diff --git "a/app.py" "b/app.py"
--- "a/app.py"
+++ "b/app.py"
@@ -2,7 +2,8 @@
 # -*- coding: utf-8 -*-
 
 import os
-from flask import Flask, request, Response, render_template_string, jsonify, redirect, url_for, make_response
+import flask
+from flask import Flask, request, Response, render_template_string, jsonify, redirect, url_for, send_file
 import hmac
 import hashlib
 import json
@@ -12,27 +13,195 @@ from datetime import datetime
 import logging
 import threading
 from huggingface_hub import HfApi, hf_hub_download, list_repo_files
-from huggingface_hub.utils import RepositoryNotFoundError, HfHubHTTPError
-from werkzeug.utils import secure_filename
+from huggingface_hub.utils import RepositoryNotFoundError, EntryNotFoundError
+import mimetypes
+import io
 
 # --- Configuration ---
-BOT_TOKEN = os.getenv("BOT_TOKEN", "6750208873:AAE2hvPlJ99dBdhGa_Brre0IIpUdOvXxHt4")
+BOT_TOKEN = os.getenv("BOT_TOKEN", "6750208873:AAE2hvPlJ99dBdhGa_Brre0IIpUdOvXxHt4") # Use environment variable or default
 HOST = '0.0.0.0'
 PORT = 7860
+DATA_FILE = 'data.json' # Local file for user and file metadata
 
 # Hugging Face Settings
-REPO_ID = "Eluza133/Z1e1u"
-HF_UPLOAD_FOLDER = "uploads" # Base folder within the HF repo
+REPO_ID = os.getenv("HF_REPO_ID", "Eluza133/Z1e1u") # Target repository
+HF_DATA_FILE_PATH = "data.json" # Path for the metadata file within the HF repo
+HF_UPLOAD_FOLDER = "uploads"    # Folder within the HF repo to store user files
 HF_TOKEN_WRITE = os.getenv("HF_TOKEN_WRITE") # Token with write access
 HF_TOKEN_READ = os.getenv("HF_TOKEN_READ") # Token with read access (can be same as write)
 
-# File Upload Settings
-MAX_FILES_PER_UPLOAD = 20
+# Constants
+MAX_UPLOAD_FILES = 20
+AUTH_TIMEOUT = 86400 # 24 hours validity for initData
 
 app = Flask(__name__)
-logging.basicConfig(level=logging.INFO)
-app.secret_key = os.urandom(24)
-hf_api = HfApi()
+logging.basicConfig(level=logging.INFO, format='%(asctime)s - %(levelname)s - %(message)s')
+app.secret_key = os.urandom(24) # For potential future session use
+
+# --- Hugging Face & Data Handling ---
+_data_lock = threading.Lock()
+metadata_cache = {} # In-memory cache for data.json
+
+def get_hf_api(write=False):
+    token = HF_TOKEN_WRITE if write else HF_TOKEN_READ
+    if not token:
+        logging.warning(f"Hugging Face {'write' if write else 'read'} token not set.")
+        return None
+    return HfApi(token=token)
+
+def download_metadata_from_hf():
+    global metadata_cache
+    api = get_hf_api(write=False)
+    if not api:
+        logging.warning("HF Read token missing. Cannot download metadata.")
+        return False
+    try:
+        logging.info(f"Attempting to download {HF_DATA_FILE_PATH} from {REPO_ID}...")
+        download_path = hf_hub_download(
+            repo_id=REPO_ID,
+            filename=HF_DATA_FILE_PATH,
+            repo_type="dataset",
+            token=api.token,
+            local_dir=".",
+            local_dir_use_symlinks=False,
+            force_download=True,
+            etag_timeout=10
+        )
+        logging.info("Metadata file successfully downloaded from Hugging Face.")
+        with _data_lock:
+            try:
+                with open(download_path, 'r', encoding='utf-8') as f:
+                    metadata_cache = json.load(f)
+                logging.info("Successfully loaded downloaded metadata into cache.")
+            except (FileNotFoundError, json.JSONDecodeError) as e:
+                 logging.error(f"Error reading downloaded metadata file: {e}. Resetting cache.")
+                 metadata_cache = {}
+            # Clean up downloaded file? hf_hub_download uses a cache, maybe not needed.
+            # if os.path.exists(DATA_FILE) and download_path != DATA_FILE:
+            #     os.remove(download_path) # Remove temp download if different name
+        return True
+    except EntryNotFoundError:
+        logging.warning(f"Metadata file '{HF_DATA_FILE_PATH}' not found in repo '{REPO_ID}'. Starting fresh.")
+        with _data_lock:
+            metadata_cache = {}
+        return True # It's not an error, just no existing data
+    except RepositoryNotFoundError:
+        logging.error(f"Hugging Face repository '{REPO_ID}' not found. Cannot download metadata.")
+    except Exception as e:
+        logging.error(f"Error downloading metadata from Hugging Face: {e}", exc_info=True)
+    return False
+
+def load_local_metadata():
+    global metadata_cache
+    with _data_lock:
+        if not metadata_cache: # Only load from file if cache is empty
+            try:
+                with open(DATA_FILE, 'r', encoding='utf-8') as f:
+                    metadata_cache = json.load(f)
+                logging.info("Metadata loaded from local JSON.")
+            except FileNotFoundError:
+                logging.warning(f"{DATA_FILE} not found locally. Starting with empty data.")
+                metadata_cache = {}
+            except json.JSONDecodeError:
+                logging.error(f"Error decoding {DATA_FILE}. Starting with empty data.")
+                metadata_cache = {}
+            except Exception as e:
+                logging.error(f"Unexpected error loading metadata: {e}")
+                metadata_cache = {}
+        return metadata_cache
+
+def save_metadata(data_to_update=None):
+    global metadata_cache
+    with _data_lock:
+        try:
+            if data_to_update:
+                # Deep merge might be needed if updating nested structures
+                # For now, simple update assumes top-level keys (user IDs)
+                metadata_cache.update(data_to_update)
+
+            # Save updated cache to local file
+            with open(DATA_FILE, 'w', encoding='utf-8') as f:
+                json.dump(metadata_cache, f, ensure_ascii=False, indent=4)
+            logging.info(f"Metadata successfully saved locally to {DATA_FILE}.")
+
+            # Trigger async upload to HF after successful local save
+            upload_metadata_to_hf_async()
+            return True
+        except Exception as e:
+            logging.error(f"Error saving metadata: {e}", exc_info=True)
+            return False
+
+def update_user_file_metadata(user_id, file_info_list):
+    user_id_str = str(user_id)
+    with _data_lock:
+        if user_id_str not in metadata_cache:
+             metadata_cache[user_id_str] = {"user_info": {}, "files": []}
+
+        if "files" not in metadata_cache[user_id_str]:
+             metadata_cache[user_id_str]["files"] = []
+
+        # Add new files, potentially checking for duplicates if needed
+        existing_filenames = {f['filename'] for f in metadata_cache[user_id_str]["files"]}
+        new_files_added = 0
+        for file_info in file_info_list:
+             if file_info['filename'] not in existing_filenames:
+                 metadata_cache[user_id_str]["files"].append(file_info)
+                 existing_filenames.add(file_info['filename'])
+                 new_files_added += 1
+             else:
+                 # Handle update logic if a file with the same name is re-uploaded
+                 # For now, we just log it. Replace or versioning could be added.
+                 logging.warning(f"File '{file_info['filename']}' already exists for user {user_id}. Skipping add.")
+                 # Example: Update existing entry
+                 # for i, existing_file in enumerate(metadata_cache[user_id_str]["files"]):
+                 #    if existing_file['filename'] == file_info['filename']:
+                 #        metadata_cache[user_id_str]["files"][i] = file_info # Replace with new metadata
+                 #        break
+
+        if new_files_added > 0:
+             logging.info(f"Added {new_files_added} file metadata entries for user {user_id}.")
+             # Save metadata (which will trigger HF upload)
+             if not save_metadata():
+                  return False # Propagate save error
+        else:
+             logging.info(f"No new file metadata added for user {user_id}.")
+
+    return True # Indicate metadata was processed (even if no new files added)
+
+def _upload_metadata_to_hf_task():
+    api = get_hf_api(write=True)
+    if not api:
+        logging.warning("HF Write token missing. Skipping metadata upload.")
+        return
+    if not os.path.exists(DATA_FILE):
+        logging.warning(f"{DATA_FILE} does not exist locally. Skipping upload.")
+        return
+
+    try:
+        # Acquire lock only for reading the file path and ensuring it has content
+        with _data_lock:
+            if os.path.getsize(DATA_FILE) == 0:
+                logging.warning(f"{DATA_FILE} is empty. Skipping upload.")
+                # Optionally upload an empty file or a default structure like {}
+                # For now, skip.
+                return
+            file_to_upload = DATA_FILE # Use the local file path
+
+        logging.info(f"Attempting to upload {file_to_upload} to {REPO_ID}/{HF_DATA_FILE_PATH}...")
+        api.upload_file(
+            path_or_fileobj=file_to_upload,
+            path_in_repo=HF_DATA_FILE_PATH,
+            repo_id=REPO_ID,
+            repo_type="dataset",
+            commit_message=f"Update metadata {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}"
+        )
+        logging.info("Metadata successfully uploaded to Hugging Face.")
+    except Exception as e:
+        logging.error(f"Error uploading metadata to Hugging Face: {e}", exc_info=True)
+
+def upload_metadata_to_hf_async():
+     upload_thread = threading.Thread(target=_upload_metadata_to_hf_task, daemon=True)
+     upload_thread.start()
 
 # --- Telegram Verification ---
 def verify_telegram_data(init_data_str):
@@ -41,50 +210,97 @@ def verify_telegram_data(init_data_str):
         received_hash = parsed_data.pop('hash', [None])[0]
 
         if not received_hash:
-            logging.warning("Verification failed: Hash missing")
-            return None, False, "Хэш отсутствует"
+            logging.warning("Verification failed: Hash missing from initData.")
+            return None, False, "Hash missing"
 
         data_check_list = []
+        # Sort keys alphabetically for consistent string generation
         for key, value in sorted(parsed_data.items()):
+            # Make sure values are handled correctly (they are lists in parse_qs)
             data_check_list.append(f"{key}={value[0]}")
         data_check_string = "\n".join(data_check_list)
 
+        # Calculate secret key
         secret_key = hmac.new("WebAppData".encode(), BOT_TOKEN.encode(), hashlib.sha256).digest()
+        # Calculate data hash
         calculated_hash = hmac.new(secret_key, data_check_string.encode(), hashlib.sha256).hexdigest()
 
