Update app.py

app.py

@@ -14,11 +14,12 @@ from werkzeug.utils import secure_filename
 import requests
 from io import BytesIO
 import uuid
+from typing import Union, Optional # <-- Импорт добавлен
 
 # --- Configuration ---
 app = Flask(__name__)
 app.secret_key = os.getenv("FLASK_SECRET_KEY", "supersecretkey_mini_app_unique")
-BOT_TOKEN = os.getenv('TELEGRAM_BOT_TOKEN', '6750208873:AAE2hvPlJ99dBdhGa_Brre0IIpUdOvXxHt4') # MUST be set
+BOT_TOKEN = os.getenv('TELEGRAM_BOT_TOKEN', 'YOUR_BOT_TOKEN') # MUST be set
 DATA_FILE = 'cloudeng_mini_app_data.json'
 REPO_ID = "Eluza133/Z1e1u" # Same HF Repo
 HF_TOKEN_WRITE = os.getenv("HF_TOKEN")
@@ -62,7 +63,6 @@ def add_node(filesystem, parent_id, node_data):
     if parent_node and parent_node.get('type') == 'folder':
         if 'children' not in parent_node:
             parent_node['children'] = []
-        # Prevent adding duplicates by id
         existing_ids = {child.get('id') for child in parent_node['children']}
         if node_data.get('id') not in existing_ids:
             parent_node['children'].append(node_data)
@@ -74,8 +74,7 @@ def remove_node(filesystem, node_id):
     if node_to_remove and parent_node and 'children' in parent_node:
         original_length = len(parent_node['children'])
         parent_node['children'] = [child for child in parent_node['children'] if child.get('id') != node_id]
-        return len(parent_node['children']) < original_length # Return True if something was removed
-    # Handle root node deletion attempt (should not happen normally)
+        return len(parent_node['children']) < original_length
     if node_to_remove and node_id == filesystem.get('id'):
         logging.warning("Attempted to remove root node directly.")
         return False
@@ -84,9 +83,7 @@ def remove_node(filesystem, node_id):
 def get_node_path_list(filesystem, node_id):
     path_list = []
     current_id = node_id
-
     processed_ids = set()
-
     while current_id and current_id not in processed_ids:
         processed_ids.add(current_id)
         node, parent = find_node_by_id(filesystem, current_id)
@@ -99,26 +96,20 @@ def get_node_path_list(filesystem, node_id):
         if not parent:
              break
         parent_id = parent.get('id')
-        if parent_id == current_id: # Prevent infinite loop if parent is self
+        if parent_id == current_id:
              logging.error(f"Filesystem loop detected at node {current_id}")
              break
         current_id = parent_id
-
-    # Ensure root is always first if found, otherwise add default root
     if not any(p['id'] == 'root' for p in path_list):
         path_list.append({'id': 'root', 'name': 'Root'})
-
-    # Filter out potential duplicates while preserving order, then reverse
     final_path = []
     seen_ids = set()
     for item in reversed(path_list):
          if item['id'] not in seen_ids:
               final_path.append(item)
               seen_ids.add(item['id'])
-
     return final_path
 
-
 def initialize_user_filesystem(user_data):
     if 'filesystem' not in user_data or not isinstance(user_data['filesystem'], dict):
         user_data['filesystem'] = {
@@ -129,7 +120,7 @@ def initialize_user_filesystem(user_data):
         }
 
 # --- Data Loading/Saving ---
-@cache.memoize(timeout=120) # Cache for 2 minutes
+@cache.memoize(timeout=120)
 def load_data():
     try:
         download_db_from_hf()
@@ -139,7 +130,6 @@ def load_data():
                 logging.warning("Data file is not a dict, initializing empty.")
                 return {'users': {}}
             data.setdefault('users', {})
-            # Ensure all users have a valid filesystem structure
             for user_id, user_data in data['users'].items():
                 initialize_user_filesystem(user_data)
             logging.info("Data loaded and filesystems checked/initialized.")
@@ -158,14 +148,11 @@ def save_data(data):
     try:
         with open(DATA_FILE, 'w', encoding='utf-8') as file:
             json.dump(data, file, ensure_ascii=False, indent=4)
-        # Upload immediately after saving
         upload_db_to_hf()
-        cache.clear() # Clear cache after saving
+        cache.clear()
         logging.info("Data saved locally and upload to HF initiated.")
     except Exception as e:
         logging.error(f"Error saving data: {e}")
-        # Consider not raising here to potentially allow app to continue
-        # raise
 
