCK_TELEGRAM_MODE else 'false' }} && !initData) {
+            const urlParams = new URLSearchParams(window.location.search);
+            const mockUserId = urlParams.get('mock_user_id');
+            if (mockUserId) {
+                authUrl = `/auth/telegram?mock_user_id=${mockUserId}`;
+                statusEl.innerHTML = `Аутентификация (MOCK для ID: ${mockUserId})...`;
+            } else {
+                 statusEl.innerHTML = "MOCK MODE: Добавьте ?mock_user_id=ВАШ_ID_ТЕЛЕГРАМ для теста.";
+                 Telegram.WebApp.showAlert("MOCK MODE: Добавьте ?mock_user_id=ВАШ_ID_ТЕЛЕГРАМ для теста.");
+                 return;
+            }
+        }
+
+
+        try {
+            const response = await fetch(authUrl, {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify(authPayload) // Sending initData here
+            });
+            const result = await response.json();
+            if (result.status === 'success') {
+                statusEl.textContent = 'Аутентификация успешна! Перенаправление...';
+                window.location.href = result.redirect_url || '{{ url_for("dashboard") }}';
+            } else {
+                statusEl.innerHTML = `Ошибка аутентификации: ${result.message}`;
+                Telegram.WebApp.showAlert('Ошибка аутентификации: ' + result.message);
             }
+        } catch (error) {
+            statusEl.innerHTML = `Ошибка подключения к серверу: ${error.toString()}`;
+            Telegram.WebApp.showAlert('Ошибка подключения к серверу: ' + error.message);
+            console.error("Auth error:", error);
         }
-        setTelegramTheme();
-    </script>
-</head>
-<body>
-    <div id="app-container">
-        {% if not authenticated %}
-            <div id="auth-message">Аутентификация через Telegram...</div>
-            <script>
-                window.onload = function() {
-                    if (window.Telegram && window.Telegram.WebApp) {
-                        const tg = window.Telegram.WebApp;
-                        if (tg.initData) {
-                            fetch("{{ url_for('telegram_auth_handler') }}", {
-                                method: 'POST',
-                                headers: { 'Content-Type': 'application/json' },
-                                body: JSON.stringify({ initData: tg.initData })
-                            })
-                            .then(response => response.json())
-                            .then(data => {
-                                if (data.status === 'success') {
-                                    window.location.href = "{{ url_for('dashboard') }}";
-                                } else {
-                                    document.getElementById('auth-message').innerText = 'Ошибка аутентификации: ' + data.message;
-                                    tg.showAlert('Ошибка аутентификации: ' + data.message);
-                                }
-                            })
-                            .catch(error => {
-                                document.getElementById('auth-message').innerText = 'С��тевая ошибка аутентификации.';
-                                tg.showAlert('Сетевая ошибка аутентификации: ' + error.toString());
-                            });
-                        } else {
-                            document.getElementById('auth-message').innerText = 'Не удалось получить данные Telegram. Пожалуйста, откройте это приложение через Telegram.';
-                            tg.showAlert('Не удалось получить данные Telegram. Пожалуйста, откройте это приложение через Telegram.');
-                        }
-                    } else {
-                        document.getElementById('auth-message').innerText = 'Это приложение предназначено для запуска внутри Telegram.';
+    }
+    authenticateWithTelegram();
+</script></body></html>'''
+    return render_template_string(html)
+
+@app.route('/auth/telegram', methods=['POST'])
+def auth_telegram():
+    telegram_user = None
+    
+    # Mocking for local development
+    mock_user_id_str = request.args.get('mock_user_id')
+    if MOCK_TELEGRAM_MODE and mock_user_id_str:
+        try:
+            mock_user_id = int(mock_user_id_str)
+            telegram_user = {
+                "id": mock_user_id,
+                "first_name": "MockUser",
+                "username": f"mockuser{mock_user_id}",
+                "is_bot": False,
+                "language_code": "en"
+            }
+            logging.info(f"Using MOCK Telegram user: {telegram_user}")
+        except ValueError:
+            return jsonify({'status': 'error', 'message': 'Invalid mock_user_id.'}), 400
+    else:
+        # Actual Telegram authentication
+        try:
+            payload = request.get_json()
+            init_data_str = payload.get('initData')
+        except Exception as e:
+            logging.error(f"Failed to parse JSON payload: {e}")
+            return jsonify({'status': 'error', 'message': 'Invalid request format.'}), 400
+
+        if not init_data_str:
+            return jsonify({'status': 'error', 'message': 'initData is missing.'}), 400
+
+        telegram_user = check_telegram_authorization(init_data_str, BOT_API_TOKEN)
+
+    if telegram_user and telegram_user.get("id"):
+        telegram_user_id = telegram_user["id"]
+        telegram_user_id_str = str(telegram_user_id)
+        
+        session['telegram_user_id'] = telegram_user_id
+        session['telegram_username'] = telegram_user.get('username', telegram_user.get('first_name', f'User{telegram_user_id}'))
+        session['telegram_first_name'] = telegram_user.get('first_name', '')
+        session['telegram_last_name'] = telegram_user.get('last_name', '')
+
+        data = load_data()
+        if telegram_user_id_str not in data['users']:
+            data['users'][telegram_user_id_str] = {
+                'telegram_info': telegram_user, # Store full TG info
+                'created_at': datetime.now().strftime('%Y-%m-%d %H:%M:%S'),
+                'filesystem': {
+                    "type": "folder", "id": "root", "name": "root", "children": []
+                }
+            }
+            logging.info(f"New Telegram user created: {telegram_user_id_str}")
+        else:
+            # Update telegram_info if it changed
+            data['users'][telegram_user_id_str]['telegram_info'] = telegram_user
+            initialize_user_filesystem(data['users'][telegram_user_id_str]) # Ensure filesystem exists
+            logging.info(f"Existing Telegram user logged in: {telegram_user_id_str}")
+        
+        try:
+            save_data(data)
+            return jsonify({'status': 'success', 'redirect_url': url_for('dashboard')})
+        except Exception as e:
+            logging.error(f"Error saving data during Telegram auth for {telegram_user_id_str}: {e}")
+            return jsonify({'status': 'error', 'message': 'Failed to save user data.'}), 500
+    else:
+        logging.warning("Telegram authentication failed or no user data returned from check.")
+        return jsonify({'status': 'error', 'message': 'Telegram authentication failed.'}), 403
+
+
+@app.route('/dashboard', methods=['GET', 'POST'])
+def dashboard():
+    if 'telegram_user_id' not in session:
+        flash('Пожалуйста, пройдите аутентификацию через Telegram.')
+        return redirect(url_for('index_page')) # Redirect to auth trigger page
+
+    telegram_user_id = str(session['telegram_user_id'])
+    telegram_username = session.get('telegram_username', f'User {telegram_user_id}')
+
+    data = load_data()
+    if telegram_user_id not in data['users']:
+        session.clear() # Clear corrupted session
+        flash('Пользователь не найден в базе данных! Пожалуйста, пройдите аутентификацию снова.')
+        return redirect(url_for('index_page'))
+
+    user_storage_entry = data['users'][telegram_user_id] # This is the dict value
+    # Ensure filesystem is initialized (should be done at auth, but double check)
+    if 'filesystem' not in user_storage_entry:
+         initialize_user_filesystem(user_storage_entry)
+
+
+    current_folder_id = request.args.get('folder_id', 'root')
+    # Filesystem is directly under user_storage_entry
+    current_folder, parent_folder = find_node_by_id(user_storage_entry['filesystem'], current_folder_id)
+
+    if not current_folder or current_folder.get('type') != 'folder':
+        flash('Папка не найдена!', 'error')
+        current_folder_id = 'root'
+        current_folder, parent_folder = find_node_by_id(user_storage_entry['filesystem'], current_folder_id)
+        if not current_folder: # Should not happen if initialized correctly
+             logging.error(f"CRITICAL: Root folder not found for user {telegram_user_id}")
+             flash('Критическая ошибка: корневая папка не найдена.', 'error')
+             session.clear()
+             return redirect(url_for('index_page'))
+
+    items_in_folder = sorted(current_folder.get('children', []), key=lambda x: (x['type'] != 'folder', x.get('name', x.get('original_filename', '')).lower()))
+
+    if request.method == 'POST':
+        if not HF_TOKEN_WRITE:
+             flash('Загрузка невозможна: токен для записи не настроен.', 'error')
+             return redirect(url_for('dashboard', folder_id=current_folder_id))
+
+        files = request.files.getlist('files')
+        if not files or all(not f.filename for f in files):
+             flash('Файлы для загрузки не выбраны.', 'error')
+             return redirect(url_for('dashboard', folder_id=current_folder_id))
+
+        if len(files) > 20:
+            flash('Максимум 20 файлов за раз!', 'error')
+            return redirect(url_for('dashboard', folder_id=current_folder_id))
+
+        target_folder_id = request.form.get('current_folder_id', 'root')
+        target_folder_node, _ = find_node_by_id(user_storage_entry['filesystem'], target_folder_id)
+
+        if not target_folder_node or target_folder_node.get('type') != 'folder':
+             flash('Целевая папка для загрузки не найдена!', 'error')
+             return redirect(url_for('dashboard'))
+
+        api = HfApi()
+        uploaded_count = 0
+        errors = []
+
+        for file_in_request in files:
+            if file_in_request and file_in_request.filename:
+                original_filename = secure_filename(file_in_request.filename)
+                name_part, ext_part = os.path.splitext(original_filename)
+                unique_suffix = uuid.uuid4().hex[:8]
+                unique_filename = f"{name_part}_{unique_suffix}{ext_part}"
+                file_id = uuid.uuid4().hex
+
+                # Use telegram_user_id in HF path
+                hf_path = f"cloud_files/{telegram_user_id}/{target_folder_id}/{unique_filename}"
+                temp_path = os.path.join(UPLOAD_FOLDER, f"{file_id}_{unique_filename}")
+
+                try:
+                    file_in_request.save(temp_path)
+                    commit_msg = f"User {telegram_username} (ID: {telegram_user_id}) uploaded {original_filename} to folder {target_folder_id}"
+                    api.upload_file(
+                        path_or_fileobj=temp_path,
+                        path_in_repo=hf_path,
+                        repo_id=REPO_ID,
+                        repo_type="dataset",
+                        token=HF_TOKEN_WRITE,
+                        commit_message=commit_msg
+                    )
+
+                    file_info = {
+                        'type': 'file',
+                        'id': file_id,
+                        'original_filename': original_filename,
+                        'unique_filename': unique_filename,
+                        'path': hf_path,
+                        'file_type': get_file_type(original_filename),
+                        'upload_date': datetime.now().strftime('%Y-%m-%d %H:%M:%S')
                     }
-                };
-            </script>
-        {% else %}
-            <!-- Content will be filled by dashboard route -->
-            {{ content | safe if content else "" }}
-        {% endif %}
-    </div>
-</body></html>
-"""
 