-        if calculated_hash == received_hash:
-            auth_date = int(parsed_data.get('auth_date', [0])[0])
-            current_time = int(time.time())
-            # Allow data up to 24 hours old, adjust if needed
-            if current_time - auth_date > 86400:
-                 logging.warning(f"Telegram InitData is older than 24 hours (Auth Date: {auth_date}, Current: {current_time}). Allowing.")
-                 # return parsed_data, False, "Данные авторизации устарели" # Uncomment to enforce stricter timeout
+        # Compare hashes
+        if calculated_hash != received_hash:
+            logging.warning(f"Verification failed: Hash mismatch. Calculated: {calculated_hash}, Received: {received_hash}")
+            return parsed_data, False, "Invalid hash"
+
+        # Check auth_date (timestamp)
+        auth_date = int(parsed_data.get('auth_date', [0])[0])
+        current_time = int(time.time())
+        if current_time - auth_date > AUTH_TIMEOUT:
+            logging.warning(f"Verification failed: initData expired. Auth time: {auth_date}, Current time: {current_time}")
+            return parsed_data, False, "Data expired"
+
+        # Extract user info if present
+        user_info_dict = None
+        if 'user' in parsed_data:
+            try:
+                user_json_str = unquote(parsed_data['user'][0])
+                user_info_dict = json.loads(user_json_str)
+            except Exception as e:
+                logging.error(f"Could not parse user JSON from initData: {e}")
+                # Continue verification, but user info might be missing
+
+        logging.info(f"Telegram data verified successfully for user ID: {user_info_dict.get('id') if user_info_dict else 'Unknown'}")
+        return user_info_dict, True, "Verified"
 
-            return parsed_data, True, "Верификация успешна"
-        else:
-            logging.warning(f"Verification failed. Calculated: {calculated_hash}, Received: {received_hash}")
-            return parsed_data, False, "Неверный хэш"
     except Exception as e:
-        logging.error(f"Error verifying Telegram data: {e}")
-        return None, False, f"Ошибка верификации: {e}"
+        logging.error(f"Error during Telegram data verification: {e}", exc_info=True)
+        return None, False, "Verification exception"
 
-def get_user_id_from_init_data(init_data_str):
-    parsed_data, is_valid, _ = verify_telegram_data(init_data_str)
+# --- User Authentication & Data Update ---
+def authenticate_and_get_user(init_data_str):
+    user_info, is_valid, message = verify_telegram_data(init_data_str)
     if not is_valid:
-        return None
+        return None, message
+
+    user_id = user_info.get('id') if user_info else None
+    if not user_id:
+        logging.warning("Verification successful but user ID is missing in user data.")
+        return None, "User ID missing"
+
+    user_id_str = str(user_id)
+
+    # Ensure user exists in metadata cache and update basic info if needed
+    with _data_lock:
+        should_save = False
+        if user_id_str not in metadata_cache:
+            metadata_cache[user_id_str] = {
+                "user_info": user_info,
+                "files": []
+            }
+            logging.info(f"New user registered: {user_id}")
+            should_save = True
+        else:
+            # Optionally update user_info if it has changed (e.g., name, username, photo)
+            # This requires comparing fields and deciding if an update is needed.
+            # Simple approach: Always update if provided.
+            if "user_info" not in metadata_cache[user_id_str] or metadata_cache[user_id_str]["user_info"] != user_info:
+                 metadata_cache[user_id_str]["user_info"] = user_info
+                 # logging.info(f"User info updated for user: {user_id}") # Can be noisy
+                 should_save = True # Save if info changed or was missing
+
+    # Save metadata only if the user was new or info was updated
+    if should_save:
+        # save_metadata is already thread-safe and uploads async
+        if not save_metadata():
+            # Handle save failure, though it's unlikely to fail just for user info update
+            logging.error(f"Failed to save metadata after updating/adding user {user_id}")
+            # Decide if this should prevent the user from proceeding. For now, allow.
+
+    return user_info, "Authenticated"
 
-    user_data_json = parsed_data.get('user', [None])[0]
-    if not user_data_json:
-        return None
-    try:
-        user_info = json.loads(unquote(user_data_json))
-        return user_info.get('id')
-    except (json.JSONDecodeError, TypeError) as e:
-        logging.error(f"Could not parse user data from initData: {e}")
-        return None
 
 # --- HTML Templates ---
-TEMPLATE = """
+
+# Main User Interface Template
+USER_TEMPLATE = """
 <!DOCTYPE html>
 <html lang="ru">
 <head>
@@ -94,296 +310,209 @@ TEMPLATE = """
     <script src="https://telegram.org/js/telegram-web-app.js"></script>
     <link rel="preconnect" href="https://fonts.googleapis.com">
     <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
-    <link href="https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700&display=swap" rel="stylesheet">
+    <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap" rel="stylesheet">
     <style>
         :root {
-            --tg-theme-bg-color: {{ theme.bg_color | default('#ffffff') }};
-            --tg-theme-text-color: {{ theme.text_color | default('#000000') }};
-            --tg-theme-hint-color: {{ theme.hint_color | default('#999999') }};
-            --tg-theme-link-color: {{ theme.link_color | default('#2481cc') }};
-            --tg-theme-button-color: {{ theme.button_color | default('#2481cc') }};
+            --tg-theme-bg-color: {{ theme.bg_color | default('#181818') }};
+            --tg-theme-text-color: {{ theme.text_color | default('#ffffff') }};
+            --tg-theme-hint-color: {{ theme.hint_color | default('#aaaaaa') }};
+            --tg-theme-link-color: {{ theme.link_color | default('#62bcf9') }};
+            --tg-theme-button-color: {{ theme.button_color | default('#31a5f5') }};
             --tg-theme-button-text-color: {{ theme.button_text_color | default('#ffffff') }};
-            --tg-theme-secondary-bg-color: {{ theme.secondary_bg_color | default('#f1f1f1') }};
+            --tg-theme-secondary-bg-color: {{ theme.secondary_bg_color | default('#212121') }};
+            --accent-gradient: linear-gradient(95deg, var(--tg-theme-button-color, #007aff), #5856d6);
             --border-radius: 12px;
             --padding: 16px;
-            --gap: 16px;
-            --font-family: 'Inter', -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif;
-            --shadow-color: rgba(0, 0, 0, 0.1);
+            --font-family: 'Inter', sans-serif;
+            --card-bg: var(--tg-theme-secondary-bg-color);
+            --shadow-color: rgba(0, 0, 0, 0.2);
         }
-
         * { box-sizing: border-box; margin: 0; padding: 0; }
-
+        html { background-color: var(--tg-theme-bg-color); }
         body {
             font-family: var(--font-family);
             background-color: var(--tg-theme-bg-color);
             color: var(--tg-theme-text-color);
             padding: var(--padding);
-            overscroll-behavior-y: none;
-            -webkit-font-smoothing: antialiased;
-            -moz-osx-font-smoothing: grayscale;
-            visibility: hidden;
-            min-height: 100vh;
-        }
-
-        .container {
-            max-width: 700px;
-            margin: 0 auto;
-            display: flex;
-            flex-direction: column;
-            gap: calc(var(--gap) * 1.5);
-        }
-
-        .header {
-            text-align: center;
-            margin-bottom: var(--gap);
-        }
-
-        .header h1 {
-            font-size: 2em;
-            font-weight: 700;
-            margin-bottom: 0.2em;
-            color: var(--tg-theme-text-color);
-        }
-
-        .header p {
-            font-size: 1em;
-            color: var(--tg-theme-hint-color);
+            padding-bottom: 100px; /* Space for upload button */
+            visibility: hidden; /* Hide until ready */
+            line-height: 1.5;
         }
-
-        .upload-section, .files-section {
-            background-color: var(--tg-theme-secondary-bg-color);
-            border-radius: var(--border-radius);
+        .container { max-width: 700px; margin: 0 auto; display: flex; flex-direction: column; gap: var(--padding); }
+        .header { display: flex; align-items: center; justify-content: space-between; padding-bottom: var(--padding); border-bottom: 1px solid rgba(255, 255, 255, 0.1); margin-bottom: var(--padding); }
+        .header h1 { font-size: 1.8em; font-weight: 600; }
+        .user-info { font-size: 0.9em; color: var(--tg-theme-hint-color); text-align: right; }
+        .upload-section {
+            background-color: var(--card-bg);
             padding: var(--padding);
+            border-radius: var(--border-radius);
             box-shadow: 0 4px 15px var(--shadow-color);
-            border: 1px solid rgba(0,0,0,0.05);
-        }
-
-        .section-title {
-            font-size: 1.5em;
-            font-weight: 600;
-            margin-bottom: var(--gap);
-            color: var(--tg-theme-text-color);
-            display: flex;
-            align-items: center;
-            gap: 8px;
+            text-align: center;
         }
-        .section-title .icon { font-size: 1.2em; opacity: 0.8; }
-        .icon-upload::before { content: '☁️'; }
-        .icon-files::before { content: '📁'; }
-        .icon-link::before { content: '🔗'; }
-        .icon-image::before { content: '🖼️'; }
-        .icon-video::before { content: '🎬'; }
-        .icon-audio::before { content: '🎵'; }
-        .icon-doc::before { content: '📄'; }
-        .icon-archive::before { content: '📦'; }
-        .icon-generic::before { content: '❔'; }
-
-
-        #upload-form label {
-            display: block;
-            padding: 12px 20px;
-            background-color: var(--tg-theme-button-color);
+        .upload-section h2 { font-size: 1.3em; margin-bottom: 12px; font-weight: 500; }
+        .file-input-label {
+            display: inline-block;
+            padding: 12px 25px;
+            background: var(--accent-gradient);
             color: var(--tg-theme-button-text-color);
             border-radius: var(--border-radius);
             cursor: pointer;
-            text-align: center;
             font-weight: 500;
-            margin-bottom: var(--gap);
-            transition: background-color 0.2s ease;
-        }
-        #upload-form label:hover {
-             filter: brightness(1.1);
+            transition: opacity 0.2s ease;
+            margin-bottom: 12px;
         }
-
-
+        .file-input-label:hover { opacity: 0.9; }
         #file-input { display: none; }
-
-        #file-list-preview {
-            margin-bottom: var(--gap);
-            font-size: 0.9em;
-            color: var(--tg-theme-hint-color);
-        }
-         #file-list-preview div {
-             padding: 5px 0;
-             white-space: nowrap;
-             overflow: hidden;
-             text-overflow: ellipsis;
-         }
-
-        .btn {
-            display: block; /* Make button full width */
-            width: 100%;
-            padding: 12px 20px;
-            border: none;
-            background: var(--tg-theme-button-color);
+        #upload-button {
+            display: block; width: 100%;
+            padding: 14px;
+            background-color: var(--tg-theme-button-color);
             color: var(--tg-theme-button-text-color);
-            font-size: 1em;
-            font-weight: 600;
-            border-radius: var(--border-radius);
-            cursor: pointer;
-            transition: all 0.2s ease;
-            text-align: center;
-        }
-
-        .btn:disabled {
-            background-color: var(--tg-theme-hint-color);
-            cursor: not-allowed;
-            opacity: 0.7;
+            border: none; border-radius: var(--border-radius);
+            font-size: 1em; font-weight: 600;
+            cursor: pointer; transition: background-color 0.2s ease;
+            opacity: 0.5; /* Disabled initially */
+            pointer-events: none; /* Disabled initially */
         }
-        .btn:not(:disabled):hover {
-            filter: brightness(1.1);
-            transform: translateY(-1px);
-        }
-        .btn .loader {
-             border: 3px solid rgba(255, 255, 255, 0.3);
-             border-radius: 50%;
-             border-top: 3px solid var(--tg-theme-button-text-color);
-             width: 18px;
-             height: 18px;
-             animation: spin 1s linear infinite;
-             display: inline-block;
-             margin-left: 10px;
-             vertical-align: middle;
-         }
-         @keyframes spin { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } }
-
-
-        #upload-status {
-            margin-top: var(--gap);
-            font-size: 0.9em;
-            text-align: center;
-            min-height: 1.2em; /* Reserve space */
-        }
-        .status-success { color: #28a745; } /* Green */
-        .status-error { color: #dc3545; } /* Red */
-        .status-info { color: var(--tg-theme-hint-color); }
-
-        #user-files-list {
-            list-style: none;
-            padding: 0;
-            margin: 0;
-        }
-
+        #upload-button.enabled { opacity: 1; pointer-events: auto; }
+        #upload-status { margin-top: 12px; font-size: 0.9em; color: var(--tg-theme-hint-color); min-height: 1.2em; }
+        .file-list-section { margin-top: var(--padding); }
+        .file-list-section h2 { font-size: 1.3em; margin-bottom: 12px; font-weight: 500; }
+        #file-list { list-style: none; padding: 0; display: grid; gap: 10px; }
         .file-item {
-            background-color: var(--tg-theme-bg-color);
+            background-color: var(--card-bg);
             padding: 12px var(--padding);
-            border-radius: calc(var(--border-radius) - 4px);
-            margin-bottom: calc(var(--gap) / 2);
-            display: flex;
-            align-items: center;
-            justify-content: space-between;
-            gap: var(--gap);
-            border: 1px solid rgba(0,0,0,0.08);
+            border-radius: var(--border-radius);
+            display: flex; align-items: center; justify-content: space-between;
+            box-shadow: 0 2px 8px rgba(0,0,0,0.1);
             transition: background-color 0.2s ease;
+            word-break: break-word;
         }
-        .file-item:hover {
-            background-color: rgba(0,0,0,0.03);
+        .file-item:hover { background-color: rgba(255, 255, 255, 0.08); }
+        .file-info { flex-grow: 1; margin-right: 10px; overflow: hidden; }
+        .file-name { font-weight: 500; display: block; white-space: nowrap; overflow: hidden; text-overflow: ellipsis; }
+        .file-meta { font-size: 0.8em; color: var(--tg-theme-hint-color); }
+        .file-actions a, .file-actions button {
+            display: inline-block;
+            padding: 6px 10px;
+            margin-left: 8px;
+            border-radius: 6px;
+            text-decoration: none;
+            font-size: 0.9em;
+            font-weight: 500;
+            cursor: pointer;
+            border: none;
+            transition: opacity 0.2s ease;
         }
-
-        .file-info {
-            display: flex;
-            align-items: center;
-            gap: 10px;
-            overflow: hidden; /* Prevent long names from breaking layout */
+        .file-actions a:hover, .file-actions button:hover { opacity: 0.8; }
+        .download-btn { background-color: var(--tg-theme-button-color); color: var(--tg-theme-button-text-color); }
+        .delete-btn { background-color: #dc3545; color: white; } /* Add delete styling */
+
+        .loading, .no-files { text-align: center; padding: 20px; color: var(--tg-theme-hint-color); }
+        .progress-bar { width: 100%; background-color: #ddd; border-radius: 4px; height: 8px; margin-top: 5px; display: none; }
+        .progress-bar-inner { height: 100%; width: 0%; background-color: var(--tg-theme-button-color); border-radius: 4px; transition: width 0.1s linear; }
+
+        /* Modal for viewing */
+        .modal {
+            display: none; position: fixed; z-index: 1001;
+            left: 0; top: 0; width: 100%; height: 100%;
+            overflow: auto; background-color: rgba(0,0,0,0.8);
+            backdrop-filter: blur(5px); -webkit-backdrop-filter: blur(5px);
+            animation: fadeIn 0.3s ease-out;
         }
-
-        .file-icon { font-size: 1.4em; opacity: 0.7; }
-
-        .file-name {
-            font-weight: 500;
-            white-space: nowrap;
-            overflow: hidden;
-            text-overflow: ellipsis;
-            flex-grow: 1;
-            color: var(--tg-theme-text-color);
+        @keyframes fadeIn { from { opacity: 0; } to { opacity: 1; } }
+        .modal-content {
+            margin: auto; display: block; max-width: 90%; max-height: 85%;
+            position: absolute; top: 50%; left: 50%; transform: translate(-50%, -50%);
         }
-
-        .file-actions a {
-            color: var(--tg-theme-link-color);
-            text-decoration: none;
-            font-size: 1.5em; /* Larger icon */
-            opacity: 0.8;
-            transition: opacity 0.2s ease;
-            padding: 5px; /* Easier to tap */
+        .modal-content img, .modal-content video, .modal-content audio {
+            display: block; width: auto; height: auto; max-width: 100%; max-height: 100%; margin: auto;
+            background-color: var(--tg-theme-bg-color); /* Add background for audio/video */
         }
-        .file-actions a:hover { opacity: 1; }
-
-        #loading-files, #no-files {
-            text-align: center;
-            color: var(--tg-theme-hint-color);
-            padding: var(--padding);
-            font-size: 1em;
+         .modal-close {
+            position: absolute; top: 15px; right: 35px; color: #f1f1f1; font-size: 40px;
+            font-weight: bold; transition: 0.3s; cursor: pointer; z-index: 1002;
+            text-shadow: 0 1px 3px rgba(0,0,0,0.5);
         }
-
-        #error-message {
-             background-color: #f8d7da;
-             color: #721c24;
-             padding: var(--padding);
-             border: 1px solid #f5c6cb;
-             border-radius: var(--border-radius);
-             margin-bottom: var(--gap);
-             text-align: center;
-             display: none; /* Hidden by default */
+        .modal-close:hover, .modal-close:focus { color: #bbb; text-decoration: none; }
+        .modal-caption {
+            margin: auto; display: block; width: 80%; max-width: 700px; text-align: center;
+            color: #ccc; padding: 10px 0; height: 50px; position: absolute; bottom: 15px; left: 50%; transform: translateX(-50%);
+            background: rgba(0,0,0,0.5); border-radius: 8px;
         }
-
-        #greeting {
-            text-align: center;
-            color: var(--tg-theme-hint-color);
-            font-size: 0.95em;
-            margin-top: var(--gap);
+         /* Add spinner styles */
+        .spinner {
+            border: 4px solid rgba(255, 255, 255, 0.3);
+            border-radius: 50%;
+            border-top: 4px solid var(--tg-theme-text-color);
+            width: 40px;
+            height: 40px;
+            animation: spin 1s linear infinite;
+            margin: 20px auto;
+            display: none; /* Initially hidden */
         }
+        @keyframes spin { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } }
+
     </style>
 </head>
 <body>
     <div class="container">
-        <div class="header">
+        <header class="header">
             <h1>Zeus Cloud</h1>
-            <p>Ваше персональное облачное хранилище</p>
-        </div>
-
-        <div id="error-message"></div>
+            <div class="user-info" id="user-greeting">Загрузка...</div>
+        </header>
 