 def upload_db_to_hf():
     if not HF_TOKEN_WRITE:
@@ -180,7 +167,7 @@ def upload_db_to_hf():
             repo_type="dataset",
             token=HF_TOKEN_WRITE,
             commit_message=f"Backup MiniApp {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}",
-            run_as_future=True # Upload in background
+            run_as_future=True
         )
         logging.info("Database upload to Hugging Face scheduled.")
     except Exception as e:
@@ -202,8 +189,8 @@ def download_db_from_hf():
             token=HF_TOKEN_READ,
             local_dir=".",
             local_dir_use_symlinks=False,
-            force_download=True, # Ensure we get the latest
-            etag_timeout=10 # Short timeout for checking freshness
+            force_download=True,
+            etag_timeout=10
         )
         logging.info("Database downloaded from Hugging Face")
     except hf_utils.RepositoryNotFoundError:
@@ -232,7 +219,8 @@ def get_file_type(filename):
     return 'other'
 
 # --- Telegram Validation ---
-def check_telegram_authorization(auth_data: str, bot_token: str) -> dict | None:
+# Use Optional[dict] which is equivalent to Union[dict, None]
+def check_telegram_authorization(auth_data: str, bot_token: str) -> Optional[dict]:
     if not auth_data or not bot_token or bot_token == 'YOUR_BOT_TOKEN':
         logging.warning("Validation skipped: Missing auth_data or valid BOT_TOKEN.")
         return None
@@ -469,7 +457,6 @@ HTML_TEMPLATE = """
                 showError("Ошибка: Данные авторизации отсутствуют.");
                 throw new Error("Not authenticated");
             }
-            // Include initData in every authenticated request
             body.initData = validatedInitData;
 
             try {
@@ -521,7 +508,6 @@ HTML_TEMPLATE = """
              flashDiv.textContent = message;
              flashContainerEl.innerHTML = ''; // Clear previous messages
              flashContainerEl.appendChild(flashDiv);
-             // Auto-remove after 5 seconds
              setTimeout(() => {
                  if (flashDiv.parentNode === flashContainerEl) {
                       flashContainerEl.removeChild(flashDiv);
@@ -564,24 +550,21 @@ HTML_TEMPLATE = """
                 let previewHtml = '';
                 let actionsHtml = '';
                 let filenameDisplay = item.original_filename || item.name || 'Unnamed';
-
-                // Truncate long filenames for display
                 const maxLen = 25;
                 let truncatedFilename = filenameDisplay.length > maxLen
                     ? filenameDisplay.substring(0, maxLen - 3) + '...'
                     : filenameDisplay;
 
-
                 if (item.type === 'folder') {
                     previewHtml = `<a href="#" class="item-preview" title="Перейти в папку ${item.name}" onclick="event.preventDefault(); loadFolderContent('${item.id}')">📁</a>`;
                     actionsHtml = `
                         <button class="btn folder-btn" onclick="loadFolderContent('${item.id}')">Открыть</button>
                         <button class="btn delete-btn" onclick="deleteFolder('${item.id}', '${item.name}')">Удалить</button>
                     `;
-                    truncatedFilename = item.name; // Use folder name
+                    truncatedFilename = item.name;
                 } else if (item.type === 'file') {
                     const previewable = ['image', 'video', 'pdf', 'text'].includes(item.file_type);
-                    const dlUrl = `/download/${item.id}`; // Simple download URL
+                    const dlUrl = `/download/${item.id}`;
                     let viewFuncCall = '';
 
                     if (item.file_type === 'image') {
@@ -625,9 +608,11 @@ HTML_TEMPLATE = """
             modal.style.display = 'flex';
 