-DASHBOARD_CONTENT_HTML = """
+                    if add_node(user_storage_entry['filesystem'], target_folder_id, file_info):
+                        uploaded_count += 1
+                    else:
+                        errors.append(f"Ошибка добавления метаданных для {original_filename}.")
+                        logging.error(f"Failed to add node metadata for file {file_id} to folder {target_folder_id} for user {telegram_user_id}")
+                        try:
+                            api.delete_file(path_in_repo=hf_path, repo_id=REPO_ID, repo_type="dataset", token=HF_TOKEN_WRITE)
+                        except Exception as del_err:
+                            logging.error(f"Failed to delete orphaned file {hf_path} from HF Hub: {del_err}")
+
+                except Exception as e:
+                    logging.error(f"Error uploading file {original_filename} for {telegram_user_id}: {e}")
+                    errors.append(f"Ошибка загрузки файла {original_filename}: {e}")
+                finally:
+                    if os.path.exists(temp_path):
+                        os.remove(temp_path)
+        
+        if uploaded_count > 0 or errors: # Save data if anything happened or if there were errors to record
+            try:
+                save_data(data)
+                if uploaded_count > 0:
+                    flash(f'{uploaded_count} файл(ов) успешно загружено!')
+            except Exception as e:
+                 flash('Файлы загружены на сервер, но произошла ошибка сохранения метаданных.', 'error')
+                 logging.error(f"Error saving data after upload for {telegram_user_id}: {e}")
+
+        if errors:
+            for error_msg in errors:
+                flash(error_msg, 'error')
+        
+        return redirect(url_for('dashboard', folder_id=target_folder_id))
+
+    breadcrumbs = []
+    temp_id = current_folder_id
+    while temp_id:
+        node, parent = find_node_by_id(user_storage_entry['filesystem'], temp_id)
+        if not node: break
+        is_link = (node['id'] != current_folder_id)
+        breadcrumbs.append({'id': node['id'], 'name': node.get('name', 'Root'), 'is_link': is_link})
+        if not parent: break # Reached root or disconnected node
+        temp_id = parent.get('id') if parent else None # Parent of root is None
+    breadcrumbs.reverse()
+
+    html = '''
+<!DOCTYPE html><html lang="ru"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no">
+<title>Панель управления - Zeus Cloud</title><link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;800&display=swap" rel="stylesheet">
+<script src="https://telegram.org/js/telegram-web-app.js"></script>
+<style>''' + BASE_STYLE + '''</style></head><body class="dark">
 <div class="container">
-<h1>Zeus Cloud</h1><p>Пользователь: {{ user_display_name }}</p>
+<h1>Zeus Cloud</h1>
+<div id="tg-user-info">Пользователь: {{ telegram_username }} (ID: {{ telegram_user_id }})</div>
+
 {% with messages = get_flashed_messages(with_categories=true) %}
-    {% if messages %}{% for category, message in messages %}<div class="flash {{ category }}">{{ message }}</div>{% endfor %}{% endif %}
+    {% if messages %}
+        {% for category, message in messages %}
+            <div class="flash {{ category }}">{{ message }}</div>
+        {% endfor %}
+    {% endif %}
 {% endwith %}
+
 <div class="breadcrumbs">
     {% for crumb in breadcrumbs %}
-        {% if crumb.is_link %}<a href="{{ url_for('dashboard', folder_id=crumb.id) }}">{{ crumb.name if crumb.id != 'root' else 'Главная' }}</a>
-        {% else %}<span>{{ crumb.name if crumb.id != 'root' else 'Главная' }}</span>{% endif %}
+        {% if crumb.is_link %}
+            <a href="{{ url_for('dashboard', folder_id=crumb.id) }}">{{ crumb.name if crumb.id != 'root' else 'Главная' }}</a>
+        {% else %}
+            <span>{{ crumb.name if crumb.id != 'root' else 'Главная' }}</span>
+        {% endif %}
         {% if not loop.last %}<span>/</span>{% endif %}
     {% endfor %}
 </div>
+
 <div class="folder-actions">
     <form method="POST" action="{{ url_for('create_folder') }}" style="display: contents;">
         <input type="hidden" name="parent_folder_id" value="{{ current_folder_id }}">
-        <input type="text" name="folder_name" placeholder="Имя новой папки" required>
+        <input type="text" name="folder_name" placeholder="Имя новой папки" required pattern="[a-zA-Z0-9_\\s]{1,50}">
         <button type="submit" class="btn folder-btn">Создать папку</button>
     </form>
 </div>
-<form id="upload-form" method="POST" enctype="multipart/form-data" action="{{ url_for('dashboard_upload_action') }}">
+
+<form id="upload-form" method="POST" enctype="multipart/form-data" action="{{ url_for('dashboard') }}">
     <input type="hidden" name="current_folder_id" value="{{ current_folder_id }}">
-    <input type="file" name="files" id="file-input" multiple required style="margin-bottom:10px; display:block; width:100%;">
-    <button type="submit" class="btn" id="upload-btn" style="width:100%;">Загрузить файлы сюда</button>
+    <input type="file" name="files" id="file-input" multiple required>
+    <button type="submit" class="btn" id="upload-btn">Загрузить файлы сюда</button>
 </form>
 <div id="progress-container"><div id="progress-bar"></div><div id="progress-text">0%</div></div>
+
 <h2>Содержимое папки: {{ current_folder.name if current_folder_id != 'root' else 'Главная' }}</h2>
 <div class="file-grid">
     {% for item in items %}
@@ -398,7 +673,7 @@ DASHBOARD_CONTENT_HTML = """
                 <p><b>{{ item.name }}</b></p>
                 <div class="item-actions">
                     <a href="{{ url_for('dashboard', folder_id=item.id) }}" class="btn folder-btn">Открыть</a>
-                     <form method="POST" action="{{ url_for('delete_folder', folder_id=item.id) }}" style="display: inline;" onsubmit="return confirmDelete('Удалить папку {{ item.name }}? Папку можно удалить только если она пуста.');">
+                     <form method="POST" action="{{ url_for('delete_folder', folder_id=item.id) }}" style="display: inline;" onsubmit="return confirm('Удалить папку {{ item.name }}? Папку можно удалить только если она пуста.');">
                          <input type="hidden" name="current_view_folder_id" value="{{ current_folder_id }}">
                          <button type="submit" class="btn delete-btn">Удалить</button>
                      </form>
@@ -413,13 +688,13 @@ DASHBOARD_CONTENT_HTML = """
                            onclick="openModal('{{ hf_file_url(item.path) }}', '{{ item.file_type }}', '{{ item.id }}')">
                            <source src="{{ hf_file_url(item.path, True) }}#t=0.5" type="video/mp4"> Your browser does not support the video tag. </video>
                  {% elif item.file_type == 'pdf' %}
-                     <div class="item-preview" style="font-size: 60px; line-height: 100px; color: var(--accent); cursor: pointer;"
+                     <div class="item-preview" style="font-size: 60px; line-height: 130px; color: var(--accent); cursor: pointer;"
                           onclick="openModal('{{ hf_file_url(item.path, True) }}', '{{ item.file_type }}', '{{ item.id }}')">📄</div>
                  {% elif item.file_type == 'text' %}
-                      <div class="item-preview" style="font-size: 60px; line-height: 100px; color: var(--secondary); cursor: pointer;"
+                      <div class="item-preview" style="font-size: 60px; line-height: 130px; color: var(--secondary); cursor: pointer;"
                            onclick="openModal('{{ url_for('get_text_content', file_id=item.id) }}', '{{ item.file_type }}', '{{ item.id }}')">📝</div>
                  {% else %}
-                     <div class="item-preview" style="font-size: 60px; line-height: 100px; color: #aaa;">❓</div>
+                     <div class="item-preview" style="font-size: 60px; line-height: 130px; color: #aaa;">❓</div>
                  {% endif %}
                  <p title="{{ item.original_filename }}">{{ item.original_filename | truncate(25, True) }}</p>
                  <p style="font-size: 0.8em; color: #888;">{{ item.upload_date }}</p>
@@ -429,7 +704,7 @@ DASHBOARD_CONTENT_HTML = """
                     <button class="btn" style="background: var(--accent);"
                             onclick="openModal('{{ hf_file_url(item.path) if item.file_type != 'text' else url_for('get_text_content', file_id=item.id) }}', '{{ item.file_type }}', '{{ item.id }}')">Просмотр</button>
                     {% endif %}
-                    <form method="POST" action="{{ url_for('delete_file', file_id=item.id) }}" style="display: inline;" onsubmit="return confirmDelete('Вы уверены, что хотите удалить файл {{ item.original_filename }}?');">
+                    <form method="POST" action="{{ url_for('delete_file', file_id=item.id) }}" style="display: inline;" onsubmit="return confirm('Вы уверены, что хотите удалить файл {{ item.original_filename }}?');">
                         <input type="hidden" name="current_view_folder_id" value="{{ current_folder_id }}">
                         <button type="submit" class="btn delete-btn">Удалить</button>
                     </form>
@@ -439,417 +714,234 @@ DASHBOARD_CONTENT_HTML = """
     {% endfor %}
     {% if not items %} <p>Эта папка пуста.</p> {% endif %}
 </div>
-<button onclick="logoutAndClose()" class="btn" style="margin-top: 20px; background: var(--delete-color); width:100%;">Выйти и закрыть</button>
+
+<a href="{{ url_for('logout') }}" class="btn" style="margin-top: 20px;" id="logout-btn">Выйти (очистить сессию)</a>
 </div>
+
 <div class="modal" id="mediaModal" onclick="closeModal(event)">
     <div class="modal-content" id="modalContentContainer">
         <span onclick="closeModalManual()" class="modal-close-btn">×</span>
         <div id="modalContent"></div>
     </div>
 </div>
+
 <script>
+    Telegram.WebApp.ready();
+    Telegram.WebApp.expand();
+    if (Telegram.WebApp.themeParams.bg_color) {
+        document.body.style.backgroundColor = Telegram.WebApp.themeParams.bg_color;
+        if (isColorDark(Telegram.WebApp.themeParams.bg_color)) {
+            document.body.classList.add('dark');
+        } else {
+            document.body.classList.remove('dark');
+        }
+    }
+    Telegram.WebApp.onEvent('themeChanged', function() {
+        if (Telegram.WebApp.themeParams.bg_color) {
+            document.body.style.backgroundColor = Telegram.WebApp.themeParams.bg_color;
+            if (isColorDark(Telegram.WebApp.themeParams.bg_color)) {
+                document.body.classList.add('dark');
+            } else {
+                document.body.classList.remove('dark');
+            }
+        }
+    });
+
+    function isColorDark(hexColor) {
+        if (!hexColor) return true; // Default to dark if no color
+        const color = hexColor.substring(1); // Remove #
+        const r = parseInt(color.substring(0, 2), 16);
+        const g = parseInt(color.substring(2, 4), 16);
+        const b = parseInt(color.substring(4, 6), 16);
+        // HSP equation from http://alienryderflex.com/hsp.html
+        const hsp = Math.sqrt(0.299 * (r * r) + 0.587 * (g * g) + 0.114 * (b * b));
+        return hsp < 127.5; // Threshold for dark
+    }
+
+
     const repoId = "{{ repo_id }}";
     const hfTokenRead = "{{ HF_TOKEN_READ or '' }}";
 
     function hfFileUrl(path, download = false) {
         let url = `https://huggingface.co/datasets/${repoId}/resolve/main/${path}`;
         if (download) url += '?download=true';
+        // No need for HF_TOKEN_READ in URL for public repos, or if using signed URLs (not implemented here)
         return url;
     }
-    
-    function confirmDelete(message) {
-        if (window.Telegram && window.Telegram.WebApp) {
-            window.Telegram.WebApp.showConfirm(message, function(confirmed) {
-                if (confirmed) {
-                    event.target.submit();
-                }
-            });
-            return false; 
-        }
-        return confirm(message); 
-    }
 
     async function openModal(srcOrUrl, type, itemId) {
         const modal = document.getElementById('mediaModal');
         const modalContent = document.getElementById('modalContent');
         modalContent.innerHTML = '<p>Загрузка...</p>';
         modal.style.display = 'flex';
+
         try {
-            if (type === 'image') modalContent.innerHTML = `<img src="${srcOrUrl}" alt="Просмотр изображения">`;
-            else if (type === 'video') modalContent.innerHTML = `<video controls autoplay style='max-width: 95%; max-height: 85vh;'><source src="${srcOrUrl}" type="video/mp4">Ваш браузер не поддерживает видео.</video>`;
-            else if (type === 'pdf') modalContent.innerHTML = `<iframe src="${srcOrUrl}" title="Просмотр PDF"></iframe>`;
-            else if (type === 'text') {
-                const response = await fetch(srcOrUrl);
+            if (type === 'image') {
+                modalContent.innerHTML = `<img src="${srcOrUrl}" alt="Просмотр изображения">`;
+            } else if (type === 'video') {
+                modalContent.innerHTML = `<video controls autoplay style='max-width: 95%; max-height: 85vh;'><source src="${srcOrUrl}" type="video/mp4">Ваш браузер не поддерживает видео.</video>`;
+            } else if (type === 'pdf') {
+                // For PDFs, a direct link might be better if iframe causes issues in Mini App
+                // Telegram.WebApp.openLink(srcOrUrl);
+                // modal.style.display = 'none'; // Close our modal as TG will handle it
+                // return; 
+                // Or try iframe:
+                modalContent.innerHTML = `<iframe src="${srcOrUrl}" title="Просмотр PDF"></iframe>`;
+            } else if (type === 'text') {
+                const response = await fetch(srcOrUrl); // This fetch needs to be auth'd if endpoint is protected
                 if (!response.ok) throw new Error(`Ошибка загрузки текста: ${response.statusText}`);
                 const text = await response.text();
                 const escapedText = text.replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">");
                 modalContent.innerHTML = `<pre>${escapedText}</pre>`;
-            } else modalContent.innerHTML = '<p>Предпросмотр для этого типа файла не поддерживается.</p>';
+            } else {
+                 modalContent.innerHTML = '<p>Предпросмотр для этого типа файла не поддерживается.</p>';
+            }
         } catch (error) {
              console.error("Error loading modal content:", error);
              modalContent.innerHTML = `<p>Не удалось загрузить содержимое для предпросмотра. ${error.message}</p>`;
-             if (window.Telegram && window.Telegram.WebApp) window.Telegram.WebApp.showAlert("Ошибка загрузки предпросмотра: " + error.message);
+             Telegram.WebApp.showAlert("Ошибка предпросмотра: " + error.message);
         }
     }
+
     function closeModal(event) {
-        if (event.target === document.getElementById('mediaModal')) closeModalManual();
+        const modal = document.getElementById('mediaModal');
+        if (event.target === modal) {
+            closeModalManual();
+        }
     }
+
     function closeModalManual() {
          const modal = document.getElementById('mediaModal');
          modal.style.display = 'none';
-         const video = modal.querySelector('video'); if (video) video.pause();
-         const iframe = modal.querySelector('iframe'); if (iframe) iframe.src = 'about:blank';
+         const video = modal.querySelector('video');
+         if (video) video.pause();
+         const iframe = modal.querySelector('iframe');
+         if (iframe) iframe.src = 'about:blank'; // Clear iframe content
          document.getElementById('modalContent').innerHTML = '';
     }
+
     const form = document.getElementById('upload-form');
     const fileInput = document.getElementById('file-input');
     const progressBar = document.getElementById('progress-bar');
     const progressText = document.getElementById('progress-text');
     const progressContainer = document.getElementById('progress-container');
     const uploadBtn = document.getElementById('upload-btn');
+
     form.addEventListener('submit', function(e) {
-        e.preventDefault();
+        // e.preventDefault(); // Using XHR for progress, so prevent default
+
         const files = fileInput.files;
         if (files.length === 0) {
-             if (window.Telegram && window.Telegram.WebApp) window.Telegram.WebApp.showAlert('Пожалуйста, выберите файлы для загрузки.'); else alert('Пожалуйста, выберите файлы для загрузки.');
+             Telegram.WebApp.showAlert('Пожалуйста, выберите файлы для загрузки.');
+             e.preventDefault(); // Stop submission
              return;
         }
-        if (files.length > 20) {
-             if (window.Telegram && window.Telegram.WebApp) window.Telegram.WebApp.showAlert('Максимум 20 файлов за раз!'); else alert('Максимум 20 файлов за раз!');
+         if (files.length > 20) {
+             Telegram.WebApp.showAlert('Максимум 20 файлов за раз!');
+             e.preventDefault(); // Stop submission
              return;
-        }
-        progressContainer.style.display = 'block'; progressBar.style.width = '0%'; progressText.textContent = '0%';
-        uploadBtn.disabled = true; uploadBtn.textContent = 'Загрузка...';
-        if (window.Telegram && window.Telegram.WebApp) window.Telegram.WebApp.MainButton.showProgress();
+         }
+
+        // If not using XHR, remove preventDefault and below XHR code.
+        // For simple form submission, the browser handles it.
+        // But for progress, we need XHR.
+        e.preventDefault(); 
+
+        progressContainer.style.display = 'block';
+        progressBar.style.width = '0%';
+        progressText.textContent = '0%';
+        uploadBtn.disabled = true;
+        uploadBtn.textContent = 'Загрузка...';
+        Telegram.WebApp.MainButton.setText('Загрузка...');
+        Telegram.WebApp.MainButton.showProgress();
+        Telegram.WebApp.MainButton.disable();
+
+
+        const formData = new FormData(form);
+        const xhr = new XMLHttpRequest();
 