         <section class="upload-section">
-            <h2 class="section-title"><span class="icon icon-upload"></span>Загрузить файлы</h2>
-            <form id="upload-form">
-                <label for="file-input">Выбрать файлы (до {{ max_files }} шт.)</label>
-                <input type="file" id="file-input" name="files" multiple accept="*.*">
-                <div id="file-list-preview"></div>
-                <button type="submit" id="upload-button" class="btn" disabled>
-                    <span id="upload-button-text">Выберите файлы для загрузки</span>
-                    <span class="loader" id="upload-loader" style="display: none;"></span>
-                </button>
-                <div id="upload-status"></div>
-            </form>
+            <h2>Загрузить файлы</h2>
+            <label for="file-input" class="file-input-label">Выбрать файлы (до {{ max_files }})</label>
+            <input type="file" id="file-input" multiple accept="*.*">
+            <div id="selected-files" style="margin-bottom: 10px; font-size: 0.9em; color: var(--tg-theme-hint-color);">Файлы не выбраны</div>
+            <button id="upload-button">Загрузить</button>
+            <div class="progress-bar" id="progress-bar"><div class="progress-bar-inner" id="progress-bar-inner"></div></div>
+            <div id="upload-status"></div>
         </section>
 
-        <section class="files-section">
-            <h2 class="section-title"><span class="icon icon-files"></span>Мои файлы</h2>
-            <div id="loading-files">Загрузка списка файлов...</div>
-            <ul id="user-files-list"></ul>
-            <div id="no-files" style="display: none;">У вас пока нет загруженных файлов.</div>
+        <section class="file-list-section">
+            <h2>Ваши файлы</h2>
+            <div class="spinner" id="loading-spinner"></div>
+            <ul id="file-list">
+                <li class="no-files" id="no-files-message" style="display: none;">У вас пока нет загруженных файлов.</li>
+            </ul>
         </section>
+    </div>
 
-        <footer id="greeting">Инициализация...</footer>
-
+    <!-- The Modal -->
+    <div id="viewerModal" class="modal">
+      <span class="modal-close" id="modalCloseBtn">×</span>
+      <div id="modalContent" class="modal-content">
+          <!-- Content (img/video/audio) will be loaded here -->
+      </div>
+      <div id="modalCaption" class="modal-caption"></div>
     </div>
 
     <script>
         const tg = window.Telegram.WebApp;
-        const uploadForm = document.getElementById('upload-form');
+        const MAX_FILES = {{ max_files }};
+        let currentFiles = []; // To hold selected File objects
+        let userInitData = '';
+
+        // Elements
         const fileInput = document.getElementById('file-input');
-        const fileListPreview = document.getElementById('file-list-preview');
         const uploadButton = document.getElementById('upload-button');
-        const uploadButtonText = document.getElementById('upload-button-text');
-        const uploadLoader = document.getElementById('upload-loader');
-        const uploadStatus = document.getElementById('upload-status');
-        const userFilesList = document.getElementById('user-files-list');
-        const loadingFiles = document.getElementById('loading-files');
-        const noFiles = document.getElementById('no-files');
-        const greetingElement = document.getElementById('greeting');
-        const errorMessageDiv = document.getElementById('error-message');
-        const MAX_FILES = {{ max_files }};
-        let isUploading = false;
+        const selectedFilesDiv = document.getElementById('selected-files');
+        const uploadStatusDiv = document.getElementById('upload-status');
+        const fileListUl = document.getElementById('file-list');
+        const noFilesMessage = document.getElementById('no-files-message');
+        const userGreeting = document.getElementById('user-greeting');
+        const loadingSpinner = document.getElementById('loading-spinner');
+        const progressBar = document.getElementById('progress-bar');
+        const progressBarInner = document.getElementById('progress-bar-inner');
+
+        // Modal elements
+        const modal = document.getElementById('viewerModal');
+        const modalContent = document.getElementById('modalContent');
+        const modalCaption = document.getElementById('modalCaption');
+        const modalCloseBtn = document.getElementById('modalCloseBtn');
 
         function applyTheme(themeParams) {
             const root = document.documentElement;
@@ -391,417 +520,901 @@ TEMPLATE = """
                 const cssVar = `--tg-theme-${key.replace(/_/g, '-')}`;
                 root.style.setProperty(cssVar, themeParams[key]);
             });
-             // Update root variables directly for template rendering fallback
-            root.style.setProperty('--tg-theme-bg-color', themeParams.bg_color || '#ffffff');
-            root.style.setProperty('--tg-theme-text-color', themeParams.text_color || '#000000');
-            root.style.setProperty('--tg-theme-hint-color', themeParams.hint_color || '#999999');
-            root.style.setProperty('--tg-theme-link-color', themeParams.link_color || '#2481cc');
-            root.style.setProperty('--tg-theme-button-color', themeParams.button_color || '#2481cc');
-            root.style.setProperty('--tg-theme-button-text-color', themeParams.button_text_color || '#ffffff');
-            root.style.setProperty('--tg-theme-secondary-bg-color', themeParams.secondary_bg_color || '#f1f1f1');
+             // Add fallback defaults for CSS vars used in the template
+             const defaults = {
+                 'bg_color': '#181818', 'text_color': '#ffffff', 'hint_color': '#aaaaaa',
+                 'link_color': '#62bcf9', 'button_color': '#31a5f5',
+                 'button_text_color': '#ffffff', 'secondary_bg_color': '#212121'
+             };
+             for (const key in defaults) {
+                 if (!themeParams[key]) {
+                      const cssVar = `--tg-theme-${key.replace(/_/g, '-')}`;
+                      root.style.setProperty(cssVar, defaults[key]);
+                 }
+             }
         }
 