             try {
-                // For PDF, use Google Docs viewer for broader compatibility
                 if (type === 'pdf') {
-                    modalContent.innerHTML = `<iframe src="https://docs.google.com/gview?url=${encodeURIComponent(window.location.origin + srcOrUrl)}&embedded=true" title="Просмотр PDF"></iframe>`;
+                     // Check if running inside Telegram, if so, maybe open externally?
+                     // Or use a viewer that works well in iframe like PDF.js (more complex setup)
+                     // Using Google Docs viewer as a common fallback:
+                     modalContent.innerHTML = `<iframe src="https://docs.google.com/gview?url=${encodeURIComponent(window.location.origin + srcOrUrl)}&embedded=true" title="Просмотр PDF"></iframe>`;
                 } else if (type === 'image') {
                     modalContent.innerHTML = `<img src="${srcOrUrl}" alt="Просмотр изображения">`;
                 } else if (type === 'video') {
@@ -650,7 +635,6 @@ HTML_TEMPLATE = """
 
         function closeModal(event) {
             const modal = document.getElementById('mediaModal');
-            // Close if clicking on the background, not the content itself
             if (event.target === modal) {
                 closeModalManual();
             }
@@ -660,10 +644,10 @@ HTML_TEMPLATE = """
             const modal = document.getElementById('mediaModal');
             modal.style.display = 'none';
             const video = modal.querySelector('video');
-            if (video) { video.pause(); video.src = ''; } // Stop playback and clear source
+            if (video) { video.pause(); video.src = ''; }
             const iframe = modal.querySelector('iframe');
-            if (iframe) iframe.src = 'about:blank'; // Clear iframe
-            document.getElementById('modalContent').innerHTML = ''; // Clear content
+            if (iframe) iframe.src = 'about:blank';
+            document.getElementById('modalContent').innerHTML = '';
         }
 
         // --- Folder Operations ---
@@ -675,7 +659,7 @@ HTML_TEMPLATE = """
                 if (data.status === 'ok') {
                      currentItems = data.items || [];
                      renderBreadcrumbs(data.breadcrumbs || [{'id': 'root', 'name': 'Root'}]);
-                     renderItems(currentItems.sort((a, b) => (a.type !== 'folder') - (b.type !== 'folder') || a.name.localeCompare(b.name))); // Folders first, then by name
+                     renderItems(currentItems.sort((a, b) => (a.type !== 'folder') - (b.type !== 'folder') || (a.name || a.original_filename || '').localeCompare(b.name || b.original_filename || '')));
                 } else {
                     showFlash(data.message || 'Не удалось загрузить содержимое папки.', 'error');
                 }
@@ -719,40 +703,45 @@ HTML_TEMPLATE = """
         }
 
         async function deleteFolder(folderId, folderName) {
-            if (!confirm(`Вы уверены, что хотите удалить папку "${folderName}"? Папку можно удалить только если она пуста.`)) {
-                return;
-            }
-            try {
-                 const data = await apiCall(`/delete_folder/${folderId}`, 'POST', { current_folder_id: currentFolderId });
-                 if (data.status === 'ok') {
-                     showFlash(`Папка "${folderName}" удалена.`);
-                     loadFolderContent(currentFolderId); // Refresh
-                 } else {
-                     showFlash(data.message || 'Не удалось удалить папку.', 'error');
-                 }
-             } catch (error) {
-                  // Error handled by apiCall
-             }
+            // Check if folder is empty client-side (optional optimization)
+            // const folderIsEmpty = !currentItems.some(item => item.parent_id === folderId);
+            // if (!folderIsEmpty) { showFlash('Папку можно удалить только если она пуста (клиентская проверка).', 'error'); return; }
+
+            tg.showConfirm(`Вы уверены, что хотите удалить папку "${folderName}"? Папку можно удалить только если она пуста.`, async (confirmed) => {
+                if (confirmed) {
+                    try {
+                         const data = await apiCall(`/delete_folder/${folderId}`, 'POST', { current_folder_id: currentFolderId });
+                         if (data.status === 'ok') {
+                             showFlash(`Папка "${folderName}" удалена.`);
+                             loadFolderContent(currentFolderId); // Refresh
+                         } else {
+                             showFlash(data.message || 'Не удалось удалить папку.', 'error');
+                         }
+                     } catch (error) {
+                          // Error handled by apiCall
+                     }
+                }
+            });
         }
 