-        const formData = new FormData(form); const xhr = new XMLHttpRequest();
         xhr.upload.addEventListener('progress', function(event) {
             if (event.lengthComputable) {
                 const percentComplete = Math.round((event.loaded / event.total) * 100);
-                progressBar.style.width = percentComplete + '%'; progressText.textContent = percentComplete + '%';
+                progressBar.style.width = percentComplete + '%';
+                progressText.textContent = percentComplete + '%';
             }
         });
+
         xhr.addEventListener('load', function() {
-            uploadBtn.disabled = false; uploadBtn.textContent = 'Загрузить файлы сюда'; progressContainer.style.display = 'none';
-            if (window.Telegram && window.Telegram.WebApp) window.Telegram.WebApp.MainButton.hideProgress();
-            window.location.reload();
+            uploadBtn.disabled = false;
+            uploadBtn.textContent = 'Загрузить файлы сюда';
+            progressContainer.style.display = 'none';
+            Telegram.WebApp.MainButton.hideProgress();
+            Telegram.WebApp.MainButton.setText('Загрузить'); // Or original text
+            Telegram.WebApp.MainButton.enable();
+            // The page will reload due to redirect from server, or handle response here
+            // For simplicity, server redirects, page reloads flashing messages.
+            // If response is JSON:
+            // const response = JSON.parse(xhr.responseText);
+            // if (response.status === 'success') { window.location.href = response.redirect; } etc.
+            window.location.reload(); // Force reload to see changes and flashes
         });
+
         xhr.addEventListener('error', function() {
-            if (window.Telegram && window.Telegram.WebApp) { window.Telegram.WebApp.showAlert('Произошла ошибка во время загрузки.'); window.Telegram.WebApp.MainButton.hideProgress(); }
-            else alert('Произошла ошибка во время загрузки.');
-            uploadBtn.disabled = false; uploadBtn.textContent = 'Загрузить файлы сюда'; progressContainer.style.display = 'none';
+            Telegram.WebApp.showAlert('Произошла ошибка во время загрузки.');
+            uploadBtn.disabled = false;
+            uploadBtn.textContent = 'Загрузить файлы сюда';
+            progressContainer.style.display = 'none';
+            Telegram.WebApp.MainButton.hideProgress();
+            Telegram.WebApp.MainButton.enable();
+        });
+        xhr.addEventListener('abort', function() {
+            Telegram.WebApp.showAlert('Загрузка отменена.');
+            uploadBtn.disabled = false;
+            uploadBtn.textContent = 'Загрузить файлы сюда';
+            progressContainer.style.display = 'none';
+            Telegram.WebApp.MainButton.hideProgress();
+            Telegram.WebApp.MainButton.enable();
         });
-        xhr.open('POST', form.action, true); xhr.send(formData);
+
+        xhr.open('POST', form.action, true);
+        xhr.send(formData);
     });
-    function logoutAndClose() {
-        fetch("{{ url_for('logout') }}", { method: 'POST' })
-            .then(() => { if (window.Telegram && window.Telegram.WebApp) window.Telegram.WebApp.close(); else window.location.href = "/"; });
-    }
-    if (window.Telegram && window.Telegram.WebApp) {
-        window.Telegram.WebApp.BackButton.onClick(() => { window.history.back(); });
-        if (window.location.pathname !== new URL("{{url_for('dashboard', folder_id='root')}}").pathname) { // Only show back if not on root
-             window.Telegram.WebApp.BackButton.show();
-        } else {
-             window.Telegram.WebApp.BackButton.hide();
-        }
-    }
+    
+    document.getElementById('logout-btn').addEventListener('click', function(e) {
+        e.preventDefault();
+        // For Mini Apps, "logout" is less common. Closing is typical.
+        // This clears the Flask session.
+        window.location.href = this.href; 
+    });
+
 </script>
-"""
-
-ADMIN_PANEL_HTML = """
-<!DOCTYPE html><html lang="ru"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>Админ-панель</title>
-<script src="https://telegram.org/js/telegram-web-app.js"></script>
-<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;800&display=swap" rel="stylesheet">
-<style>""" + BASE_STYLE + """</style>
-<script> if (window.Telegram && window.Telegram.WebApp) window.Telegram.WebApp.ready(); </script>
-</head><body><div class="container"><h1>Админ-панель</h1>
-{% with messages = get_flashed_messages(with_categories=true) %}{% if messages %}{% for category, message in messages %}<div class="flash {{ category }}">{{ message }}</div>{% endfor %}{% endif %}{% endwith %}
-<h2>Пользователи</h2><div class="user-list">
-{% for user in user_details %}
-<div class="user-item">
-    <a href="{{ url_for('admin_user_files', tg_user_id=user.id) }}">{{ user.display_name }} (ID: {{user.id}})</a>
-    <p>Зарегистрирован: {{ user.created_at }}</p>
-    <p>Файлов: {{ user.file_count }}</p>
-    <form method="POST" action="{{ url_for('admin_delete_user', tg_user_id=user.id) }}" style="display: inline; margin-left: 10px;" onsubmit="return confirm('УДАЛИТЬ пользователя {{ user.display_name }} и ВСЕ его файлы? НЕОБРАТИМО!');">
-        <button type="submit" class="btn delete-btn" style="padding: 5px 10px; font-size: 0.9em;">Удалить</button>
-    </form>
-</div>
-{% else %}<p>Пользователей нет.</p>{% endfor %}</div>
-<button onclick="if (window.Telegram && window.Telegram.WebApp) window.Telegram.WebApp.close();" class="btn" style="margin-top: 20px; background: var(--secondary);">Закрыть</button>
-</div></body></html>"""
-
-ADMIN_USER_FILES_HTML = """
-<!DOCTYPE html><html lang="ru"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>Файлы {{ user_display_name }}</title>
-<script src="https://telegram.org/js/telegram-web-app.js"></script>
-<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;800&display=swap" rel="stylesheet">
-<style>""" + BASE_STYLE + """
-.file-item { background: var(--card-bg); padding: 15px; border-radius: 16px; box-shadow: var(--shadow); transition: var(--transition); display: flex; flex-direction: column; justify-content: space-between; }
-body.dark .file-item { background: var(--card-bg-dark); }
-.file-item:hover { transform: translateY(-5px); }
-.file-preview { max-width: 100%; height: 100px; object-fit: contain; border-radius: 10px; margin-bottom: 10px; display: block; margin-left: auto; margin-right: auto; }
-.admin-file-actions { margin-top: 10px; display: flex; flex-wrap: wrap; gap: 5px; justify-content: center; }
-.admin-file-actions .btn { font-size: 0.8em; padding: 4px 8px; margin: 0; }
-</style>
-<script> if (window.Telegram && window.Telegram.WebApp) window.Telegram.WebApp.ready(); </script>
-</head><body><div class="container"><h1>Файлы пользователя: {{ user_display_name }}</h1>
-<a href="{{ url_for('admin_panel') }}" class="btn" style="margin-bottom: 20px;">Назад к пользователям</a>
-{% with messages = get_flashed_messages(with_categories=true) %}{% if messages %}{% for category, message in messages %}<div class="flash {{ category }}">{{ message }}</div>{% endfor %}{% endif %}{% endwith %}
-<div style="display: grid; grid-template-columns: repeat(auto-fill, minmax(220px, 1fr)); gap: 20px;">
-{% for file in files %}
-<div class="file-item">
-    <div>
-    {% if file.file_type == 'image' %} <img class="file-preview" src="{{ hf_file_url(file.path) }}" loading="lazy" onclick="openModal('{{ hf_file_url(file.path) }}', '{{ file.file_type }}', '{{ file.id }}')" style="cursor: pointer;">
-    {% elif file.file_type == 'video' %} <video class="file-preview" preload="metadata" muted onclick="openModal('{{ hf_file_url(file.path) }}', '{{ file.file_type }}', '{{ file.id }}')" style="cursor: pointer;"><source src="{{ hf_file_url(file.path, True) }}#t=0.5"></video>
-    {% elif file.file_type == 'pdf' %} <div class="file-preview" style="font-size: 40px; line-height: 100px; text-align: center; color: var(--accent); cursor: pointer;" onclick="openModal('{{ hf_file_url(file.path, True) }}', '{{ file.file_type }}', '{{ file.id }}')">📄</div>
-    {% elif file.file_type == 'text' %} <div class="file-preview" style="font-size: 40px; line-height: 100px; text-align: center; color: var(--secondary); cursor: pointer;" onclick="openModal('{{ url_for('get_text_content', file_id=file.id) }}', '{{ file.file_type }}', '{{ file.id }}')">📝</div>
-    {% else %} <div class="file-preview" style="font-size: 40px; line-height: 100px; text-align: center; color: #aaa;">❓</div> {% endif %}
-    <p title="{{ file.original_filename }}"><b>{{ file.original_filename | truncate(30) }}</b></p>
-    <p style="font-size: 0.8em; color: #888;">В папке: {{ file.parent_path_str }}</p>
-    <p style="font-size: 0.8em; color: #888;">Загружен: {{ file.upload_date }}</p>
-    <p style="font-size: 0.7em; color: #ccc;">ID: {{ file.id }}</p>
-    <p style="font-size: 0.7em; color: #ccc; word-break: break-all;">Path: {{ file.path }}</p>
-    </div>
-    <div class="admin-file-actions">
-        <a href="{{ url_for('download_file', file_id=file.id) }}" class="btn download-btn">Скачать</a>
-        {% set previewable = file.file_type in ['image', 'video', 'pdf', 'text'] %}
-        {% if previewable %}
-        <button class="btn" style="background: var(--accent);"
-                onclick="openModal('{{ hf_file_url(file.path) if file.file_type != 'text' else url_for('get_text_content', file_id=file.id) }}', '{{ file.file_type }}', '{{ file.id }}')">Просмотр</button>
-        {% endif %}
-        <form method="POST" action="{{ url_for('admin_delete_file', tg_user_id=tg_user_id_for_route, file_id=file.id) }}" style="display: inline-block;" onsubmit="return confirm('Удалить файл {{ file.original_filename }}?');">
-             <button type="submit" class="btn delete-btn">Удалить</button>
-        </form>
-    </div>
-</div>
-{% else %} <p>У пользователя нет файлов.</p> {% endfor %}
-</div></div>
-<div class="modal" id="mediaModal" onclick="closeModal(event)">
-    <div class="modal-content" id="modalContentContainer"><span onclick="closeModalManual()" class="modal-close-btn">×</span><div id="modalContent"></div></div></div>
-<script>
- const repoId = "{{ repo_id }}"; function hfFileUrl(path, download=false) { let url = `https://huggingface.co/datasets/${repoId}/resolve/main/${path}`; if (download) url += '?download=true'; return url; }
- async function openModal(srcOrUrl, type, itemId) {
-     const modal = document.getElementById('mediaModal'); const modalContent = document.getElementById('modalContent');
-     modalContent.innerHTML = '<p>Загрузка...</p>'; modal.style.display = 'flex';
-     try {
-         if (type === 'image') modalContent.innerHTML = `<img src="${srcOrUrl}" alt="Просмотр изображения">`;
-         else if (type === 'video') modalContent.innerHTML = `<video controls autoplay style='max-width: 95%; max-height: 85vh;'><source src="${srcOrUrl}" type="video/mp4">Ваш браузер не поддерживает видео.</video>`;
-         else if (type === 'pdf') modalContent.innerHTML = `<iframe src="${srcOrUrl}" title="Просмотр PDF"></iframe>`;
-         else if (type === 'text') {
-             const response = await fetch(srcOrUrl); if (!response.ok) throw new Error(`Ошибка загрузки текста: ${response.statusText}`);
-             const text = await response.text(); const escapedText = text.replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">");
-             modalContent.innerHTML = `<pre>${escapedText}</pre>`;
-         } else modalContent.innerHTML = '<p>Предпросмотр для этого типа файла не поддерживается.</p>';
-     } catch (error) { console.error("Error loading modal content:", error); modalContent.innerHTML = `<p>Не удалось загрузить содержимое для предпросмотра. ${error.message}</p>`; }
- }
- function closeModal(event) { if (event.target === document.getElementById('mediaModal')) closeModalManual(); }
- function closeModalManual() {
-      const modal = document.getElementById('mediaModal'); modal.style.display = 'none';
-      const video = modal.querySelector('video'); if (video) video.pause();
-      const iframe = modal.querySelector('iframe'); if (iframe) iframe.src = 'about:blank';
-      document.getElementById('modalContent').innerHTML = '';
- }
- if (window.Telegram && window.Telegram.WebApp) { window.Telegram.WebApp.BackButton.onClick(() => { window.location.href = "{{ url_for('admin_panel') }}"; }); window.Telegram.WebApp.BackButton.show(); }
-</script></body></html>"""
-
-# --- FLASK ROUTES ---
-@app.route('/')
-def index():
-    if 'telegram_user_id' in session and 'user_display_name' in session:
-        return redirect(url_for('dashboard'))
-    return render_template_string(APP_SHELL_HTML, authenticated=False)
-
-@app.route('/telegram_auth_handler', methods=['POST'])
-def telegram_auth_handler():
-    auth_data = request.json
-    init_data_str = auth_data.get('initData')
-
-    if not verify_telegram_data(init_data_str, BOT_TOKEN):
-        logger.warning("Telegram data verification failed.")
-        return jsonify({'status': 'error', 'message': 'Верификация данных не удалась.'}), 403
-
-    try:
-        user_data_json = dict(pair.split('=', 1) for pair in init_data_str.split('&') if pair.startswith('user='))
-        user_info_str = unquote(user_data_json.get('user', '{}'))
-        tg_user = json.loads(user_info_str)
-    except Exception as e:
-        logger.error(f"Error parsing Telegram user data: {e}")
-        return jsonify({'status': 'error', 'message': 'Ошибка парсинга данных пользователя.'}), 400
-
-    telegram_user_id = str(tg_user['id'])
-    user_display_name = get_tg_user_display_name(tg_user)
-    
-    session['telegram_user_id'] = telegram_user_id
-    session['user_display_name'] = user_display_name
-    session['raw_tg_user_data'] = tg_user 
-
-    data = load_data()
-    if telegram_user_id not in data['users']:
-        data['users'][telegram_user_id] = {
-            'telegram_user_data': tg_user,
-            'created_at': datetime.now().strftime('%Y-%m-%d %H:%M:%S'),
-            'filesystem': {"type": "folder", "id": "root", "name": "root", "children": []}
-        }
-        initialize_user_filesystem(data['users'][telegram_user_id])
-        try:
-            save_data(data)
-        except Exception as e:
-            logger.error(f"Error saving data for new user {telegram_user_id}: {e}")
-            return jsonify({'status': 'error', 'message': 'Ошибка сохранения данных нового пользователя.'}), 500
-    
-    return jsonify({'status': 'success', 'message': 'Аутентификация успешна.'})
-
-@app.route('/dashboard', methods=['GET'])
-def dashboard():
-    if 'telegram_user_id' not in session:
-        return redirect(url_for('index'))
-
-    telegram_user_id = session['telegram_user_id']
-    user_display_name = session.get('user_display_name', 'Пользователь')
-    
-    data = load_data()
-    if telegram_user_id not in data['users']:
-        session.clear()
-        flash('Пользователь не найден!', 'error')
-        return redirect(url_for('index'))
-
-    user_data = data['users'][telegram_user_id]
-    initialize_user_filesystem(user_data) # Ensure filesystem exists
-
-    current_folder_id = request.args.get('folder_id', 'root')
-    current_folder, parent_folder = find_node_by_id(user_data['filesystem'], current_folder_id)
-
-    if not current_folder or current_folder.get('type') != 'folder':
-        flash('Папка не найдена!', 'error')
-        current_folder_id = 'root'
-        current_folder, parent_folder = find_node_by_id(user_data['filesystem'], current_folder_id)
-        if not current_folder:
-             logger.error(f"CRITICAL: Root folder not found for user {telegram_user_id}")
-             flash('Критическая ошибка: корневая папка не найдена.', 'error')
-             session.clear()
-             return redirect(url_for('index'))
-    
-    items_in_folder = sorted(current_folder.get('children', []), key=lambda x: (x['type'] != 'folder', x.get('name', x.get('original_filename', '')).lower()))
-
-    breadcrumbs = []
-    temp_id = current_folder_id
-    while temp_id:
-        node, parent = find_node_by_id(user_data['filesystem'], temp_id)
-        if not node: break
-        is_link = (node['id'] != current_folder_id)
-        breadcrumbs.append({'id': node['id'], 'name': node.get('name', 'Root'), 'is_link': is_link})
-        if not parent: break
-        temp_id = parent.get('id') if parent else None
-    breadcrumbs.reverse()
-
-    dashboard_html_content = render_template_string(
-        DASHBOARD_CONTENT_HTML,
-        user_display_name=user_display_name,
-        items=items_in_folder,
-        current_folder_id=current_folder_id,
-        current_folder=current_folder,
-        breadcrumbs=breadcrumbs,
-        repo_id=REPO_ID,
-        HF_TOKEN_READ=HF_TOKEN_READ,
-        hf_file_url=lambda path, download=False: f"https://huggingface.co/datasets/{REPO_ID}/resolve/main/{path}{'?download=true' if download else ''}",
-        os=os
-    )
-    return render_template_string(APP_SHELL_HTML, authenticated=True, content=dashboard_html_content)
-
-@app.route('/dashboard_upload', methods=['POST'])
-def dashboard_upload_action():
-    if 'telegram_user_id' not in session:
-        return jsonify({'status': 'error', 'message': 'Not authenticated'}), 401
-
-    telegram_user_id = session['telegram_user_id']
-    data = load_data()
-    user_data = data['users'][telegram_user_id]
-
-    if not HF_TOKEN_WRITE:
-        flash('Загрузка невозможна: токен для записи не настроен.', 'error')
-        return redirect(url_for('dashboard', folder_id=request.form.get('current_folder_id', 'root')))
-
-    files = request.files.getlist('files')
-    target_folder_id = request.form.get('current_folder_id', 'root')
-
-    if not files or all(not f.filename for f in files):
-        flash('Файлы для загрузки не выбраны.', 'error')
-        return redirect(url_for('dashboard', folder_id=target_folder_id))
-    
-    if len(files) > 20:
-        flash('Максимум 20 файлов за раз!', 'error')
-        return redirect(url_for('dashboard', folder_id=target_folder_id))
-
-    target_folder_node, _ = find_node_by_id(user_data['filesystem'], target_folder_id)
-    if not target_folder_node or target_folder_node.get('type') != 'folder':
-        flash('Целевая папка для загрузки не найдена!', 'error')
-        return redirect(url_for('dashboard'))
-
-    api = HfApi()
-    uploaded_count = 0
-    errors = []
-
-    for file_obj in files:
-        if file_obj and file_obj.filename:
-            original_filename = secure_filename(file_obj.filename)
-            name_part, ext_part = os.path.splitext(original_filename)
-            unique_suffix = uuid.uuid4().hex[:8]
-            unique_filename = f"{name_part}_{unique_suffix}{ext_part}"
-            file_id = uuid.uuid4().hex
-            
-            hf_path = f"cloud_files/tg_{telegram_user_id}/{target_folder_id}/{unique_filename}"
-            temp_path = os.path.join(UPLOAD_FOLDER, f"{file_id}_{unique_filename}")
-
-            try:
-                file_obj.save(temp_path)
-                api.upload_file(
-                    path_or_fileobj=temp_path, path_in_repo=hf_path, repo_id=REPO_ID,
-                    repo_type="dataset", token=HF_TOKEN_WRITE,
-                    commit_message=f"User tg_{telegram_user_id} uploaded {original_filename} to folder {target_folder_id}"
-                )
-                file_info = {
-                    'type': 'file', 'id': file_id, 'original_filename': original_filename,
-                    'unique_filename': unique_filename, 'path': hf_path,
-                    'file_type': get_file_type(original_filename),
-                    'upload_date': datetime.now().strftime('%Y-%m-%d %H:%M:%S')
-                }
-                if add_node(user_data['filesystem'], target_folder_id, file_info):
-                    uploaded_count += 1
-                else:
-                    errors.append(f"Ошибка добавления метаданных для {original_filename}.")
-                    logger.error(f"Failed to add node metadata for {file_id} to {target_folder_id} for tg_user {telegram_user_id}")
-                    try: api.delete_file(path_in_repo=hf_path, repo_id=REPO_ID, repo_type="dataset", token=HF_TOKEN_WRITE)
-                    except Exception as del_err: logger.error(f"Failed to delete orphaned file {hf_path}: {del_err}")
-            except Exception as e:
-                logger.error(f"Error uploading file {original_filename} for tg_user {telegram_user_id}: {e}")
-                errors.append(f"Ошибка загрузки файла {original_filename}: {e}")
-            finally:
-                if os.path.exists(temp_path): os.remove(temp_path)
-
-    if uploaded_count > 0:
-        try:
-            save_data(data)
-            flash(f'{uploaded_count} файл(ов) успешно загружено!')
-        except Exception as e:
-            flash('Файлы загружены, но ошибка сохранения метаданных.', 'error')
-            logger.error(f"Error saving data after upload for tg_user {telegram_user_id}: {e}")
-    if errors:
-        for error_msg in errors: flash(error_msg, 'error')
-    
-    return redirect(url_for('dashboard', folder_id=target_folder_id))
+</body></html>'''
+    template_context = {
+        'telegram_user_id': telegram_user_id,
+        'telegram_username': telegram_username,
+        'items': items_in_folder,
+        'current_folder_id': current_folder_id,
+        'current_folder': current_folder,
+        'breadcrumbs': breadcrumbs,
+        'repo_id': REPO_ID,
+        'HF_TOKEN_READ': HF_TOKEN_READ,
+        'hf_file_url': lambda path, download=False: f"https://huggingface.co/datasets/{REPO_ID}/resolve/main/{path}{'?download=true' if download else ''}",
+        'os': os # os is not used in template, can remove
+    }
+    return render_template_string(html, **template_context)
 