-        function showError(message) {
-            errorMessageDiv.textContent = message;
-            errorMessageDiv.style.display = 'block';
-            if (tg.HapticFeedback) tg.HapticFeedback.notificationOccurred('error');
+        function formatBytes(bytes, decimals = 2) {
+            if (bytes === 0) return '0 Bytes';
+            const k = 1024;
+            const dm = decimals < 0 ? 0 : decimals;
+            const sizes = ['Bytes', 'KB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB', 'YB'];
+            const i = Math.floor(Math.log(bytes) / Math.log(k));
+            return parseFloat((bytes / Math.pow(k, i)).toFixed(dm)) + ' ' + sizes[i];
         }
 
-        function clearError() {
-            errorMessageDiv.style.display = 'none';
-            errorMessageDiv.textContent = '';
-        }
+        function displayFiles(files) {
+            fileListUl.innerHTML = ''; // Clear existing list
+            loadingSpinner.style.display = 'none';
 
-         function showStatus(message, type = 'info') {
-             uploadStatus.textContent = message;
-             uploadStatus.className = `status-${type}`; // Sets class like status-info, status-success, status-error
-         }
+            if (!files || files.length === 0) {
+                noFilesMessage.style.display = 'block';
+                return;
+            }
+            noFilesMessage.style.display = 'none';
+
+            files.sort((a, b) => b.uploaded_at_ts - a.uploaded_at_ts); // Sort by timestamp descending
+
+            files.forEach(file => {
+                const li = document.createElement('li');
+                li.classList.add('file-item');
+
+                const fileInfoDiv = document.createElement('div');
+                fileInfoDiv.classList.add('file-info');
+
+                const fileNameSpan = document.createElement('span');
+                fileNameSpan.classList.add('file-name');
+                fileNameSpan.textContent = file.filename;
+                fileInfoDiv.appendChild(fileNameSpan);
+
+                const fileMetaSpan = document.createElement('span');
+                fileMetaSpan.classList.add('file-meta');
+                const date = new Date(file.uploaded_at_ts * 1000).toLocaleString();
+                const size = file.size ? formatBytes(file.size) : '';
+                fileMetaSpan.textContent = `${date}${size ? ' - ' + size : ''}`;
+                fileInfoDiv.appendChild(fileMetaSpan);
+
+                const fileActionsDiv = document.createElement('div');
+                fileActionsDiv.classList.add('file-actions');
+
+                 // Add View button for specific types
+                const mimeType = file.content_type || '';
+                if (mimeType.startsWith('image/') || mimeType.startsWith('video/') || mimeType.startsWith('audio/')) {
+                    const viewButton = document.createElement('button');
+                    viewButton.textContent = '👁️'; // View icon
+                    viewButton.classList.add('view-btn'); // Add class if needed for specific styling
+                    viewButton.style.backgroundColor = '#6f42c1'; // Purple-ish
+                    viewButton.style.color = 'white';
+                    viewButton.title = 'Просмотр';
+                    viewButton.onclick = (e) => {
+                        e.stopPropagation(); // Prevent triggering li click if any
+                        openViewer(file);
+                    };
+                    fileActionsDiv.appendChild(viewButton);
+                }
 
-        function getFileIcon(filename) {
-            const extension = filename.split('.').pop().toLowerCase();
-            if (['jpg', 'jpeg', 'png', 'gif', 'bmp', 'webp', 'svg'].includes(extension)) return 'icon-image';
-            if (['mp4', 'avi', 'mov', 'wmv', 'mkv', 'webm'].includes(extension)) return 'icon-video';
-            if (['mp3', 'wav', 'ogg', 'aac', 'flac'].includes(extension)) return 'icon-audio';
-            if (['doc', 'docx', 'pdf', 'txt', 'rtf', 'odt'].includes(extension)) return 'icon-doc';
-            if (['zip', 'rar', '7z', 'tar', 'gz'].includes(extension)) return 'icon-archive';
-            return 'icon-generic'; // Default icon
-        }
 
-        async function loadFiles() {
-            loadingFiles.style.display = 'block';
-            userFilesList.innerHTML = '';
-            noFiles.style.display = 'none';
-            clearError();
+                const downloadLink = document.createElement('a');
+                downloadLink.classList.add('download-btn');
+                downloadLink.textContent = 'Скачать';
+                downloadLink.href = `/download/${encodeURIComponent(file.filename)}?initData=${encodeURIComponent(userInitData)}`;
+                downloadLink.target = '_blank'; // Open in new tab or trigger download
+                downloadLink.title = 'Скачать файл';
+                // Prevent modal opening if clicking download
+                downloadLink.onclick = (e) => e.stopPropagation();
+
+                fileActionsDiv.appendChild(downloadLink);
+
+                // Optional: Delete button
+                /*
+                const deleteButton = document.createElement('button');
+                deleteButton.classList.add('delete-btn');
+                deleteButton.textContent = 'Удалить';
+                deleteButton.onclick = (e) => {
+                    e.stopPropagation();
+                    deleteFile(file.filename);
+                };
+                fileActionsDiv.appendChild(deleteButton);
+                */
+
+                li.appendChild(fileInfoDiv);
+                li.appendChild(fileActionsDiv);
+                fileListUl.appendChild(li);
+            });
+        }
 
-            try {
-                const response = await fetch('/list_files', {
-                     method: 'POST', // Sending initData securely
-                     headers: {
-                         'Content-Type': 'application/json',
-                         'Accept': 'application/json'
-                     },
-                     body: JSON.stringify({ initData: tg.initData }),
+        async function fetchFiles() {
+             loadingSpinner.style.display = 'block';
+             noFilesMessage.style.display = 'none';
+             fileListUl.innerHTML = '';
+             try {
+                 const response = await fetch('/files', {
+                     method: 'POST',
+                     headers: { 'Content-Type': 'application/json' },
+                     body: JSON.stringify({ initData: userInitData })
                  });
+                 if (!response.ok) {
+                     const errorData = await response.json();
+                     throw new Error(errorData.message || `HTTP error! status: ${response.status}`);
+                 }
+                 const data = await response.json();
+                 displayFiles(data.files || []);
+             } catch (error) {
+                 console.error('Error fetching files:', error);
+                 uploadStatusDiv.textContent = `Ошибка загрузки списка файлов: ${error.message}`;
+                 uploadStatusDiv.style.color = 'red';
+                 loadingSpinner.style.display = 'none';
+                 noFilesMessage.style.display = 'block'; // Show no files message on error
+                 noFilesMessage.textContent = 'Не удалось загрузить список файлов.';
+             }
+         }
 
-                if (!response.ok) {
-                    const errorData = await response.json().catch(() => ({ message: `Ошибка сервера: ${response.status}` }));
-                    throw new Error(errorData.message || `Ошибка загрузки файлов: ${response.status}`);
-                }
-
-                const data = await response.json();
-
-                if (data.status === 'ok') {
-                    if (data.files && data.files.length > 0) {
-                        data.files.forEach(file => {
-                            const li = document.createElement('li');
-                            li.className = 'file-item';
-                            const fileIconClass = getFileIcon(file.name);
-                            li.innerHTML = `
-                                <div class="file-info">
-                                    <span class="file-icon ${fileIconClass}"></span>
-                                    <span class="file-name" title="${file.name}">${file.name}</span>
-                                </div>
-                                <div class="file-actions">
-                                    <a href="${file.url}" target="_blank" title="Открыть/Скачать">
-                                        <span class="icon-link"></span>
-                                    </a>
-                                </div>
-                            `;
-                            userFilesList.appendChild(li);
-                        });
-                        noFiles.style.display = 'none';
-                    } else {
-                        noFiles.style.display = 'block';
-                    }
-                } else {
-                    throw new Error(data.message || 'Не удалось получить список файлов.');
-                }
 
-            } catch (error) {
-                console.error('Error loading files:', error);
-                showError(`Не удалось загрузить список файлов: ${error.message}`);
-                noFiles.style.display = 'block'; // Show no files message on error
-            } finally {
-                loadingFiles.style.display = 'none';
+        function handleFileSelection(event) {
+            currentFiles = Array.from(event.target.files);
+            if (currentFiles.length > MAX_FILES) {
+                alert(`Вы можете выбрать не более ${MAX_FILES} файлов за раз.`);
+                currentFiles = currentFiles.slice(0, MAX_FILES); // Keep only the first MAX_FILES
+                // Reset file input visually? Difficult, maybe just update text.
             }
-        }
 
-        function handleFileSelection() {
-            const files = fileInput.files;
-            fileListPreview.innerHTML = ''; // Clear previous preview
-            if (files.length === 0) {
-                uploadButtonText.textContent = 'Выберите файлы для загрузки';
-                uploadButton.disabled = true;
-            } else if (files.length > MAX_FILES) {
-                 uploadButtonText.textContent = `Слишком много файлов (${files.length})`;
-                 showStatus(`Выбрано ${files.length} файлов. Максимум ${MAX_FILES}.`, 'error');
-                 uploadButton.disabled = true;
-                 for (let i = 0; i < files.length; i++) {
-                      const div = document.createElement('div');
-                      div.textContent = `❌ ${files[i].name}`; // Indicate error visually
-                      fileListPreview.appendChild(div);
-                  }
-            } else {
-                uploadButtonText.textContent = `Загрузить ${files.length} файл(а)`;
+            if (currentFiles.length > 0) {
+                selectedFilesDiv.textContent = `${currentFiles.length} файл(ов) выбрано: ${currentFiles.map(f => f.name).join(', ')}`;
+                uploadButton.classList.add('enabled');
                 uploadButton.disabled = false;
-                showStatus(''); // Clear status
-                 for (let i = 0; i < files.length; i++) {
-                      const div = document.createElement('div');
-                      div.textContent = `• ${files[i].name}`;
-                      fileListPreview.appendChild(div);
-                  }
+            } else {
+                selectedFilesDiv.textContent = 'Файлы не выбраны';
+                uploadButton.classList.remove('enabled');
+                uploadButton.disabled = true;
             }
+            // Clear previous status
+            uploadStatusDiv.textContent = '';
+            progressBar.style.display = 'none';
+            progressBarInner.style.width = '0%';
         }
 