          async function deleteFile(fileId, fileName) {
-            if (!confirm(`Вы уверены, что хотите удалить файл "${fileName}"?`)) {
-                return;
-            }
-             try {
-                 const data = await apiCall(`/delete_file/${fileId}`, 'POST', { current_folder_id: currentFolderId });
-                 if (data.status === 'ok') {
-                     showFlash(`Файл "${fileName}" удален.`);
-                     loadFolderContent(currentFolderId); // Refresh
-                 } else {
-                     showFlash(data.message || 'Не удалось удалить файл.', 'error');
+             tg.showConfirm(`Вы уверены, что хотите удалить файл "${fileName}"?`, async (confirmed) => {
+                 if (confirmed) {
+                     try {
+                         const data = await apiCall(`/delete_file/${fileId}`, 'POST', { current_folder_id: currentFolderId });
+                         if (data.status === 'ok') {
+                             showFlash(`Файл "${fileName}" удален.`);
+                             loadFolderContent(currentFolderId); // Refresh
+                         } else {
+                             showFlash(data.message || 'Не удалось удалить файл.', 'error');
+                         }
+                     } catch (error) {
+                          // Error handled by apiCall
+                     }
                  }
-             } catch (error) {
-                  // Error handled by apiCall
-             }
+             });
         }
 
-
         // --- File Upload ---
         function handleFileUpload(event) {
              event.preventDefault();
@@ -777,7 +766,7 @@ HTML_TEMPLATE = """
                  formData.append('files', files[i]);
              }
              formData.append('current_folder_id', currentFolderId);
-             formData.append('initData', validatedInitData); // Add initData here
+             formData.append('initData', validatedInitData);
 
              const xhr = new XMLHttpRequest();
 
@@ -793,7 +782,7 @@ HTML_TEMPLATE = """
                  uploadBtn.disabled = false;
                  uploadBtn.textContent = 'Загрузить файлы сюда';
                  progressContainer.style.display = 'none';
-                 fileInput.value = ''; // Reset file input
+                 fileInput.value = '';
 
                  if (xhr.status >= 200 && xhr.status < 300) {
                      try {
@@ -827,7 +816,6 @@ HTML_TEMPLATE = """
              });
 
              xhr.open('POST', '/upload', true);
-             // Do not set Content-Type, browser will set it correctly for FormData
              xhr.send(formData);
         }
 
@@ -836,7 +824,6 @@ HTML_TEMPLATE = """
         function initializeApp() {
             tg.ready();
             tg.expand();
-            // Set background color based on theme
             document.body.style.backgroundColor = tg.themeParams.bg_color || '#ffffff';
             tg.setHeaderColor(tg.themeParams.secondary_bg_color || '#f1f1f1');
 
@@ -844,9 +831,8 @@ HTML_TEMPLATE = """
                  showError("Ошибка: Не удалось получить данные авторизации Telegram (initData). Попробуйте перезапустить Mini App.");
                  return;
             }
-            validatedInitData = tg.initData; // Store raw initData
+            validatedInitData = tg.initData;
 
-             // Validate initData with backend
              fetch('/validate_init_data', {
                  method: 'POST',
                  headers: { 'Content-Type': 'application/json' },
@@ -856,9 +842,9 @@ HTML_TEMPLATE = """
              .then(data => {
                  if (data.status === 'ok' && data.user) {
                      currentUser = data.user;
-                     userInfoHeaderEl.textContent = `Пользователь: ${currentUser.first_name || ''} ${currentUser.last_name || ''} (@${currentUser.username || currentUser.id})`;
+                     userInfoHeaderEl.textContent = `User: ${currentUser.first_name || ''} ${currentUser.last_name || ''} (@${currentUser.username || currentUser.id})`;
                      showAppContent();
-                     loadFolderContent('root'); // Load root folder initially
+                     loadFolderContent('root');
                  } else {
                      throw new Error(data.message || 'Не удалось верифицировать пользователя.');
                  }
@@ -866,23 +852,23 @@ HTML_TEMPLATE = """
              .catch(error => {
                  console.error("Validation failed:", error);
                  showError(`Ошибка авторизации: ${error.message}. Попробуйте перезапустить.`);
-                 validatedInitData = null; // Invalidate data on error
+                 validatedInitData = null;
              });
 