 
 @app.route('/create_folder', methods=['POST'])
 def create_folder():
     if 'telegram_user_id' not in session:
-        return jsonify({'status': 'error', 'message': 'Not authenticated'}), 401
+        return jsonify({'status': 'error', 'message': 'Не авторизован'}), 401
 
-    telegram_user_id = session['telegram_user_id']
+    telegram_user_id_str = str(session['telegram_user_id'])
     data = load_data()
-    user_data = data['users'].get(telegram_user_id)
-    if not user_data:
-         return jsonify({'status': 'error', 'message': 'User not found'}), 404
+    user_storage_entry = data['users'].get(telegram_user_id_str)
+    if not user_storage_entry:
+         # This case should ideally not happen if session is valid
+         session.clear()
+         flash('Пользователь не найден, пожалуйста, авторизуйтесь снова.', 'error')
+         return redirect(url_for('index_page'))
+
 
     parent_folder_id = request.form.get('parent_folder_id', 'root')
     folder_name = request.form.get('folder_name', '').strip()
@@ -858,92 +950,129 @@ def create_folder():
         flash('Имя папки не может быть пустым!', 'error')
         return redirect(url_for('dashboard', folder_id=parent_folder_id))
     
-    # Allow more characters in folder names
-    # if not re.match(r"^[a-zA-Z0-9_.\- ]+$", folder_name):
-    #      flash('Имя папки может содержать буквы, цифры, пробелы и символы ._-', 'error')
-    #      return redirect(url_for('dashboard', folder_id=parent_folder_id))
+    # Basic validation for folder name (alphanumeric, spaces, underscores)
+    if not all(c.isalnum() or c.isspace() or c == '_' for c in folder_name) or len(folder_name) > 50:
+         flash('Имя папки может содержать буквы, цифры, пробелы, подчеркивания (макс 50 симв).', 'error')
+         return redirect(url_for('dashboard', folder_id=parent_folder_id))
 
 
     folder_id = uuid.uuid4().hex
     folder_data = {
-        'type': 'folder', 'id': folder_id, 'name': folder_name, 'children': []
+        'type': 'folder',
+        'id': folder_id,
+        'name': folder_name,
+        'children': []
     }
 
-    if add_node(user_data['filesystem'], parent_folder_id, folder_data):
+    if add_node(user_storage_entry['filesystem'], parent_folder_id, folder_data):
         try:
             save_data(data)
             flash(f'Папка "{folder_name}" успешно создана.')
         except Exception as e:
             flash('Ошибка сохранения данных при создании папки.', 'error')
-            logger.error(f"Create folder save error: {e}")
+            logging.error(f"Create folder save error for {telegram_user_id_str}: {e}")
     else:
         flash('Не удалось найти родительскую папку.', 'error')
 
     return redirect(url_for('dashboard', folder_id=parent_folder_id))
 