-        async function handleUpload(event) {
-            event.preventDefault();
-            if (isUploading || fileInput.files.length === 0 || fileInput.files.length > MAX_FILES) {
+        async function handleUpload() {
+            if (currentFiles.length === 0 || !userInitData) {
+                uploadStatusDiv.textContent = 'Выберите файлы для загрузки.';
                 return;
             }
 
-            isUploading = true;
-            clearError();
+            uploadButton.classList.remove('enabled');
             uploadButton.disabled = true;
-            uploadLoader.style.display = 'inline-block';
-            uploadButtonText.textContent = 'Загрузка...';
-            showStatus('Подготовка к загрузке...', 'info');
+            uploadStatusDiv.textContent = 'Загрузка началась...';
+            uploadStatusDiv.style.color = 'var(--tg-theme-hint-color)';
+            progressBar.style.display = 'block';
+            progressBarInner.style.width = '0%';
 
             const formData = new FormData();
-            formData.append('initData', tg.initData); // Send initData securely with the upload
-
-            for (let i = 0; i < fileInput.files.length; i++) {
-                formData.append('files', fileInput.files[i]);
-            }
+            currentFiles.forEach(file => {
+                formData.append('files', file); // Key must match Flask backend: request.files.getlist('files')
+            });
+            formData.append('initData', userInitData); // Send auth data
 
             try {
-                showStatus(`Загрузка ${fileInput.files.length} файл(ов)...`, 'info');
-                 const response = await fetch('/upload', {
-                     method: 'POST',
-                     body: formData,
-                     // Content-Type is automatically set by browser for FormData
-                 });
+                // Use XMLHttpRequest for progress tracking
+                const xhr = new XMLHttpRequest();
+                xhr.open('POST', '/upload', true);
+
+                 // Progress event
+                 xhr.upload.onprogress = function(event) {
+                     if (event.lengthComputable) {
+                         const percentComplete = (event.loaded / event.total) * 100;
+                         progressBarInner.style.width = percentComplete + '%';
+                         uploadStatusDiv.textContent = `Загрузка... ${Math.round(percentComplete)}%`;
+                     }
+                 };
+
+                 // Upload finished event
+                 xhr.onload = function() {
+                     progressBar.style.display = 'none'; // Hide progress bar on completion
+                     if (xhr.status >= 200 && xhr.status < 300) {
+                         const data = JSON.parse(xhr.responseText);
+                         uploadStatusDiv.textContent = data.message || 'Загрузка успешно завершена!';
+                         uploadStatusDiv.style.color = 'green';
+                         // Clear selection and refresh file list
+                         fileInput.value = ''; // Reset file input
+                         currentFiles = [];
+                         selectedFilesDiv.textContent = 'Файлы не выбраны';
+                         fetchFiles(); // Refresh list
+                     } else {
+                         // Handle error
+                         let errorMessage = `Ошибка загрузки (Статус: ${xhr.status})`;
+                         try {
+                             const errorData = JSON.parse(xhr.responseText);
+                             errorMessage = errorData.message || errorMessage;
+                         } catch (e) {
+                             // Use default message if response is not JSON
+                         }
+                         throw new Error(errorMessage);
+                     }
+                 };
+
+                 // Upload error event
+                 xhr.onerror = function() {
+                     progressBar.style.display = 'none';
+                     throw new Error('Сетевая ошибка при загрузке.');
+                 };
+
+                 xhr.send(formData);
+
+             } catch (error) {
+                 console.error('Upload error:', error);
+                 uploadStatusDiv.textContent = `Ошибка: ${error.message}`;
+                 uploadStatusDiv.style.color = 'red';
+                 // Re-enable button on error
+                 uploadButton.classList.add('enabled');
+                 uploadButton.disabled = false;
+                 progressBar.style.display = 'none';
+             }
+        }
 
-                const data = await response.json();
+         // --- Viewer Modal Logic ---
+         function openViewer(file) {
+             modal.style.display = 'block';
+             modalContent.innerHTML = ''; // Clear previous content
+             modalCaption.textContent = file.filename;
+             const mimeType = file.content_type || '';
+             const downloadUrl = `/download/${encodeURIComponent(file.filename)}?initData=${encodeURIComponent(userInitData)}`;
+
+             let element;
+             if (mimeType.startsWith('image/')) {
+                 element = document.createElement('img');
+                 element.src = downloadUrl;
+                 element.alt = file.filename;
+             } else if (mimeType.startsWith('video/')) {
+                 element = document.createElement('video');
+                 element.src = downloadUrl;
+                 element.controls = true;
+                 element.autoplay = true; // Optional: start playing
+             } else if (mimeType.startsWith('audio/')) {
+                 element = document.createElement('audio');
+                 element.src = downloadUrl;
+                 element.controls = true;
+                 element.autoplay = true; // Optional: start playing
+                 element.style.padding = '20px'; // Add some padding for controls
+             }
 
-                if (response.ok && data.status === 'ok') {
-                    showStatus(data.message || 'Файлы успешно загружены!', 'success');
-                    if (tg.HapticFeedback) tg.HapticFeedback.notificationOccurred('success');
-                    fileInput.value = ''; // Reset file input
-                    handleFileSelection(); // Update button state and preview
-                    await loadFiles(); // Refresh the file list
-                } else {
-                    throw new Error(data.message || `Ошибка загрузки: ${response.status}`);
-                }
-            } catch (error) {
-                console.error('Upload error:', error);
-                showStatus(`Ошибка: ${error.message}`, 'error');
-                showError(`Не удалось загрузить файлы: ${error.message}`);
-                 if (tg.HapticFeedback) tg.HapticFeedback.notificationOccurred('error');
-            } finally {
-                isUploading = false;
-                uploadLoader.style.display = 'none';
-                // Restore button text based on current file selection (might be empty now)
-                handleFileSelection();
-                 // Re-enable button only if files are selected and valid count
-                 uploadButton.disabled = (fileInput.files.length === 0 || fileInput.files.length > MAX_FILES);
-            }
-        }
+             if (element) {
+                 modalContent.appendChild(element);
+                 if (tg.HapticFeedback) {
+                     tg.HapticFeedback.impactOccurred('light');
+                 }
+             } else {
+                 modalCaption.textContent = 'Предпросмотр недоступен для этого типа файла.';
+             }
+         }
 
+         function closeViewer() {
+             modal.style.display = 'none';
+             // Important: Stop video/audio playback when closing
+             const mediaElement = modalContent.querySelector('video, audio');
+             if (mediaElement) {
+                 mediaElement.pause();
+                 mediaElement.src = ''; // Detach source
+             }
+             modalContent.innerHTML = ''; // Clear content
+         }
+
+         // Close modal listeners
+         modalCloseBtn.onclick = closeViewer;
+         modal.onclick = function(event) {
+             // Close if clicking on the background, not the content itself
+             if (event.target === modal) {
+                 closeViewer();
+             }
+         };
+         // --- End Viewer Modal Logic ---
 
-         function setupTelegram() {
+
+        function setupTelegram() {
              if (!tg || !tg.initData) {
-                 console.error("Telegram WebApp script не загружен или initData отсутствует.");
-                 greetingElement.textContent = 'Не удалось связаться с Telegram.';
-                 document.body.style.visibility = 'visible'; // Show body even if TG fails
-                 showError('Не удалось инициализировать приложение Telegram.');
+                 console.error("Telegram WebApp script not loaded or initData is missing.");
+                 userGreeting.textContent = 'Ошибка: Не удалось инициализировать Telegram.';
+                 document.body.style.visibility = 'visible'; // Show body anyway
                  return;
              }
 
-            try {
-                tg.ready();
-                tg.expand();
+             tg.ready();
+             tg.expand();
 
-                applyTheme(tg.themeParams);
-                tg.onEvent('themeChanged', () => applyTheme(tg.themeParams));
+             applyTheme(tg.themeParams);
+             tg.onEvent('themeChanged', () => applyTheme(tg.themeParams));
 
-                 // Initial verification call (optional, as actions verify anyway)
-                 fetch('/verify', {
-                     method: 'POST',
-                     headers: { 'Content-Type': 'application/json' },
-                     body: JSON.stringify({ initData: tg.initData }),
-                 }).then(response => response.json())
-                   .then(data => {
-                       if (data.status === 'ok' && data.verified) {
-                           console.log('Initial verification successful.');
-                            const user = data.user || tg.initDataUnsafe?.user;
-                            if (user) {
-                                const name = user.first_name || user.username || 'Пользователь';
-                                greetingElement.textContent = `Привет, ${name}! 👋`;
-                            } else {
-                                 greetingElement.textContent = 'Добро пожаловать!';
-                            }
-                            // Load files only after successful verification potentially
-                            loadFiles();
-                       } else {
-                           console.warn('Initial verification failed:', data.message);
-                           greetingElement.textContent = 'Добро пожаловать!';
-                           showError(`Ошибка авторизации: ${data.message || 'Неверные данные'}. Обновите приложение.`);
-                           // Don't load files if initial verify fails strictly
-                       }
-                   }).catch(error => {
-                        console.error('Initial verification request failed:', error);
-                        greetingElement.textContent = 'Ошибка соединения.';
-                        showError('Не удалось проверить авторизацию. Проверьте интернет-соединение.');
-                   });
-
-
-                fileInput.addEventListener('change', handleFileSelection);
-                uploadForm.addEventListener('submit', handleUpload);
-
-                 document.body.style.visibility = 'visible';
-
-            } catch (error) {
-                 console.error("Error during Telegram setup:", error);
-                 greetingElement.textContent = 'Ошибка инициализации.';
-                 showError(`Критическая ошибка: ${error.message}`);
-                 document.body.style.visibility = 'visible';
-            }
+             userInitData = tg.initData;
+
+             // Display user greeting
+             const user = tg.initDataUnsafe?.user;
+             if (user) {
+                 const name = user.first_name || user.username || 'Пользователь';
+                 userGreeting.textContent = `Привет, ${name}!`;
+             } else {
+                 userGreeting.textContent = 'Привет!';
+             }
+
+             // Initial fetch of files
+             fetchFiles();
+
+             // Add event listeners
+             fileInput.addEventListener('change', handleFileSelection);
+             uploadButton.addEventListener('click', handleUpload);
+
+             document.body.style.visibility = 'visible';
          }
 
 
-         // Attempt immediate setup, fallback to onload
+        // --- Initialization ---
         if (window.Telegram && window.Telegram.WebApp) {
-            setupTelegram();
-        } else {
-            console.warn("Telegram WebApp script not immediately available, waiting for window.onload");
-            window.addEventListener('load', setupTelegram);
-            setTimeout(() => {
-                 if (document.body.style.visibility !== 'visible') {
-                      console.error("Telegram WebApp script fallback timeout triggered.");
-                      greetingElement.textContent = 'Ошибка загрузки интерфейса Telegram.';
-                      showError('Не удалось загрузить интерфейс Telegram. Попробуйте перезапустить.');
-                      document.body.style.visibility = 'visible';
-                  }
-             }, 3500);
-        }
+             setupTelegram();
+         } else {
+             console.warn("Telegram WebApp script not immediately available, waiting for window.onload");
+             window.addEventListener('load', setupTelegram);
+              // Fallback timeout
+              setTimeout(() => {
+                  if (document.body.style.visibility !== 'visible') {
+                       console.error("Telegram WebApp script fallback timeout triggered.");
+                       userGreeting.textContent = 'Ошибка загрузки интерфейса Telegram.';
+                       document.body.style.visibility = 'visible';
+                   }
+              }, 3500);
+         }
 