-            // Add event listeners
             uploadForm.addEventListener('submit', handleFileUpload);
             createFolderBtn.addEventListener('click', handleCreateFolder);
 
-            // Handle back button (optional, can conflict with folder navigation)
+            // Optional: Back button handling
             // tg.BackButton.onClick(() => {
-            //     // Implement back navigation logic if needed, e.g., go to parent folder
-            //     console.log("Back button clicked");
+            //    const currentPath = getPathFromBreadcrumbs(); // Need function to get path array
+            //    if (currentPath.length > 1) {
+            //        const parentFolder = currentPath[currentPath.length - 2];
+            //        loadFolderContent(parentFolder.id);
+            //    } else {
+            //        // Optionally close app or do nothing at root
+            //    }
             // });
-            // if (currentFolderId !== 'root') {
-            //     tg.BackButton.show();
-            // } else {
-            //     tg.BackButton.hide();
-            // }
+             // Show/hide back button based on current folder depth
         }
 
         // --- Start the App ---
@@ -919,24 +905,22 @@ def validate_init_data():
         if tg_user_id not in users:
             logging.info(f"New user detected: {tg_user_id}. Initializing filesystem.")
             users[tg_user_id] = {
-                'user_info': user_info, # Store basic TG info
+                'user_info': user_info,
                 'created_at': datetime.now().strftime('%Y-%m-%d %H:%M:%S')
             }
             initialize_user_filesystem(users[tg_user_id])
             try:
-                save_data(db_data) # Save immediately for new user
+                save_data(db_data)
             except Exception as e:
                  logging.error(f"Failed to save data for new user {tg_user_id}: {e}")
-                 # Allow login but maybe show warning later? Or deny login?
                  return jsonify({"status": "error", "message": "Ошибка сохранения данных нового пользователя."}), 500
-        elif 'user_info' not in users[tg_user_id]: # Update user info if missing
+        elif 'user_info' not in users[tg_user_id] or users[tg_user_id]['user_info'].get('username') != user_info.get('username'): # Update user info if missing or changed
             users[tg_user_id]['user_info'] = user_info
             try:
                 save_data(db_data)
             except Exception as e:
                 logging.warning(f"Failed to update user_info for {tg_user_id}: {e}")
 
-        # Ensure filesystem is initialized for existing users too (backward compatibility)
         if 'filesystem' not in users[tg_user_id]:
              initialize_user_filesystem(users[tg_user_id])
              try:
@@ -944,7 +928,6 @@ def validate_init_data():
              except Exception as e:
                  logging.warning(f"Failed to initialize filesystem for existing user {tg_user_id}: {e}")
 
-
         return jsonify({"status": "ok", "user": user_info})
     else:
         logging.warning(f"Validation failed for initData: {init_data[:100]}...")
@@ -975,16 +958,15 @@ def get_dashboard_data():
 
     if not current_folder or current_folder.get('type') != 'folder':
         logging.warning(f"Folder {folder_id} not found for user {tg_user_id}. Defaulting to root.")
-        folder_id = 'root' # Default to root if invalid folder requested
+        folder_id = 'root'
         current_folder, _ = find_node_by_id(user_data['filesystem'], folder_id)
-        if not current_folder: # Should not happen if root always exists
+        if not current_folder:
              logging.error(f"CRITICAL: Root folder not found for user {tg_user_id}")
              return jsonify({"status": "error", "message": "Критическая ошибка: Корневая папка отсутствует"}), 500
 
     items_in_folder = current_folder.get('children', [])
     breadcrumbs = get_node_path_list(user_data['filesystem'], folder_id)
 