+def is_admin_session():
+     return 'telegram_user_id' in session and session['telegram_user_id'] in ADMIN_TELEGRAM_IDS
+
 @app.route('/download/<file_id>')
 def download_file(file_id):
-    can_access = False
+    is_admin_req = is_admin_session() # Check if current session holder is admin
+    
+    # User must be logged in (TG auth) OR be an admin accessing via admhosto (checked by is_admin_req)
+    if 'telegram_user_id' not in session and not is_admin_req:
+        # For TG Mini App context, usually means direct access without session.
+        # If admin panel is the referrer, is_admin_req would be true.
+        # If not, it's an unauthorized direct access.
+        flash('Пожалуйста, авторизуйтесь.')
+        return redirect(url_for('index_page'))
+
     data = load_data()
     file_node = None
-    
+    # file_owner_telegram_id_str = None # Not strictly needed for download if path is known
+
+    # If accessed by a regular user (not necessarily admin)
     if 'telegram_user_id' in session:
-        telegram_user_id = session['telegram_user_id']
-        user_data = data['users'].get(telegram_user_id)
-        if user_data:
-            file_node_user, _ = find_node_by_id(user_data['filesystem'], file_id)
-            if file_node_user:
-                file_node = file_node_user
-                can_access = True
-    
-    if not file_node and is_admin_user(): # Admin can download any file
-        logger.info(f"Admin attempting to download file ID {file_id}")
-        for uid, udata in data.get('users', {}).items():
-            node, _ = find_node_by_id(udata.get('filesystem', {}), file_id)
+        current_telegram_user_id_str = str(session['telegram_user_id'])
+        user_storage_entry = data['users'].get(current_telegram_user_id_str)
+        if user_storage_entry:
+            file_node, _ = find_node_by_id(user_storage_entry.get('filesystem', {}), file_id)
+
+    # If admin is making the request, and file not found for current user (if admin is also a user)
+    # or if admin is accessing directly (e.g. from admin panel link)
+    if not file_node and is_admin_req:
+        logging.info(f"Admin (ID: {session.get('telegram_user_id')}) searching for file ID {file_id} across all users.")
+        for tg_id_str, u_storage_entry in data.get('users', {}).items():
+            node, _ = find_node_by_id(u_storage_entry.get('filesystem', {}), file_id)
             if node and node.get('type') == 'file':
                 file_node = node
-                can_access = True
-                logger.info(f"Admin found file ID {file_id} belonging to user {uid}")
+                # file_owner_telegram_id_str = tg_id_str
+                logging.info(f"Admin found file ID {file_id} belonging to user ID {tg_id_str}")
                 break
     
-    if not can_access or not file_node or file_node.get('type') != 'file':
-        flash('Файл не найден или доступ запрещен!', 'error')
-        return redirect(request.referrer or url_for('dashboard' if 'telegram_user_id' in session else 'index'))
+    if not file_node or file_node.get('type') != 'file':
+         flash('Файл не найден!', 'error')
+         # Redirect to dashboard if in session, else to index (auth) page
+         # Admin panel might have its own referrer logic
+         # For simplicity, always redirect to dashboard if session, else to index. Admin can navigate back.
+         return redirect(request.referrer or (url_for('dashboard') if 'telegram_user_id' in session else url_for('index_page')))
+
 
     hf_path = file_node.get('path')
     original_filename = file_node.get('original_filename', 'downloaded_file')
 
     if not hf_path:
-        flash('Ошибка: Путь к файлу не найден.', 'error')
-        return redirect(request.referrer or url_for('dashboard' if 'telegram_user_id' in session else 'index'))
+        flash('Ошибка: Путь к файлу не найден в метаданных.', 'error')
+        return redirect(request.referrer or (url_for('dashboard') if 'telegram_user_id' in session else url_for('index_page')))
 
     file_url = f"https://huggingface.co/datasets/{REPO_ID}/resolve/main/{hf_path}?download=true"
+
     try:
         headers = {}
-        if HF_TOKEN_READ: headers["authorization"] = f"Bearer {HF_TOKEN_READ}"
+        if HF_TOKEN_READ:
+            headers["authorization"] = f"Bearer {HF_TOKEN_READ}"
+
         response = requests.get(file_url, headers=headers, stream=True)
         response.raise_for_status()
+
         file_content = BytesIO(response.content)
-        return send_file(file_content, as_attachment=True, download_name=original_filename, mimetype='application/octet-stream')
-    except Exception as e:
-        logger.error(f"Error downloading file from HF ({hf_path}): {e}")
+        return send_file(
+            file_content,
+            as_attachment=True,
+            download_name=original_filename,
+            mimetype='application/octet-stream' # Generic mimetype
+        )
+    except requests.exceptions.RequestException as e:
+        logging.error(f"Error downloading file from HF ({hf_path}): {e}")
         flash(f'Ошибка скачивания файла {original_filename}! ({e})', 'error')
-        return redirect(request.referrer or url_for('dashboard' if 'telegram_user_id' in session else 'index'))
+    except Exception as e:
+        logging.error(f"Unexpected error during download ({hf_path}): {e}")
+        flash('Произошла непредвиденная ошибка при скачивании файла.', 'error')
+    
+    return redirect(request.referrer or (url_for('dashboard') if 'telegram_user_id' in session else url_for('index_page')))
 
 
 @app.route('/delete_file/<file_id>', methods=['POST'])
 def delete_file(file_id):
     if 'telegram_user_id' not in session:
-        flash('Пожалуйста, войдите в систему!')
-        return redirect(url_for('index'))
+        flash('Пожалуйста, авторизуйтесь.')
+        return redirect(url_for('index_page'))
 
-    telegram_user_id = session['telegram_user_id']
+    telegram_user_id_str = str(session['telegram_user_id'])
+    telegram_username = session.get('telegram_username', f'User {telegram_user_id_str}')
     data = load_data()
-    user_data = data['users'].get(telegram_user_id)
-    if not user_data:
-        flash('Пользователь не найден!', 'error'); session.clear(); return redirect(url_for('index'))
+    user_storage_entry = data['users'].get(telegram_user_id_str)
 
-    file_node, parent_node = find_node_by_id(user_data['filesystem'], file_id)
+    if not user_storage_entry:
+        session.clear()
+        flash('Пользователь не найден!', 'error')
+        return redirect(url_for('index_page'))
+
+    file_node, parent_node = find_node_by_id(user_storage_entry['filesystem'], file_id)
     current_view_folder_id = request.form.get('current_view_folder_id', 'root')
 
     if not file_node or file_node.get('type') != 'file' or not parent_node:
@@ -953,339 +1082,562 @@ def delete_file(file_id):
     hf_path = file_node.get('path')
     original_filename = file_node.get('original_filename', 'файл')
 
-    if not hf_path:
-        flash(f'Путь к файлу {original_filename} не найден. Удаление только из базы.', 'error')
-        if remove_node(user_data['filesystem'], file_id):
-            try: save_data(data); flash(f'Метаданные файла {original_filename} удалены.')
-            except Exception as e: flash('Ошибка сохранения.', 'error'); logger.error(f"Delete file metadata save error: {e}")
+    if not hf_path: # Should not happen if file was uploaded correctly
+        flash(f'Ошибка: Путь к файлу {original_filename} не найден. Удаление только из базы.', 'error')
+        if remove_node(user_storage_entry['filesystem'], file_id):
+            try:
+                save_data(data)
+                flash(f'Метаданные файла {original_filename} удалены.')
+            except Exception as e:
+                flash('Ошибка сохранения данных после удаления метаданных.', 'error')
+                logging.error(f"Delete file metadata save error (no hf_path): {e}")
         return redirect(url_for('dashboard', folder_id=current_view_folder_id))
 
+
     if not HF_TOKEN_WRITE:
          flash('Удаление невозможно: токен для записи не настроен.', 'error')
          return redirect(url_for('dashboard', folder_id=current_view_folder_id))
 
     try:
         api = HfApi()
-        api.delete_file(path_in_repo=hf_path, repo_id=REPO_ID, repo_type="dataset", token=HF_TOKEN_WRITE,
-                        commit_message=f"User tg_{telegram_user_id} deleted file {original_filename} (ID: {file_id})")
-        logger.info(f"Deleted file {hf_path} from HF Hub for user tg_{telegram_user_id}")
-        if remove_node(user_data['filesystem'], file_id):
-            try: save_data(data); flash(f'Файл {original_filename} успешно удален!')
-            except Exception as e: flash('Файл удален, ошибка обновления базы.', 'error'); logger.error(f"Delete file DB update error: {e}")
-        else: flash('Файл удален с сервера, но не найден в базе.', 'error')
+        commit_msg = f"User {telegram_username} (ID: {telegram_user_id_str}) deleted file {original_filename} (NodeID: {file_id})"
+        api.delete_file(
+            path_in_repo=hf_path,
+            repo_id=REPO_ID,
+            repo_type="dataset",
+            token=HF_TOKEN_WRITE,
+            commit_message=commit_msg
+        )
+        logging.info(f"Deleted file {hf_path} from HF Hub for user {telegram_user_id_str}")
+
+        if remove_node(user_storage_entry['filesystem'], file_id):
+            try:
+                save_data(data)
+                flash(f'Файл {original_filename} успешно удален!')
+            except Exception as e:
+                flash('Файл удален с сервера, но произошла ошибка обновления базы данных.', 'error')
+                logging.error(f"Delete file DB update error: {e}")
+        else:
+             flash('Файл удален с сервера, но не найден в локальной базе данных для удаления.', 'error') # Should not happen
+
     except hf_utils.EntryNotFoundError:
-        logger.warning(f"File {hf_path} not found on HF Hub. Removing from DB for tg_{telegram_user_id}.")
-        if remove_node(user_data['filesystem'], file_id):
-            try: save_data(data); flash(f'Файл {original_filename} не найден на сервере, удален из базы.')
-            except Exception as e: flash('Ошибка сохранения (файл не найден на сервере).', 'error'); logger.error(f"Delete file metadata save error (HF not found): {e}")
-        else: flash('Файл не найден ни на сервере, ни в базе.', 'error')
+        logging.warning(f"File {hf_path} not found on HF Hub during delete attempt for user {telegram_user_id_str}. Removing from DB.")
+        if remove_node(user_storage_entry['filesystem'], file_id):
+            try:
+                save_data(data)
+                flash(f'Файл {original_filename} не найден на сервере, удален из базы.')
+            except Exception as e:
+                 flash('Ошибка сохранения данных после удаления метаданных (файл не найден на сервере).', 'error')
+                 logging.error(f"Delete file metadata save error (HF not found): {e}")
+        else:
+             flash('Файл не найден ни на сервере, ни в базе данных.', 'error')
     except Exception as e:
-        logger.error(f"Error deleting file {hf_path} for tg_{telegram_user_id}: {e}")
+        logging.error(f"Error deleting file {hf_path} for {telegram_user_id_str}: {e}")
         flash(f'Ошибка удаления файла {original_filename}: {e}', 'error')
+
     return redirect(url_for('dashboard', folder_id=current_view_folder_id))
 
 @app.route('/delete_folder/<folder_id>', methods=['POST'])
 def delete_folder(folder_id):
     if 'telegram_user_id' not in session:
-        flash('Пожалуйста, войдите в систему!')
-        return redirect(url_for('index'))
+        flash('Пожалуйста, авторизуйтесь.')
+        return redirect(url_for('index_page'))
+
     if folder_id == 'root':
          flash('Нельзя удалить корневую папку!', 'error')
          return redirect(url_for('dashboard'))
 
-    telegram_user_id = session['telegram_user_id']
+    telegram_user_id_str = str(session['telegram_user_id'])
     data = load_data()
-    user_data = data['users'].get(telegram_user_id)
-    if not user_data:
-        flash('Пользователь не найден!', 'error'); session.clear(); return redirect(url_for('index'))
+    user_storage_entry = data['users'].get(telegram_user_id_str)
 
-    folder_node, parent_node = find_node_by_id(user_data['filesystem'], folder_id)
-    current_view_folder_id = request.form.get('current_view_folder_id', parent_node.get('id', 'root') if parent_node else 'root')
+    if not user_storage_entry:
+        session.clear()
+        flash('Пользователь не найден!', 'error')
+        return redirect(url_for('index_page'))
 
+    folder_node, parent_node = find_node_by_id(user_storage_entry['filesystem'], folder_id)
+    current_view_folder_id = request.form.get('current_view_folder_id', 'root') # Where to redirect back
 
     if not folder_node or folder_node.get('type') != 'folder' or not parent_node:
-        flash('Папка не найдена или не может быть удалена.', 'error')
-        return redirect(url_for('dashboard', folder_id=current_view_folder_id))
+        # If parent_node is None, it means we are trying to delete a direct child of root.
+        # This is valid if folder_node exists.
+        if not (folder_node and folder_node.get('type') == 'folder' and parent_node is None and user_storage_entry['filesystem']['id'] == 'root'):
+            flash('Папка не найдена или не может быть удалена.', 'error')
+            return redirect(url_for('dashboard', folder_id=current_view_folder_id))
+
 
     folder_name = folder_node.get('name', 'папка')
-    if folder_node.get('children'):
+
+    if folder_node.get('children'): # Check if folder has children
         flash(f'Папку "{folder_name}" можно удалить только если она пуста.', 'error')
         return redirect(url_for('dashboard', folder_id=current_view_folder_id))
 