     </script>
 </body>
 </html>
 """
 
+# Admin Panel Template
+ADMIN_TEMPLATE = """
+<!DOCTYPE html>
+<html lang="ru">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Admin - Zeus Cloud</title>
+    <link rel="preconnect" href="https://fonts.googleapis.com">
+    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+    <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600&display=swap" rel="stylesheet">
+    <style>
+        :root {
+            --admin-bg: #f8f9fa; --admin-text: #212529; --admin-card-bg: #ffffff;
+            --admin-border: #dee2e6; --admin-shadow: rgba(0, 0, 0, 0.05);
+            --admin-primary: #0d6efd; --admin-secondary: #6c757d;
+            --border-radius: 12px; --padding: 1.5rem; --font-family: 'Inter', sans-serif;
+        }
+        body { font-family: var(--font-family); background-color: var(--admin-bg); color: var(--admin-text); margin: 0; padding: var(--padding); line-height: 1.6; }
+        .container { max-width: 1140px; margin: 0 auto; }
+        h1 { text-align: center; color: var(--admin-secondary); margin-bottom: var(--padding); font-weight: 600; }
+        .alert { background-color: #fff3cd; border-left: 6px solid #ffc107; margin-bottom: var(--padding); padding: 1rem 1.5rem; color: #664d03; border-radius: 8px; text-align: center; font-weight: 500; }
+        .user-grid { display: grid; grid-template-columns: repeat(auto-fill, minmax(300px, 1fr)); gap: var(--padding); margin-top: var(--padding); }
+        .user-card {
+            background-color: var(--admin-card-bg); border-radius: var(--border-radius); padding: var(--padding);
+            box-shadow: 0 4px 15px var(--admin-shadow); border: 1px solid var(--admin-border);
+            display: flex; flex-direction: column; transition: transform 0.2s ease, box-shadow 0.2s ease;
+        }
+        .user-card:hover { transform: translateY(-5px); box-shadow: 0 8px 25px rgba(0, 0, 0, 0.08); }
+        .user-header { display: flex; align-items: center; margin-bottom: 1rem; gap: 1rem; }
+        .user-header img { width: 60px; height: 60px; border-radius: 50%; object-fit: cover; border: 3px solid var(--admin-border); background-color: #eee; }
+        .user-info .name { font-weight: 600; font-size: 1.15em; color: var(--admin-primary); margin-bottom: 0.2rem; }
+        .user-info .username { color: var(--admin-secondary); font-size: 0.9em; }
+        .user-info .user-id { font-size: 0.8em; color: #888; }
+        .user-details { font-size: 0.9em; color: #495057; }
+        .user-details strong { color: var(--admin-text); }
+        .file-count { margin-top: 1rem; font-weight: 500; }
+        .view-files-btn {
+            display: inline-block; margin-top: 1rem; padding: 8px 16px; background-color: var(--admin-primary);
+            color: white; text-decoration: none; border-radius: 8px; font-size: 0.9em; text-align: center;
+            transition: background-color 0.2s ease;
+        }
+        .view-files-btn:hover { background-color: #0b5ed7; }
+        .no-users { text-align: center; color: var(--admin-secondary); margin-top: 2rem; font-size: 1.1em; }
+         .admin-controls { /* Style as needed, similar to original */
+             background: var(--admin-card-bg); padding: var(--padding); border-radius: var(--border-radius);
+             box-shadow: 0 4px 15px var(--admin-shadow); border: 1px solid var(--admin-border);
+             margin-bottom: var(--padding); text-align: center;
+         }
+          .admin-controls h2 { margin-top: 0; margin-bottom: 1rem; font-weight: 600; color: var(--admin-secondary); }
+          .admin-controls .btn { padding: 10px 18px; font-size: 0.95em; font-weight: 500; border: none; border-radius: 8px; cursor: pointer; transition: all 0.2s ease; margin: 0.5rem; color: #fff; }
+          .admin-controls .btn-refresh-meta { background-color: var(--admin-primary); }
+          .admin-controls .btn-refresh-meta:hover { background-color: #0b5ed7; }
+          .admin-controls .status { font-size: 0.9em; margin-top: 1rem; color: var(--admin-secondary); min-height: 1.2em; }
+          .admin-controls .loader { border: 4px solid #f3f3f3; border-radius: 50%; border-top: 4px solid var(--admin-primary); width: 20px; height: 20px; animation: spin 1s linear infinite; display: inline-block; margin-left: 10px; vertical-align: middle; display: none; }
+          @keyframes spin { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <h1>Zeus Cloud - Админ Панель</h1>
+        <div class="alert">ВНИМАНИЕ: Этот раздел не защищен! Добавьте аутентификацию для реального использования.</div>
+
+         <div class="admin-controls">
+             <h2>Управление метаданными</h2>
+             <button class="btn btn-refresh-meta" onclick="triggerDownloadMeta()">Скачать data.json с HF</button>
+             <div class="loader" id="loader"></div>
+             <div class="status" id="status-message"></div>
+         </div>
+
+        {% if users %}
+            <div class="user-grid">
+                {% for user_id, data in users.items() %}
+                    <div class="user-card">
+                        <div class="user-header">
+                             <img src="{{ data.user_info.photo_url if data.user_info and data.user_info.photo_url else 'data:image/svg+xml;charset=UTF-8,%3csvg xmlns=%27http://www.w3.org/2000/svg%27 viewBox=%270 0 100 100%27%3e%3crect width=%27100%27 height=%27100%27 fill=%27%23e9ecef%27/%3e%3ctext x=%2750%25%27 y=%2755%25%27 dominant-baseline=%27middle%27 text-anchor=%27middle%27 font-size=%2745%27 font-family=%27sans-serif%27 fill=%27%23adb5bd%27%3e?%3c/text%3e%3c/svg%3e' }}" alt="User Avatar">
+                            <div class="user-info">
+                                <div class="name">{{ data.user_info.first_name or 'N/A' }} {{ data.user_info.last_name or '' }}</div>
+                                {% if data.user_info and data.user_info.username %}
+                                    <div class="username"><a href="https://t.me/{{ data.user_info.username }}" target="_blank" style="color: inherit; text-decoration: none;">@{{ data.user_info.username }}</a></div>
+                                {% endif %}
+                                <div class="user-id">ID: {{ user_id }}</div>
+                            </div>
+                        </div>
+                        <div class="user-details">
+                           <div><strong>Язык:</strong> {{ data.user_info.language_code or 'N/A' }}</div>
+                           <div><strong>Premium:</strong> {{ 'Да' if data.user_info and data.user_info.is_premium else 'Нет' }}</div>
+                        </div>
+                        <div class="file-count">
+                            Файлов загружено: {{ data.files|length if data.files else 0 }}
+                        </div>
+                        <a href="{{ url_for('admin_user_files', user_id=user_id) }}" class="view-files-btn">Просмотреть файлы</a>
+                    </div>
+                {% endfor %}
+            </div>
+        {% else %}
+            <p class="no-users">Пользователей не найдено.</p>
+        {% endif %}
+    </div>
+    <script>
+         const loader = document.getElementById('loader');
+         const statusMessage = document.getElementById('status-message');
+
+         async function handleFetch(url, action) {
+             loader.style.display = 'inline-block';
+             statusMessage.textContent = `Выполняется ${action}...`;
+             statusMessage.style.color = 'var(--admin-secondary)';
+             try {
+                 const response = await fetch(url, { method: 'POST' });
+                 const data = await response.json();
+                 if (response.ok && data.status === 'ok') {
+                     statusMessage.textContent = data.message;
+                     statusMessage.style.color = '#198754'; // Success color
+                     if (action === 'скачивание метаданных') {
+                         setTimeout(() => location.reload(), 1500); // Reload after download success
+                     }
+                 } else {
+                     throw new Error(data.message || 'Произошла ошибка');
+                 }
+             } catch (error) {
+                 statusMessage.textContent = `Ошибка ${action}: ${error.message}`;
+                 statusMessage.style.color = '#dc3545'; // Danger color
+                 console.error(`Error during ${action}:`, error);
+             } finally {
+                 loader.style.display = 'none';
+             }
+         }
+         function triggerDownloadMeta() {
+             handleFetch("{{ url_for('admin_trigger_download_metadata') }}", 'скачивание метаданных');
+         }
+    </script>
+</body>
+</html>
+"""
+
+ADMIN_USER_FILES_TEMPLATE = """
+<!DOCTYPE html>
+<html lang="ru">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Файлы пользователя {{ user_info.first_name or user_id }} - Admin</title>
+    <link rel="preconnect" href="https://fonts.googleapis.com">
+    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+    <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600&display=swap" rel="stylesheet">
+    <style>
+        :root { /* Use same vars as admin */
+            --admin-bg: #f8f9fa; --admin-text: #212529; --admin-card-bg: #ffffff;
+            --admin-border: #dee2e6; --admin-shadow: rgba(0, 0, 0, 0.05);
+            --admin-primary: #0d6efd; --admin-secondary: #6c757d;
+            --border-radius: 12px; --padding: 1.5rem; --font-family: 'Inter', sans-serif;
+        }
+        body { font-family: var(--font-family); background-color: var(--admin-bg); color: var(--admin-text); margin: 0; padding: var(--padding); line-height: 1.6; }
+        .container { max-width: 960px; margin: 0 auto; }
+        h1 { color: var(--admin-secondary); margin-bottom: 0.5rem; font-weight: 600; }
+        .user-identifier { color: var(--admin-primary); font-weight: 500; margin-bottom: var(--padding); }
+        .back-link { display: inline-block; margin-bottom: var(--padding); color: var(--admin-primary); text-decoration: none; font-weight: 500; }
+        .back-link:hover { text-decoration: underline; }
+        .file-table { width: 100%; border-collapse: collapse; margin-top: var(--padding); background-color: var(--admin-card-bg); border-radius: var(--border-radius); box-shadow: 0 4px 15px var(--admin-shadow); overflow: hidden; border: 1px solid var(--admin-border); }
+        .file-table th, .file-table td { padding: 12px 15px; text-align: left; border-bottom: 1px solid var(--admin-border); }
+        .file-table th { background-color: #f1f3f5; font-weight: 600; font-size: 0.9em; text-transform: uppercase; letter-spacing: 0.5px; }
+        .file-table tr:last-child td { border-bottom: none; }
+        .file-table tr:hover { background-color: #f8f9fa; }
+        .file-table td { font-size: 0.95em; word-break: break-word; }
+        .filename { font-weight: 500; }
+        .filesize, .filedate { color: var(--admin-secondary); font-size: 0.9em; }
+        .actions a {
+            display: inline-block; padding: 6px 12px; background-color: var(--admin-primary); color: white;
+            text-decoration: none; border-radius: 6px; font-size: 0.85em; transition: background-color 0.2s ease;
+        }
+        .actions a:hover { background-color: #0b5ed7; }
+        .no-files { text-align: center; color: var(--admin-secondary); margin-top: 2rem; font-size: 1.1em; }
+         /* Responsive table */
+         @media screen and (max-width: 768px) {
+             .file-table { border: 0; box-shadow: none; }
+             .file-table thead { display: none; }
+             .file-table tr { display: block; margin-bottom: 1rem; border: 1px solid var(--admin-border); border-radius: var(--border-radius); background-color: var(--admin-card-bg); box-shadow: 0 2px 8px var(--admin-shadow); }
+             .file-table td { display: block; text-align: right; padding-left: 50%; position: relative; border-bottom: 1px solid #eee; }
+             .file-table td::before {
+                 content: attr(data-label); position: absolute; left: 15px; width: calc(50% - 30px);
+                 padding-right: 10px; white-space: nowrap; text-align: left; font-weight: bold;
+                 font-size: 0.9em; text-transform: uppercase; color: var(--admin-secondary);
+             }
+             .file-table td:last-child { border-bottom: 0; }
+             .actions { text-align: right !important; } /* Force right align actions on mobile */
+         }
+    </style>
+</head>
+<body>
+    <div class="container">
+        <a href="{{ url_for('admin_panel') }}" class="back-link">← Назад к списку пользователей</a>
+        <h1>Файлы пользователя</h1>
+        <div class="user-identifier">{{ user_info.first_name or '' }} {{ user_info.last_name or '' }} (ID: {{ user_id }})</div>
+
+        {% if files %}
+            <table class="file-table">
+                <thead>
+                    <tr>
+                        <th>Имя файла</th>
+                        <th>Размер</th>
+                        <th>Дата загрузки</th>
+                        <th>Тип</th>
+                        <th>Действия</th>
+                    </tr>
+                </thead>
+                <tbody>
+                    {% for file in files|sort(attribute='uploaded_at_ts', reverse=true) %}
+                        <tr>
+                            <td data-label="Имя файла" class="filename">{{ file.filename }}</td>
+                            <td data-label="Размер" class="filesize">{{ file.size | filesizeformat if file.size else 'N/A' }}</td>
+                            <td data-label="Дата" class="filedate">{{ file.uploaded_at_str or 'N/A' }}</td>
+                            <td data-label="Тип">{{ file.content_type or 'N/A' }}</td>
+                            <td data-label="Действия" class="actions">
+                                <a href="{{ url_for('admin_download_file', user_id=user_id, filename=file.filename) }}" target="_blank">Скачать</a>
+                            </td>
+                        </tr>
+                    {% endfor %}
+                </tbody>
+            </table>
+        {% else %}
+            <p class="no-files">У этого пользователя нет загруженных файлов.</p>
+        {% endif %}
+    </div>
+     <script>
+         // Simple filesize formatter (alternative to Jinja filter if needed)
+         function formatBytes(bytes, decimals = 2) {
+             if (!+bytes) return '0 Bytes'
+             const k = 1024
+             const dm = decimals < 0 ? 0 : decimals
+             const sizes = ['Bytes', 'KB', 'MB', 'GB', 'TB', 'PB', 'EB', 'ZB', 'YB']
+             const i = Math.floor(Math.log(bytes) / Math.log(k))
+             return `${parseFloat((bytes / Math.pow(k, i)).toFixed(dm))} ${sizes[i]}`
+         }
+         // Example usage: Add this if not using Jinja filter
+         // document.querySelectorAll('.filesize').forEach(el => {
+         //     const bytes = parseInt(el.getAttribute('data-bytes'), 10);
+         //     if (!isNaN(bytes)) {
+         //         el.textContent = formatBytes(bytes);
+         //     }
+         // });
+     </script>
+</body>
+</html>
+"""
+
+# --- Jinja Filters ---
+@app.template_filter('filesizeformat')
+def filesizeformat(value):
+    try:
+        bytes_val = int(value)
+        if bytes_val == 0: return '0 Bytes'
+        k = 1024
+        sizes = ['Bytes', 'KB', 'MB', 'GB', 'TB']
+        i = min(int(math.floor(math.log(bytes_val) / math.log(k))), len(sizes) - 1)
+        return f"{bytes_val / math.pow(k, i):.2f} {sizes[i]}"
+    except (ValueError, TypeError):
+        return value
+    except Exception: # Catch log(0) or other math errors
+        return 'N/A'
+
+import math # Needs import for the filter
+
 # --- Flask Routes ---
+
 @app.route('/')
 def index():
-    theme_params = {} # Let JS handle theme application
-    return render_template_string(TEMPLATE, theme=theme_params, max_files=MAX_FILES_PER_UPLOAD)
+    # Render the main user interface
+    # Theme params will be applied by JS after tg.ready()
+    return render_template_string(USER_TEMPLATE, theme={}, max_files=MAX_UPLOAD_FILES)
 
-@app.route('/verify', methods=['POST'])
-def verify_route():
+@app.route('/files', methods=['POST'])
+def get_user_files():
     req_data = request.get_json()
     init_data_str = req_data.get('initData')
     if not init_data_str:
-        return jsonify({"status": "error", "verified": False, "message": "Missing initData"}), 400
+        return jsonify({"status": "error", "message": "Missing initData"}), 400
 
-    user_data_parsed, is_valid, message = verify_telegram_data(init_data_str)
+    user_info, message = authenticate_and_get_user(init_data_str)
+    if not user_info:
+        return jsonify({"status": "error", "message": message}), 403
 
-    user_info_dict = {}
-    if user_data_parsed and 'user' in user_data_parsed:
-        try:
-            user_json_str = unquote(user_data_parsed['user'][0])
-            user_info_dict = json.loads(user_json_str)
-        except Exception as e:
-            logging.error(f"Could not parse user JSON in /verify: {e}")
-
-    if is_valid:
-        return jsonify({"status": "ok", "verified": True, "user": user_info_dict}), 200
-    else:
-        return jsonify({"status": "error", "verified": False, "message": message, "user": user_info_dict}), 403
+    user_id_str = str(user_info['id'])
+    with _data_lock:
+        user_data = metadata_cache.get(user_id_str, {})
+        files = user_data.get('files', [])
 
+    return jsonify({"status": "ok", "files": files}), 200
 
 @app.route('/upload', methods=['POST'])
 def upload_files():
-    if not HF_TOKEN_WRITE:
-        return jsonify({"status": "error", "message": "Функция загрузки недоступна (ошибка конфигурации сервера)."}), 503
-
     init_data_str = request.form.get('initData')
     if not init_data_str:
-        return jsonify({"status": "error", "message": "Ошибка авторизации: initData отсутствует."}), 400
+        return jsonify({"status": "error", "message": "Missing initData"}), 400
 
-    user_id = get_user_id_from_init_data(init_data_str)
-    if not user_id:
-        _, _, verification_message = verify_telegram_data(init_data_str) # Get specific reason
-        return jsonify({"status": "error", "message": f"Ошибка авторизации: {verification_message}"}), 403
+    user_info, message = authenticate_and_get_user(init_data_str)
+    if not user_info:
+        return jsonify({"status": "error", "message": message}), 403
+
+    user_id = user_info['id']
+    user_id_str = str(user_id)
 
-    files = request.files.getlist('files')
-    if not files:
-        return jsonify({"status": "error", "message": "Файлы для загрузки не найдены."}), 400
+    uploaded_files = request.files.getlist('files') # Key matches JS FormData
+    if not uploaded_files or len(uploaded_files) == 0:
+        return jsonify({"status": "error", "message": "No files selected for upload."}), 400
+    if len(uploaded_files) > MAX_UPLOAD_FILES:
+        return jsonify({"status": "error", "message": f"Cannot upload more than {MAX_UPLOAD_FILES} files at once."}), 400
 
-    if len(files) > MAX_FILES_PER_UPLOAD:
-         return jsonify({"status": "error", "message": f"Слишком много файлов. Максимум {MAX_FILES_PER_UPLOAD} за раз."}), 400
+    api = get_hf_api(write=True)
+    if not api:
+        return jsonify({"status": "error", "message": "Server error: Cannot connect to storage."}), 500
 
-    successful_uploads = 0
+    successful_uploads_metadata = []
     errors = []
-    user_folder = f"{HF_UPLOAD_FOLDER}/{user_id}"
 
-    for file in files:
-        if file and file.filename:
-            filename = secure_filename(file.filename)
-            path_in_repo = f"{user_folder}/{filename}"
-            try:
-                logging.info(f"Attempting to upload '{filename}' for user {user_id} to {REPO_ID}/{path_in_repo}")
-                # Pass file object directly
-                hf_api.upload_file(
-                    path_or_fileobj=file.stream, # Use file.stream
-                    path_in_repo=path_in_repo,
-                    repo_id=REPO_ID,
-                    repo_type="dataset",
-                    token=HF_TOKEN_WRITE,
-                    commit_message=f"Upload {filename} by user {user_id}"
-                )
-                successful_uploads += 1
-                logging.info(f"Successfully uploaded '{filename}' for user {user_id}")
-            except HfHubHTTPError as e:
-                 logging.error(f"HTTP error uploading {filename} for user {user_id}: {e}")
-                 # Check for specific errors like 413 Payload Too Large if needed
-                 errors.append(f"{filename}: Ошибка сервера ({e.response.status_code if e.response else 'N/A'})")
-            except Exception as e:
-                logging.exception(f"Error uploading {filename} for user {user_id}")
-                errors.append(f"{filename}: {e}")
-        else:
-            errors.append("Получен пустой файл")
+    for file_storage in uploaded_files:
+        filename = file_storage.filename
+        if not filename:
+            errors.append("Received a file without a name.")
+            continue
 
-    if successful_uploads > 0 and not errors:
-        return jsonify({"status": "ok", "message": f"Загружено {successful_uploads} файл(ов)."}), 200
-    elif successful_uploads > 0 and errors:
-        error_details = "; ".join(errors)
-        return jsonify({"status": "partial", "message": f"Загружено {successful_uploads} файл(ов). Ошибки: {error_details}"}), 207 # Multi-Status
-    else:
-        error_details = "; ".join(errors)
-        return jsonify({"status": "error", "message": f"Не удалось загрузить файлы. Ошибки: {error_details}"}), 500
+        path_in_repo = f"{HF_UPLOAD_FOLDER}/{user_id_str}/{filename}"
+        file_content = file_storage.read() # Read content into memory
+        file_size = len(file_content)
+        content_type, _ = mimetypes.guess_type(filename)
 
+        try:
+            logging.info(f"Uploading '{filename}' for user {user_id} to {path_in_repo}...")
+            # Use upload_file with path_or_fileobj=BytesIO(file_content)
+            file_obj = io.BytesIO(file_content)
+            api.upload_file(
+                path_or_fileobj=file_obj,
+                path_in_repo=path_in_repo,
+                repo_id=REPO_ID,
+                repo_type="dataset",
+                commit_message=f"User {user_id} uploaded {filename}"
+                # Consider adding run_as_future=True for concurrency if needed, but handle results
+            )
+            logging.info(f"Successfully uploaded '{filename}' for user {user_id}.")
+            now = time.time()
+            successful_uploads_metadata.append({
+                "filename": filename,
+                "hf_path": path_in_repo,
+                "uploaded_at_ts": now,
+                "uploaded_at_str": datetime.fromtimestamp(now).strftime('%Y-%m-%d %H:%M:%S'),
+                "size": file_size,
+                "content_type": content_type
+            })
+        except Exception as e:
+            logging.error(f"Failed to upload '{filename}' for user {user_id}: {e}", exc_info=True)
+            errors.append(f"Ошибка загрузки {filename}: {e}")
 
-@app.route('/list_files', methods=['POST'])
-def list_user_files():
-    if not HF_TOKEN_READ:
-         return jsonify({"status": "error", "message": "Функция просмотра файлов недоступна (ошибка конфигурации сервера)."}), 503
+    # Update metadata only if there were successful uploads
+    if successful_uploads_metadata:
+        if not update_user_file_metadata(user_id, successful_uploads_metadata):
+             # Add metadata update errors to the list shown to the user
+             errors.append("Ошибка обновления списка файлов после загрузки.")
 