-    if remove_node(user_data['filesystem'], folder_id):
+    # Attempt to remove the node from the filesystem structure
+    # For children of root, parent_node from find_node_by_id might be None,
+    # so we pass user_storage_entry['filesystem'] to remove_node.
+    removed_from_db = False
+    if parent_node: # If parent_node is not None, it's a regular nested folder
+         removed_from_db = remove_node(parent_node, folder_id) # This is incorrect logic
+         # remove_node expects the parent's children list effectively
+         # Correct way: remove_node(user_storage_entry['filesystem'], folder_id)
+    
+    # Corrected remove_node call
+    if remove_node(user_storage_entry['filesystem'], folder_id):
         try:
             save_data(data)
             flash(f'Пустая папка "{folder_name}" успешно удалена.')
         except Exception as e:
             flash('Ошибка сохранения данных после удаления папки.', 'error')
-            logger.error(f"Delete empty folder save error: {e}")
+            logging.error(f"Delete empty folder save error: {e}")
     else:
-        flash('Не удалось удалить папку из базы данных.', 'error')
-    
-    redirect_to_folder_id = parent_node.get('id', 'root')
+        flash('Не удалось удалить па��ку из базы данных (возможно, она уже удалена или не существовала).', 'error')
+        logging.warning(f"Failed to remove folder {folder_id} for user {telegram_user_id_str} from DB structure.")
+
+    # Redirect to the parent of the deleted folder, or root if parent was root
+    redirect_to_folder_id = parent_node.get('id', 'root') if parent_node else 'root'
     return redirect(url_for('dashboard', folder_id=redirect_to_folder_id))
 
 
 @app.route('/get_text_content/<file_id>')
 def get_text_content(file_id):
-    can_access = False
+    is_admin_req = is_admin_session()
+
+    if 'telegram_user_id' not in session and not is_admin_req:
+         return Response("Не авторизован", status=401)
+
     data = load_data()
     file_node = None
+    # file_owner_telegram_id_str = None
 
     if 'telegram_user_id' in session:
-        telegram_user_id = session['telegram_user_id']
-        user_data = data['users'].get(telegram_user_id)
-        if user_data:
-            file_node_user, _ = find_node_by_id(user_data['filesystem'], file_id)
-            if file_node_user and file_node_user.get('file_type') == 'text':
-                file_node = file_node_user
-                can_access = True
-    
-    if not file_node and is_admin_user():
-        logger.info(f"Admin attempting to get text content for file ID {file_id}")
-        for uid, udata in data.get('users', {}).items():
-            node, _ = find_node_by_id(udata.get('filesystem', {}), file_id)
+        current_telegram_user_id_str = str(session['telegram_user_id'])
+        user_storage_entry = data['users'].get(current_telegram_user_id_str)
+        if user_storage_entry:
+            file_node, _ = find_node_by_id(user_storage_entry.get('filesystem', {}), file_id)
+
+    if not file_node and is_admin_req:
+        logging.info(f"Admin (ID: {session.get('telegram_user_id')}) searching for text file ID {file_id} across users.")
+        for tg_id_str, u_storage_entry in data.get('users', {}).items():
+            node, _ = find_node_by_id(u_storage_entry.get('filesystem', {}), file_id)
             if node and node.get('type') == 'file' and node.get('file_type') == 'text':
                 file_node = node
-                can_access = True
-                logger.info(f"Admin found text file ID {file_id} belonging to user {uid}")
+                # file_owner_telegram_id_str = tg_id_str
+                logging.info(f"Admin found text file ID {file_id} belonging to user ID {tg_id_str}")
                 break
-
-    if not can_access or not file_node:
-        return Response("Текстовый файл не найден или доступ запрещен", status=404)
+    
+    if not file_node or file_node.get('type') != 'file' or file_node.get('file_type') != 'text':
+        return Response("Текстовый файл не найден", status=404)
 
     hf_path = file_node.get('path')
-    if not hf_path: return Response("Ошибка: путь к файлу отсутствует", status=500)
+    if not hf_path:
+         return Response("Ошибка: путь к файлу отсутствует", status=500)
+
     file_url = f"https://huggingface.co/datasets/{REPO_ID}/resolve/main/{hf_path}?download=true"
+
     try:
-        headers = {}; 
-        if HF_TOKEN_READ: headers["authorization"] = f"Bearer {HF_TOKEN_READ}"
-        response = requests.get(file_url, headers=headers); response.raise_for_status()
-        if len(response.content) > 1 * 1024 * 1024: return Response("Файл слишком большой.", status=413)
-        try: text_content = response.content.decode('utf-8')
-        except UnicodeDecodeError: text_content = response.content.decode('latin-1', errors='replace')
-        return Response(text_content, mimetype='text/plain')
+        headers = {}
+        if HF_TOKEN_READ:
+            headers["authorization"] = f"Bearer {HF_TOKEN_READ}"
+
+        response = requests.get(file_url, headers=headers)
+        response.raise_for_status()
+
+        # Limit text preview size
+        MAX_TEXT_PREVIEW_SIZE = 1 * 1024 * 1024 # 1 MB
+        if len(response.content) > MAX_TEXT_PREVIEW_SIZE:
+             return Response(f"Файл слишком большой для предпросмотра (>{MAX_TEXT_PREVIEW_SIZE // 1024 // 1024}MB).", status=413)
+
+        try:
+            text_content = response.content.decode('utf-8')
+        except UnicodeDecodeError:
+            try:
+                text_content = response.content.decode('latin-1') # Try common fallback
+            except Exception:
+                 return Response("Не удалось определить кодировку файла.", status=500)
+
+        return Response(text_content, mimetype='text/plain; charset=utf-8')
+
+    except requests.exceptions.RequestException as e:
+        logging.error(f"Error fetching text content from HF ({hf_path}): {e}")
+        return Response(f"Ошибка загрузки содержимого: {e}", status=502)
     except Exception as e:
-        logger.error(f"Error fetching text content from HF ({hf_path}): {e}")
-        return Response(f"Ошибка загрузки: {e}", status=502)
+        logging.error(f"Unexpected error fetching text content ({hf_path}): {e}")
+        return Response("Внутренняя ошибка сервера", status=500)
+
 
-@app.route('/logout', methods=['POST'])
+@app.route('/logout')
 def logout():
     session.clear()
-    return jsonify({'status': 'success', 'message': 'Вы успешно вышли.'})
+    flash('Вы успешно вышли из сессии Telegram Mini App.')
+    # In Mini Apps, redirecting to auth trigger might be desired, or just show a message.
+    return redirect(url_for('index_page'))
+
 
 @app.route('/admhosto')
 def admin_panel():
-    if not is_admin_user():
-        flash('Доступ запрещен.', 'error')
-        # For TG mini app, redirecting to index might trigger auth loop.
-        # Better to show an error page or close.
-        return render_template_string("<body>Доступ запрещен. Откройте как администратор. <button onclick='if(window.Telegram && window.Telegram.WebApp) window.Telegram.WebApp.close();'>Закрыть</button><script>if (window.Telegram && window.Telegram.WebApp) window.Telegram.WebApp.ready();</script></body>"), 403
+    if not is_admin_session():
+        flash('Доступ запрещен (Admin).', 'error')
+        return redirect(url_for('index_page'))
 
     data = load_data()
-    users = data.get('users', {})
+    users_data_from_db = data.get('users', {}) # Keyed by telegram_user_id_str
+
     user_details = []
-    for tg_id, udata in users.items():
+    for tg_id_str, u_storage_entry in users_data_from_db.items():
         file_count = 0
-        q = [udata.get('filesystem', {}).get('children', [])]
+        # u_storage_entry is the dict containing 'telegram_info', 'filesystem', etc.
+        # Filesystem is directly under u_storage_entry['filesystem']
+        
+        # Correctly count files within this user's filesystem
+        q = [u_storage_entry.get('filesystem', {}).get('children', [])]
+        processed_folders = set() # To avoid infinite loops with malformed data (though unlikely with UUIDs)
+
         while q:
-             current_level = q.pop(0)
-             for item in current_level:
-                  if item.get('type') == 'file': file_count += 1
-                  elif item.get('type') == 'folder' and 'children' in item: q.append(item.get('children', []))
+             current_level_children = q.pop(0)
+             for item in current_level_children:
+                  if item.get('type') == 'file':
+                      file_count += 1
+                  elif item.get('type') == 'folder' and 'children' in item and item.get('id') not in processed_folders:
+                      q.append(item.get('children', []))
+                      processed_folders.add(item.get('id'))
         
-        tg_user_data_from_db = udata.get('telegram_user_data', {'id': tg_id})
-        display_name = get_tg_user_display_name(tg_user_data_from_db)
+        tg_info = u_storage_entry.get('telegram_info', {})
+        display_name = tg_info.get('username', tg_info.get('first_name', f'User_{tg_id_str}'))
 
         user_details.append({
-            'id': tg_id, 'display_name': display_name,
-            'created_at': udata.get('created_at', 'N/A'), 'file_count': file_count
+            'telegram_id_str': tg_id_str,
+            'display_name': display_name,
+            'created_at': u_storage_entry.get('created_at', 'N/A'),
+            'file_count': file_count
         })
-    return render_template_string(ADMIN_PANEL_HTML, user_details=user_details)
+    user_details.sort(key=lambda x: x['display_name'].lower())
 
-@app.route('/admhosto/user/<tg_user_id>')
-def admin_user_files(tg_user_id):
-    if not is_admin_user():
-        flash('Доступ запрещен.', 'error'); return redirect(url_for('index')) # Or error page
+    html = '''
+<!DOCTYPE html><html lang="ru"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>Админ-панель</title>
+<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;800&display=swap" rel="stylesheet">
+<style>''' + BASE_STYLE + '''</style></head><body class="dark"><div class="container"><h1>Админ-панель</h1>
+<p><a href="{{ url_for('dashboard') }}" class="btn">Вернуться в приложение</a></p>
+{% with messages = get_flashed_messages(with_categories=true) %}{% if messages %}{% for category, message in messages %}<div class="flash {{ category }}">{{ message }}</div>{% endfor %}{% endif %}{% endwith %}
+<h2>Пользователи (Telegram)</h2><div class="user-list">
+{% for user in user_details %}
+<div class="user-item">
+    <a href="{{ url_for('admin_user_files', telegram_user_id_str=user.telegram_id_str) }}">{{ user.display_name }} (ID: {{ user.telegram_id_str }})</a>
+    <p>Зарегистрирован: {{ user.created_at }}</p>
+    <p>Файло��: {{ user.file_count }}</p>
+    <form method="POST" action="{{ url_for('admin_delete_user', telegram_user_id_str=user.telegram_id_str) }}" style="display: inline; margin-left: 10px;" onsubmit="return confirm('УДАЛИТЬ пользователя {{ user.display_name }} (ID: {{ user.telegram_id_str }}) и ВСЕ его файлы? НЕОБРАТИМО!');">
+        <button type="submit" class="btn delete-btn" style="padding: 5px 10px; font-size: 0.9em;">Удалить</button>
+    </form>
+</div>
+{% else %}<p>Пользователей нет.</p>{% endfor %}</div></div></body></html>'''
+    return render_template_string(html, user_details=user_details)
+
+@app.route('/admhosto/user/<telegram_user_id_str>')
+def admin_user_files(telegram_user_id_str):
+    if not is_admin_session():
+        flash('Доступ запрещен.', 'error')
+        return redirect(url_for('index_page'))
 
     data = load_data()
-    user_data = data.get('users', {}).get(str(tg_user_id))
-    if not user_data:
-        flash(f'Пользователь {tg_user_id} не найден.', 'error'); return redirect(url_for('admin_panel'))
+    user_storage_entry = data.get('users', {}).get(telegram_user_id_str)
+    if not user_storage_entry:
+        flash(f'Пользователь с ID {telegram_user_id_str} не найден.', 'error')
+        return redirect(url_for('admin_panel'))
+
+    tg_info = user_storage_entry.get('telegram_info', {})
+    display_name = tg_info.get('username', tg_info.get('first_name', f'User_{telegram_user_id_str}'))
 
-    user_display_name = get_tg_user_display_name(user_data.get('telegram_user_data', {'id': tg_user_id}))
     all_files = []
-    def collect_files(folder, current_path_id='root'):
-         parent_path_str = get_node_path_string(user_data['filesystem'], current_path_id)
-         for item in folder.get('children', []):
+    # Filesystem is u_storage_entry['filesystem']
+    user_filesystem = user_storage_entry.get('filesystem', {})
+
+    def collect_files_recursive(folder_node, current_path_id='root'):
+         # Get path string for the parent of items in folder_node.children
+         parent_path_str = get_node_path_string(user_filesystem, folder_node.get('id', 'root'))
+                                                # Path to the current folder_node itself
+
+         for item in folder_node.get('children', []):
               if item.get('type') == 'file':
-                  item['parent_path_str'] = parent_path_str
-                  all_files.append(item)
+                  item_copy = dict(item) # Avoid modifying original data
+                  item_copy['parent_path_str'] = parent_path_str # Path of the containing folder
+                  all_files.append(item_copy)
               elif item.get('type') == 'folder':
-                  collect_files(item, item.get('id'))
-    collect_files(user_data.get('filesystem', {}))
+                  collect_files_recursive(item, item.get('id')) # Recurse into subfolder
+
+    collect_files_recursive(user_filesystem) # Start with the root filesystem object
     all_files.sort(key=lambda x: x.get('upload_date', ''), reverse=True)
-    
-    return render_template_string(ADMIN_USER_FILES_HTML, 
-                                  user_display_name=user_display_name, 
-                                  tg_user_id_for_route=tg_user_id, files=all_files, repo_id=REPO_ID,
-                                  hf_file_url=lambda path, download=False: f"https://huggingface.co/datasets/{REPO_ID}/resolve/main/{path}{'?download=true' if download else ''}")
 