-    req_data = request.get_json()
-    init_data_str = req_data.get('initData')
+    if not errors:
+        return jsonify({"status": "ok", "message": f"Загружено {len(successful_uploads_metadata)} файл(ов)."}), 200
+    else:
+        # Return partial success/error message
+        return jsonify({
+            "status": "error" if not successful_uploads_metadata else "partial_success",
+            "message": f"Загружено {len(successful_uploads_metadata)} из {len(uploaded_files)}. Ошибки: {'; '.join(errors)}",
+            "uploaded_files": [f['filename'] for f in successful_uploads_metadata],
+            "errors": errors
+        }), 207 # Multi-Status or choose appropriate code
+
+
+@app.route('/download/<path:filename>', methods=['GET'])
+def download_file(filename):
+    init_data_str = request.args.get('initData')
     if not init_data_str:
-        return jsonify({"status": "error", "message": "Ошибка авторизации: initData отсутствует."}), 400
+        return "Authentication required.", 401
 
-    user_id = get_user_id_from_init_data(init_data_str)
-    if not user_id:
-        _, _, verification_message = verify_telegram_data(init_data_str)
-        return jsonify({"status": "error", "message": f"Ошибка авторизации: {verification_message}"}), 403
+    user_info, message = authenticate_and_get_user(init_data_str)
+    if not user_info:
+        return f"Access denied: {message}", 403
 
-    user_folder = f"{HF_UPLOAD_FOLDER}/{user_id}"
-    files_list = []
+    user_id = user_info['id']
+    user_id_str = str(user_id)
 
-    try:
-        repo_files = list_repo_files(repo_id=REPO_ID, repo_type="dataset", token=HF_TOKEN_READ, path_in_repo=user_folder)
-
-        for file_path in repo_files:
-            # Ensure we only list files directly in the user's folder, not subfolders if any were created manually
-            if file_path.startswith(user_folder + "/") and file_path.count('/') == user_folder.count('/') + 1:
-                 filename = os.path.basename(file_path)
-                 file_url = f"https://huggingface.co/datasets/{REPO_ID}/resolve/main/{quote(file_path)}"
-                 files_list.append({
-                     "name": filename,
-                     "url": file_url,
-                     "path": file_path # Keep internal path if needed later
-                 })
-        return jsonify({"status": "ok", "files": files_list})
+    # Check if user actually owns this file according to metadata
+    with _data_lock:
+        user_data = metadata_cache.get(user_id_str, {})
+        user_files = user_data.get('files', [])
+        file_metadata = next((f for f in user_files if f['filename'] == filename), None)
+
+    if not file_metadata:
+        logging.warning(f"User {user_id} attempted to download unlisted/unowned file: {filename}")
+        return "File not found or access denied.", 404
+
+    api = get_hf_api(write=False)
+    if not api:
+        return "Server error: Cannot connect to storage.", 500
 
+    path_in_repo = file_metadata.get('hf_path', f"{HF_UPLOAD_FOLDER}/{user_id_str}/{filename}")
+
+    try:
+        logging.info(f"User {user_id} requesting download of {path_in_repo}")
+        # Download the file from HF Hub to the server's cache
+        local_file_path = hf_hub_download(
+            repo_id=REPO_ID,
+            filename=path_in_repo,
+            repo_type="dataset",
+            token=api.token,
+            # local_dir=".", # Let it use the default HF cache
+            # local_dir_use_symlinks=False,
+            force_download=False, # Use cache if available
+            etag_timeout=10
+        )
+        logging.info(f"File {path_in_repo} downloaded to cache: {local_file_path}")
+
+        # Send the file from the cache path
+        # Guess mimetype again for safety, or use stored one
+        content_type = file_metadata.get('content_type') or mimetypes.guess_type(filename)[0] or 'application/octet-stream'
+
+        return send_file(
+            local_file_path,
+            mimetype=content_type,
+            as_attachment=False, # Try to display inline first for media
+            download_name=filename # Original filename for download prompt
+        )
+
+    except EntryNotFoundError:
+        logging.error(f"File not found on Hugging Face: {path_in_repo}")
+        return "File not found on storage.", 404
     except RepositoryNotFoundError:
-         logging.warning(f"Repository {REPO_ID} or user folder {user_folder} not found.")
-         # This is expected if the user hasn't uploaded anything yet, return empty list
-         return jsonify({"status": "ok", "files": []})
+        logging.error(f"Repository not found: {REPO_ID}")
+        return "Storage repository not found.", 500
     except Exception as e:
-        logging.exception(f"Error listing files for user {user_id}")
-        return jsonify({"status": "error", "message": f"Не удалось получить список файлов: {e}"}), 500
+        logging.error(f"Error downloading file {path_in_repo} for user {user_id}: {e}", exc_info=True)
+        return "Server error during download.", 500
+
+
+# --- Admin Routes ---
+# WARNING: These routes are unprotected! Add proper authentication.
+
+@app.route('/admin')
+def admin_panel():
+    current_data = load_local_metadata() # Load latest from cache/local file
+    return render_template_string(ADMIN_TEMPLATE, users=current_data)
+
+@app.route('/admin/user/<user_id>')
+def admin_user_files(user_id):
+    current_data = load_local_metadata()
+    user_data = current_data.get(str(user_id))
+    if not user_data:
+        return "User not found", 404
+
+    user_info = user_data.get("user_info", {"id": user_id}) # Basic info for display
+    files = user_data.get("files", [])
+
+    return render_template_string(ADMIN_USER_FILES_TEMPLATE,
+                                  user_id=user_id,
+                                  user_info=user_info,
+                                  files=files)
+
+@app.route('/admin/download/<user_id>/<path:filename>', methods=['GET'])
+def admin_download_file(user_id, filename):
+    # WARNING: Add admin authentication check here!
+    user_id_str = str(user_id)
+    logging.info(f"Admin request to download file '{filename}' for user {user_id}")
+
+    api = get_hf_api(write=False)
+    if not api:
+        return "Server error: Cannot connect to storage.", 500
+
+    # Find the file path from metadata if possible for accuracy
+    path_in_repo = f"{HF_UPLOAD_FOLDER}/{user_id_str}/{filename}" # Default assumption
+    with _data_lock:
+        user_data = metadata_cache.get(user_id_str, {})
+        user_files = user_data.get('files', [])
+        file_metadata = next((f for f in user_files if f['filename'] == filename), None)
+        if file_metadata and 'hf_path' in file_metadata:
+             path_in_repo = file_metadata['hf_path']
 
+    try:
+        local_file_path = hf_hub_download(
+            repo_id=REPO_ID,
+            filename=path_in_repo,
+            repo_type="dataset",
+            token=api.token,
+            force_download=False,
+            etag_timeout=10
+        )
+        logging.info(f"Admin download: File {path_in_repo} cached at {local_file_path}")
+
+        content_type = mimetypes.guess_type(filename)[0] or 'application/octet-stream'
+        if file_metadata and 'content_type' in file_metadata:
+             content_type = file_metadata['content_type'] or content_type
+
+        return send_file(
+            local_file_path,
+            mimetype=content_type,
+            as_attachment=True, # Force download for admin
+            download_name=filename
+        )
+    except EntryNotFoundError:
+        logging.error(f"Admin download: File not found on Hugging Face: {path_in_repo}")
+        return "File not found on storage.", 404
+    except Exception as e:
+        logging.error(f"Admin download: Error for file {path_in_repo}: {e}", exc_info=True)
+        return "Server error during download.", 500
+
+@app.route('/admin/download_metadata', methods=['POST'])
+def admin_trigger_download_metadata():
+    # WARNING: Unprotected endpoint
+    success = download_metadata_from_hf()
+    if success:
+         return jsonify({"status": "ok", "message": "Скачивание data.json с Hugging Face завершено. Обновите страницу."})
+    else:
+         return jsonify({"status": "error", "message": "Ошибка скачивания data.json. Проверьте логи."}), 500
+
+# Removed admin upload metadata trigger - upload happens automatically on save
 
 # --- App Initialization ---
 if __name__ == '__main__':
     print("---")
     print("--- ZEUS CLOUD MINI APP SERVER ---")
     print("---")
-    print(f"Flask server starting on http://{HOST}:{PORT}")
+    print(f"Starting Flask server on http://{HOST}:{PORT}")
     print(f"Using Bot Token ID: {BOT_TOKEN.split(':')[0]}")
+    print(f"Metadata file (local): {DATA_FILE}")
     print(f"Hugging Face Repo: {REPO_ID}")
-    print(f"HF Upload Folder: {HF_UPLOAD_FOLDER}")
+    print(f"HF Metadata Path: {HF_DATA_FILE_PATH}")
+    print(f"HF Upload Folder: {HF_UPLOAD_FOLDER}/<user_id>/")
+
     if not HF_TOKEN_READ or not HF_TOKEN_WRITE:
          print("---")
          print("--- WARNING: HUGGING FACE TOKEN(S) NOT SET ---")
-         print("--- File upload/listing WILL NOT WORK. Set HF_TOKEN_READ and HF_TOKEN_WRITE environment variables.")
+         print("--- Storage functionality requires HF_TOKEN_READ and HF_TOKEN_WRITE env vars.")
          print("---")
     else:
          print("--- Hugging Face tokens found.")
+         print("--- Attempting initial metadata download from Hugging Face...")
+         download_metadata_from_hf() # Attempt to get latest metadata on startup
+
+    # Load initial data from local file (might have been updated by download)
+    load_local_metadata()
+    print(f"--- Initial metadata cache loaded with {len(metadata_cache)} user(s).")
 
+    print("---")
+    print("--- SECURITY WARNING ---")
+    print("--- The /admin routes are NOT protected by authentication.")
+    print("--- Implement proper auth before any production deployment.")
+    print("---")
     print("--- Server Ready ---")
-    # Use a production server like Waitress or Gunicorn instead of app.run() for deployment
+
+    # Use Waitress or Gunicorn for production
     # from waitress import serve
     # serve(app, host=HOST, port=PORT)
-    app.run(host=HOST, port=PORT, debug=False)
\ No newline at end of file
+    app.run(host=HOST, port=PORT, debug=False, threaded=True) # threaded=True useful for async tasks like HF uploads
\ No newline at end of file