-@app.route('/admhosto/delete_user/<tg_user_id>', methods=['POST'])
-def admin_delete_user(tg_user_id):
-    if not is_admin_user(): flash('Доступ запрещен.', 'error'); return redirect(url_for('index'))
-    if not HF_TOKEN_WRITE: flash('Удаление невозможно: токен записи не настроен.', 'error'); return redirect(url_for('admin_panel'))
+
+    html = '''
+<!DOCTYPE html><html lang="ru"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><title>Файлы {{ display_name }}</title>
+<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;800&display=swap" rel="stylesheet">
+<style>''' + BASE_STYLE + '''
+.file-item { background: var(--card-bg); padding: 15px; border-radius: 16px; box-shadow: var(--shadow); transition: var(--transition); display: flex; flex-direction: column; justify-content: space-between; }
+body.dark .file-item { background: var(--card-bg-dark); }
+.file-item:hover { transform: translateY(-5px); }
+.file-preview { max-width: 100%; height: 100px; object-fit: contain; border-radius: 10px; margin-bottom: 10px; display: block; margin-left: auto; margin-right: auto; }
+.admin-file-actions { margin-top: 10px; display: flex; flex-wrap: wrap; gap: 5px; justify-content: center; }
+.admin-file-actions .btn { font-size: 0.8em; padding: 4px 8px; margin: 0; }
+</style></head><body class="dark"><div class="container"><h1>Файлы пользователя: {{ display_name }} (ID: {{ telegram_user_id_str }})</h1>
+<a href="{{ url_for('admin_panel') }}" class="btn" style="margin-bottom: 20px;">Назад к пользователям</a>
+{% with messages = get_flashed_messages(with_categories=true) %}{% if messages %}{% for category, message in messages %}<div class="flash {{ category }}">{{ message }}</div>{% endfor %}{% endif %}{% endwith %}
+<div style="display: grid; grid-template-columns: repeat(auto-fill, minmax(220px, 1fr)); gap: 20px;">
+{% for file in files %}
+<div class="file-item">
+    <div>
+    {% if file.file_type == 'image' %} <img class="file-preview" src="{{ hf_file_url(file.path) }}" loading="lazy" onclick="openModal('{{ hf_file_url(file.path) }}', '{{ file.file_type }}', '{{ file.id }}')" style="cursor: pointer;">
+    {% elif file.file_type == 'video' %} <video class="file-preview" preload="metadata" muted onclick="openModal('{{ hf_file_url(file.path) }}', '{{ file.file_type }}', '{{ file.id }}')" style="cursor: pointer;"><source src="{{ hf_file_url(file.path, True) }}#t=0.5"></video>
+    {% elif file.file_type == 'pdf' %} <div class="file-preview" style="font-size: 40px; line-height: 100px; text-align: center; color: var(--accent); cursor: pointer;" onclick="openModal('{{ hf_file_url(file.path, True) }}', '{{ file.file_type }}', '{{ file.id }}')">📄</div>
+    {% elif file.file_type == 'text' %} <div class="file-preview" style="font-size: 40px; line-height: 100px; text-align: center; color: var(--secondary); cursor: pointer;" onclick="openModal('{{ url_for('get_text_content', file_id=file.id) }}', '{{ file.file_type }}', '{{ file.id }}')">📝</div>
+    {% else %} <div class="file-preview" style="font-size: 40px; line-height: 100px; text-align: center; color: #aaa;">❓</div> {% endif %}
+    <p title="{{ file.original_filename }}"><b>{{ file.original_filename | truncate(30) }}</b></p>
+    <p style="font-size: 0.8em; color: #888;">В папке: {{ file.parent_path_str if file.parent_path_str else 'Root' }}</p>
+    <p style="font-size: 0.8em; color: #888;">Загружен: {{ file.upload_date }}</p>
+    <p style="font-size: 0.7em; color: #ccc;">ID: {{ file.id }}</p>
+    <p style="font-size: 0.7em; color: #ccc; word-break: break-all;">Path: {{ file.path }}</p>
+    </div>
+    <div class="admin-file-actions">
+        <a href="{{ url_for('download_file', file_id=file.id) }}" class="btn download-btn">Скачать</a>
+        {% set previewable = file.file_type in ['image', 'video', 'pdf', 'text'] %}
+        {% if previewable %}
+        <button class="btn" style="background: var(--accent);"
+                onclick="openModal('{{ hf_file_url(file.path) if file.file_type != 'text' else url_for('get_text_content', file_id=file.id) }}', '{{ file.file_type }}', '{{ file.id }}')">Просмотр</button>
+        {% endif %}
+        <form method="POST" action="{{ url_for('admin_delete_file', telegram_user_id_str_for_file=telegram_user_id_str, file_id=file.id) }}" style="display: inline-block;" onsubmit="return confirm('Удалить файл {{ file.original_filename }}?');">
+             <button type="submit" class="btn delete-btn">Удалить</button>
+        </form>
+    </div>
+</div>
+{% else %} <p>У пользователя нет файлов.</p> {% endfor %}
+</div></div>
+
+<div class="modal" id="mediaModal" onclick="closeModal(event)">
+    <div class="modal-content" id="modalContentContainer">
+        <span onclick="closeModalManual()" class="modal-close-btn">×</span>
+        <div id="modalContent"></div>
+    </div>
+</div>
+
+<script>
+ const repoId = "{{ repo_id }}";
+ function hfFileUrl(path, download = false) {
+     let url = `https://huggingface.co/datasets/${repoId}/resolve/main/${path}`;
+     if (download) url += '?download=true';
+     return url;
+ }
+ async function openModal(srcOrUrl, type, itemId) {
+     const modal = document.getElementById('mediaModal');
+     const modalContent = document.getElementById('modalContent');
+     modalContent.innerHTML = '<p>Загрузка...</p>';
+     modal.style.display = 'flex';
+
+     try {
+         if (type === 'image') {
+             modalContent.innerHTML = `<img src="${srcOrUrl}" alt="Просмотр изображения">`;
+         } else if (type === 'video') {
+             modalContent.innerHTML = `<video controls autoplay style='max-width: 95%; max-height: 85vh;'><source src="${srcOrUrl}" type="video/mp4">Ваш браузер не поддерживает видео.</video>`;
+         } else if (type === 'pdf') {
+             modalContent.innerHTML = `<iframe src="${srcOrUrl}" title="Просмотр PDF"></iframe>`;
+         } else if (type === 'text') {
+             const response = await fetch(srcOrUrl); // This uses current session for auth if needed by get_text_content
+             if (!response.ok) throw new Error(`Ошибка загрузки текста: ${response.statusText}`);
+             const text = await response.text();
+             const escapedText = text.replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">");
+             modalContent.innerHTML = `<pre>${escapedText}</pre>`;
+         } else {
+              modalContent.innerHTML = '<p>Предпросмотр для этого типа файла не поддерживается.</p>';
+         }
+     } catch (error) {
+          console.error("Error loading modal content:", error);
+          modalContent.innerHTML = `<p>Не удалось загрузить содержимое для предпросмотра. ${error.message}</p>`;
+     }
+ }
+
+ function closeModal(event) {
+     const modal = document.getElementById('mediaModal');
+     if (event.target === modal) {
+         closeModalManual();
+     }
+ }
+
+ function closeModalManual() {
+      const modal = document.getElementById('mediaModal');
+      modal.style.display = 'none';
+      const video = modal.querySelector('video');
+      if (video) video.pause();
+      const iframe = modal.querySelector('iframe');
+      if (iframe) iframe.src = 'about:blank';
+      document.getElementById('modalContent').innerHTML = '';
+ }
+</script>
+</body></html>'''
+    return render_template_string(html, telegram_user_id_str=telegram_user_id_str, display_name=display_name, files=all_files, repo_id=REPO_ID, hf_file_url=lambda path, download=False: f"https://huggingface.co/datasets/{REPO_ID}/resolve/main/{path}{'?download=true' if download else ''}")
+
+
+@app.route('/admhosto/delete_user/<telegram_user_id_str>', methods=['POST'])
+def admin_delete_user(telegram_user_id_str):
+    if not is_admin_session():
+        flash('Доступ запрещен.', 'error')
+        return redirect(url_for('index_page'))
+    if not HF_TOKEN_WRITE:
+         flash('Удаление невозможно: токен для записи не настроен.', 'error')
+         return redirect(url_for('admin_panel'))
 
     data = load_data()
-    tg_user_id_str = str(tg_user_id)
-    if tg_user_id_str not in data['users']:
-        flash('Пользователь не найден!', 'error'); return redirect(url_for('admin_panel'))
+    if telegram_user_id_str not in data['users']:
+        flash('Пользователь не найден!', 'error')
+        return redirect(url_for('admin_panel'))
+
+    user_storage_entry = data['users'][telegram_user_id_str]
+    tg_info = user_storage_entry.get('telegram_info', {})
+    display_name = tg_info.get('username', tg_info.get('first_name', f'User_{telegram_user_id_str}'))
+    logging.warning(f"ADMIN ACTION: Attempting to delete user {display_name} (ID: {telegram_user_id_str}) and all their data.")
 
-    logger.warning(f"ADMIN ACTION: Attempting to delete user tg_{tg_user_id_str} and all their data.")
     try:
         api = HfApi()
-        user_folder_path_on_hf = f"cloud_files/tg_{tg_user_id_str}"
-        logger.info(f"Attempting to delete HF Hub folder: {user_folder_path_on_hf} for user tg_{tg_user_id_str}")
-        api.delete_folder(folder_path=user_folder_path_on_hf, repo_id=REPO_ID, repo_type="dataset", token=HF_TOKEN_WRITE,
-                          commit_message=f"ADMIN ACTION: Deleted all files/folders for user tg_{tg_user_id_str}")
-        logger.info(f"Successfully initiated deletion of folder {user_folder_path_on_hf} on HF Hub.")
+        # Path on HF is based on telegram_user_id_str
+        user_folder_path_on_hf = f"cloud_files/{telegram_user_id_str}"
+
+        logging.info(f"Attempting to delete HF Hub folder: {user_folder_path_on_hf} for user {telegram_user_id_str}")
+        # Deleting a folder might require deleting all files individually if API doesn't support recursive well
+        # For now, assume api.delete_folder works or handles non-empty state appropriately.
+        # Or, list all files and delete them first. This example uses delete_folder directly.
+        api.delete_folder( # This might fail if folder is not empty and API requires it
+            folder_path=user_folder_path_on_hf,
+            repo_id=REPO_ID,
+            repo_type="dataset",
+            token=HF_TOKEN_WRITE,
+            commit_message=f"ADMIN ACTION: Deleted all files/folders for user {telegram_user_id_str}"
+        )
+        logging.info(f"Successfully initiated deletion of folder {user_folder_path_on_hf} on HF Hub.")
+
     except hf_utils.HfHubHTTPError as e:
-         if e.response.status_code == 404: logger.warning(f"User folder {user_folder_path_on_hf} not found on HF Hub. Skipping HF deletion.")
+         if e.response.status_code == 404: # Not Found
+             logging.warning(f"User folder {user_folder_path_on_hf} not found on HF Hub for user {telegram_user_id_str}. Skipping HF deletion of folder.")
          else:
-             logger.error(f"Error deleting user folder {user_folder_path_on_hf} from HF Hub: {e}")
-             flash(f'Ошибка удаления файлов пользователя с сервера: {e}. Пользователь НЕ удален из базы.', 'error')
+             logging.error(f"Error deleting user folder {user_folder_path_on_hf} from HF Hub for {telegram_user_id_str}: {e}")
+             flash(f'Ошибка при удалении файлов п��льзователя {display_name} с сервера: {e}. Пользователь НЕ удален из базы.', 'error')
              return redirect(url_for('admin_panel'))
-    except Exception as e:
-        logger.error(f"Unexpected error during HF Hub folder deletion for tg_{tg_user_id_str}: {e}")
-        flash(f'Неожиданная ошибка при удалении файлов с сервера: {e}. Пользователь НЕ удален из базы.', 'error')
+    except Exception as e: # Other exceptions
+        logging.error(f"Unexpected error during HF Hub folder deletion for {telegram_user_id_str}: {e}")
+        flash(f'Неожиданная ошибка при удалении файлов {display_name} с сервера: {e}. Пользователь НЕ удален из базы.', 'error')
         return redirect(url_for('admin_panel'))
 
+    # If HF deletion was successful or skipped (404), proceed to delete from DB
     try:
-        del data['users'][tg_user_id_str]
+        del data['users'][telegram_user_id_str]
         save_data(data)
-        flash(f'Пользователь tg_{tg_user_id_str} и его файлы (запрос на удаление отправлен) успешно удалены из базы!')
-        logger.info(f"ADMIN ACTION: Successfully deleted user tg_{tg_user_id_str} from database.")
+        flash(f'Пользователь {display_name} (ID: {telegram_user_id_str}) и его файлы (запрос на удаление с сервера отправлен) успешно удалены из базы данных!')
+        logging.info(f"ADMIN ACTION: Successfully deleted user {telegram_user_id_str} from database.")
     except Exception as e:
-        logger.error(f"Error saving data after deleting user tg_{tg_user_id_str}: {e}")
-        flash(f'Файлы удалены с сервера, но ошибка при удалении пользователя из базы: {e}', 'error')
+        logging.error(f"Error saving data after deleting user {telegram_user_id_str}: {e}")
+        # This is problematic: user might be partially deleted.
+        flash(f'Файлы пользователя {display_name} могли быть удалены с сервера, но произошла ошибка при удалении пользователя из базы данных: {e}', 'error')
+
     return redirect(url_for('admin_panel'))
 
-@app.route('/admhosto/delete_file/<tg_user_id>/<file_id>', methods=['POST'])
-def admin_delete_file(tg_user_id, file_id):
-    if not is_admin_user(): flash('Доступ запрещен.', 'error'); return redirect(url_for('index'))
-    if not HF_TOKEN_WRITE: flash('Удаление невозможно: токен записи не настроен.', 'error'); return redirect(url_for('admin_user_files', tg_user_id=tg_user_id))
+
+@app.route('/admhosto/delete_file/<telegram_user_id_str_for_file>/<file_id>', methods=['POST'])
+def admin_delete_file(telegram_user_id_str_for_file, file_id):
+    if not is_admin_session():
+        flash('Доступ запрещен.', 'error')
+        return redirect(url_for('index_page')) # Or login if that's the admin entry
+    if not HF_TOKEN_WRITE:
+         flash('Удаление невозможно: токен для записи не настроен.', 'error')
+         return redirect(url_for('admin_user_files', telegram_user_id_str=telegram_user_id_str_for_file))
 
     data = load_data()
-    tg_user_id_str = str(tg_user_id)
-    user_data = data.get('users', {}).get(tg_user_id_str)
-    if not user_data: flash(f'Пользователь {tg_user_id_str} не найден.', 'error'); return redirect(url_for('admin_panel'))
+    user_storage_entry = data.get('users', {}).get(telegram_user_id_str_for_file)
+    if not user_storage_entry:
+        flash(f'Пользователь с ID {telegram_user_id_str_for_file} не найден.', 'error')
+        return redirect(url_for('admin_panel'))
 
-    file_node, parent_node = find_node_by_id(user_data['filesystem'], file_id)
-    if not file_node or file_node.get('type') != 'file' or not parent_node:
+    # Filesystem for the specific user
+    file_node, parent_node = find_node_by_id(user_storage_entry['filesystem'], file_id)
+
+    if not file_node or file_node.get('type') != 'file': # parent_node check is implicitly handled by remove_node
         flash('Файл не найден в структуре пользователя.', 'error')
-        return redirect(url_for('admin_user_files', tg_user_id=tg_user_id_str))
+        return redirect(url_for('admin_user_files', telegram_user_id_str=telegram_user_id_str_for_file))
 
     hf_path = file_node.get('path')
     original_filename = file_node.get('original_filename', 'файл')
 
     if not hf_path:
-        flash(f'Путь к файлу {original_filename} не найден. Удаление только из базы.', 'error')
-        if remove_node(user_data['filesystem'], file_id):
-            try: save_data(data); flash(f'Метад��нные файла {original_filename} удалены (путь отсутствовал).')
-            except Exception as e: flash('Ошибка сохранения (путь отсутствовал).', 'error'); logger.error(f"Admin delete file metadata save error (no path): {e}")
-        return redirect(url_for('admin_user_files', tg_user_id=tg_user_id_str))
+        flash(f'Ошибка: Путь к файлу {original_filename} не найден в метаданных. Удаление только из базы.', 'error')
+        if remove_node(user_storage_entry['filesystem'], file_id):
+            try:
+                save_data(data)
+                flash(f'Метаданные файла {original_filename} удалены (путь отсутствовал).')
+            except Exception as e:
+                 flash('Ошибка сохранения данных после удаления метаданных (путь отсутствовал).', 'error')
+                 logging.error(f"Admin delete file metadata save error (no path): {e}")
+        return redirect(url_for('admin_user_files', telegram_user_id_str=telegram_user_id_str_for_file))
 
     try:
         api = HfApi()
-        api.delete_file(path_in_repo=hf_path, repo_id=REPO_ID, repo_type="dataset", token=HF_TOKEN_WRITE,
-                        commit_message=f"ADMIN ACTION: Deleted file {original_filename} (ID: {file_id}) for user tg_{tg_user_id_str}")
-        logger.info(f"ADMIN ACTION: Deleted file {hf_path} from HF Hub for user tg_{tg_user_id_str}")
-        if remove_node(user_data['filesystem'], file_id):
-            try: save_data(data); flash(f'Файл {original_filename} успешно удален!')
-            except Exception as e: flash('Файл удален, ошибка обновления базы.', 'error'); logger.error(f"Admin delete file DB update error: {e}")
-        else: flash('Файл удален с сервера, но не найден в базе.', 'error')
-    except hf_utils.EntryNotFoundError:
-        logger.warning(f"ADMIN ACTION: File {hf_path} not found on HF Hub for tg_{tg_user_id_str}. Removing from DB.")
-        if remove_node(user_data['filesystem'], file_id):
-            try: save_data(data); flash(f'Файл {original_filename} не найден на сервере, удален из базы.')
-            except Exception as e: flash('Ошибка сохранения (файл не найден на сервере).', 'error'); logger.error(f"Admin delete file metadata save error (HF not found): {e}")
-        else: flash('Файл не найден ни на сервере, ни в базе.', 'error')
-    except Exception as e:
-        logger.error(f"ADMIN ACTION: Error deleting file {hf_path} for tg_{tg_user_id_str}: {e}")
-        flash(f'Ошибка удаления файла {original_filename}: {e}', 'error')
-    return redirect(url_for('admin_user_files', tg_user_id=tg_user_id_str))
+        admin_tg_username = session.get('telegram_username', 'UnknownAdmin')
+        commit_msg = f"ADMIN ACTION (by {admin_tg_username}): Deleted file {original_filename} (NodeID: {file_id}) for user {telegram_user_id_str_for_file}"
+        api.delete_file(
+            path_in_repo=hf_path,
+            repo_id=REPO_ID,
+            repo_type="dataset",
+            token=HF_TOKEN_WRITE,
+            commit_message=commit_msg
+        )
+        logging.info(f"ADMIN ACTION: Deleted file {hf_path} from HF Hub for user {telegram_user_id_str_for_file}")
 
+        if remove_node(user_storage_entry['filesystem'], file_id):
+            try:
+                save_data(data)
+                flash(f'Файл {original_filename} успешно удален!')
+            except Exception as e:
+                flash('Файл удален с сервера, но произошла ошибка обновления базы данных.', 'error')
+                logging.error(f"Admin delete file DB update error: {e}")
+        else:
+             # This state implies an inconsistency, should be rare
+             flash('Файл удален с сервера, но не найден в базе данных для удаления метаданных.', 'error')
 
-# --- TELEGRAM BOT ---
-async def start(update: Update, context: ContextTypes.DEFAULT_TYPE) -> None:
-    user = update.effective_user
-    if not WEB_APP_URL:
-        await update.message.reply_text("URL веб-приложения не настроен.")
-        return
+    except hf_utils.EntryNotFoundError:
+        logging.warning(f"ADMIN ACTION: File {hf_path} not found on HF Hub during delete for user {telegram_user_id_str_for_file}. Removing from DB.")
+        if remove_node(user_storage_entry['filesystem'], file_id):
+            try:
+                save_data(data)
+                flash(f'Файл {original_filename} не найден на сервере, удален из базы.')
+            except Exception as e:
+                 flash('Ошибка сохранения данных после удаления метаданных (файл не найден на сервере).', 'error')
+                 logging.error(f"Admin delete file metadata save error (HF not found): {e}")
+        else:
+            flash('Файл не найден ни на сервере, ни в базе данных.', 'error')
 
-    keyboard = [[InlineKeyboardButton("☁️ Открыть Zeus Cloud", web_app=WebAppInfo(url=WEB_APP_URL))]]
-    reply_markup = InlineKeyboardMarkup(keyboard)
-    await update.message.reply_text(f"Привет, {user.mention_html()}! Нажми кнопку ниже, чтобы открыть облако.", reply_markup=reply_markup, parse_mode='HTML')
+    except Exception as e:
+        logging.error(f"ADMIN ACTION: Error deleting file {hf_path} for {telegram_user_id_str_for_file}: {e}")
+        flash(f'Ошибка удаления файла {original_filename}: {e}', 'error')
 
-async def admin_command(update: Update, context: ContextTypes.DEFAULT_TYPE) -> None:
-    user_id = str(update.effective_user.id)
-    if user_id == str(ADMIN_TELEGRAM_ID):
-        if not WEB_APP_URL:
-            await update.message.reply_text("URL веб-приложения не настроен для админ-панели.")
-            return
-        
-        admin_url = WEB_APP_URL.strip('/') + '/admhosto' # Ensure it's the correct admin path
-        keyboard = [[InlineKeyboardButton("🛠️ Админ-панель", web_app=WebAppInfo(url=admin_url))]]
-        reply_markup = InlineKeyboardMarkup(keyboard)
-        await update.message.reply_text("Доступ к админ-панели:", reply_markup=reply_markup)
-    else:
-        await update.message.reply_text("У вас нет прав для доступа к админ-панели.")
+    return redirect(url_for('admin_user_files', telegram_user_id_str=telegram_user_id_str_for_file))
 
-def run_telegram_bot():
-    application = Application.builder().token(BOT_TOKEN).build()
-    application.add_handler(CommandHandler("start", start))
-    application.add_handler(CommandHandler("cloud", start)) # Alias for start
-    application.add_handler(CommandHandler("admin", admin_command)) # For admin panel
-    logger.info("Telegram bot started polling...")
-    application.run_polling()
 
-# --- MAIN EXECUTION ---
 if __name__ == '__main__':
-    if not WEB_APP_URL:
-        logger.critical("WEB_APP_URL environment variable is not set. The Mini App will not work correctly.")
-        # Decide if you want to exit or run with a warning
-        # exit(1) # Optional: exit if critical env var is missing
-    else:
-        logger.info(f"Web App URL is set to: {WEB_APP_URL}")
-
-
-    if not HF_TOKEN_WRITE: logger.warning("HF_TOKEN_WRITE not set. Uploads, deletions, backups will fail.")
-    if not HF_TOKEN_READ: logger.warning("HF_TOKEN_READ not set (or same as WRITE). Downloads/previews might fail for private repos if WRITE token also not set.")
+    if not BOT_API_TOKEN or BOT_API_TOKEN == "YOUR_TELEGRAM_BOT_TOKEN_HERE":
+        logging.error("CRITICAL: TELEGRAM_BOT_TOKEN is not set or is a placeholder. Telegram authentication will fail.")
+    if not ADMIN_TELEGRAM_IDS:
+        logging.warning("ADMIN_TELEGRAM_IDS is not set. Admin panel will not be accessible by any Telegram user.")
     
-    if ADMIN_TELEGRAM_ID == "YOUR_ADMIN_TELEGRAM_ID_HERE":
-        logger.warning("ADMIN_TELEGRAM_ID is not set. Admin panel functionality will not be secure or may not work as expected.")
+    if not HF_TOKEN_WRITE:
+        logging.warning("HF_TOKEN (write access) is not set. File uploads, deletions, and DB backups to HF will fail.")
+    if not HF_TOKEN_READ:
+        logging.warning("HF_TOKEN_READ is not set. Falling back to HF_TOKEN. File downloads/previews might fail for private repos if HF_TOKEN is also not set or invalid.")
 
-    if HF_TOKEN_WRITE:
-        logger.info("Performing initial database download before starting background backup.")
-        download_db_from_hf() 
+    # Initial DB download:
+    # Perform this once at startup before starting the backup thread or serving requests.
+    logging.info("Performing initial database download/check before starting.")
+    load_data() # This will trigger download_db_from_hf if needed and initialize local file
+
+    if HF_TOKEN_WRITE: # Only run backup thread if we can write to HF
         backup_thread = threading.Thread(target=periodic_backup, daemon=True)
         backup_thread.start()
-        logger.info("Periodic backup thread started.")
+        logging.info("Periodic database backup thread to Hugging Face Hub started.")
     else:
-        logger.warning("Periodic backup disabled (HF_TOKEN_WRITE not set).")
-        if HF_TOKEN_READ:
-            logger.info("Performing initial database download (read-only mode).")
-            download_db_from_hf()
-        else:
-            logger.warning("No read/write token. HF Hub DB operations disabled.")
-            if not os.path.exists(DATA_FILE):
-                 with open(DATA_FILE, 'w', encoding='utf-8') as f: json.dump({'users': {}}, f)
-                 logger.info(f"Created empty local DB file: {DATA_FILE}")
+        logging.warning("Periodic database backup to Hugging Face Hub is DISABLED because HF_TOKEN_WRITE is not set.")
 
-    bot_thread = threading.Thread(target=run_telegram_bot, daemon=True)
-    bot_thread.start()
-    
-    logger.info("Flask app starting...")
-    # Use a production-ready WSGI server like gunicorn or waitress in production
-    # For development/simplicity, Flask's built-in server:
-    app.run(host='0.0.0.0', port=int(os.environ.get('PORT', 7860)), debug=False)
\ No newline at end of file
+    app.run(debug=MOCK_TELEGRAM_MODE, host='0.0.0.0', port=7860) # Enable debug if MOCK_TELEGRAM_MODE is true
\ No newline at end of file