-    # Prepare data for JSON (avoid sending huge structures if possible)
     current_folder_info = {
         'id': current_folder.get('id'),
         'name': current_folder.get('name', 'Root')
@@ -1042,7 +1024,6 @@ def upload_files():
             unique_filename = f"{name_part}_{unique_suffix}{ext_part}"
             file_id = uuid.uuid4().hex
 
-            # Use TG User ID in the path
             hf_path = f"cloud_files/{tg_user_id}/{current_folder_id}/{unique_filename}"
             temp_path = os.path.join(UPLOAD_FOLDER, f"{file_id}_{unique_filename}")
 
@@ -1065,10 +1046,9 @@ def upload_files():
                     uploaded_count += 1
                     needs_save = True
                 else:
-                    # This case (add_node failing after folder check) should be rare
                     errors.append(f"Ошибка добавления метаданных для {original_filename}.")
                     logging.error(f"Failed add_node for {file_id} to {current_folder_id} for {tg_user_id}")
-                    try: # Attempt to clean up orphaned HF file
+                    try:
                          api.delete_file(path_in_repo=hf_path, repo_id=REPO_ID, repo_type="dataset", token=HF_TOKEN_WRITE)
                     except Exception as del_err:
                          logging.error(f"Failed deleting orphaned HF file {hf_path}: {del_err}")
@@ -1093,7 +1073,7 @@ def upload_files():
         final_message += " Ошибки: " + "; ".join(errors)
 
     return jsonify({
-        "status": "ok" if not errors else "error", # Consider status based on errors
+        "status": "ok" if not errors else "error",
         "message": final_message
     })
 
@@ -1115,8 +1095,13 @@ def create_folder():
 
     if not folder_name:
         return jsonify({'status': 'error', 'message': 'Имя папки не может быть пустым!'}), 400
+    # Relaxed validation - check disallowed chars instead? Let's keep simpler for now.
     if not folder_name.replace(' ', '').replace('-', '').replace('_', '').isalnum():
-        return jsonify({'status': 'error', 'message': 'Имя папки содержит недопустимые символы.'}), 400
+         if '/' in folder_name or '\\' in folder_name or ':' in folder_name: # Basic check
+             return jsonify({'status': 'error', 'message': 'Имя папки содержит недопустимые символы.'}), 400
+         # Allow broader names if basic check passes
+         logging.warning(f"Folder name '{folder_name}' contains non-alphanumeric/space/dash/underscore characters, but allowing.")
+
 
     db_data = load_data()
     user_data = db_data.get('users', {}).get(tg_user_id)
@@ -1135,26 +1120,18 @@ def create_folder():
             return jsonify({'status': 'ok', 'message': f'Папка "{folder_name}" создана.'})
         except Exception as e:
             logging.error(f"Create folder save error ({tg_user_id}): {e}")
-            # Attempt to remove node if save failed? Complex recovery.
             return jsonify({'status': 'error', 'message': 'Ошибка сохранения данных.'}), 500
     else:
-        # Could fail if parent_folder_id is invalid or already contains that ID (UUID collision unlikely)
         return jsonify({'status': 'error', 'message': 'Не удалось найти родительскую папку или добавить узел.'}), 400
 
 
 @app.route('/download/<file_id>')
 def download_file_route(file_id):
-    """ Serves the file for download. NO AUTH HERE - relies on unguessable ID and/or public repo. """
-    # Security Note: This route currently lacks explicit auth per request.
-    # Assumes file_id is hard to guess. For private repos, access depends
-    # solely on HF_TOKEN_READ being correctly configured and the repo permissions.
-    # A more secure approach would involve validating initData or a temporary token first.
-
-    db_data = load_data() # Load data to find file path
+    """ Serves the file for download. NO AUTH HERE. """
+    db_data = load_data()
     file_node = None
     owner_user_id = None
 
-    # Search across all users (less efficient, but needed without user context)
     for user_id, user_data in db_data.get('users', {}).items():
          if 'filesystem' in user_data:
              node, _ = find_node_by_id(user_data['filesystem'], file_id)
@@ -1180,14 +1157,17 @@ def download_file_route(file_id):
         if HF_TOKEN_READ:
             headers["authorization"] = f"Bearer {HF_TOKEN_READ}"
 
-        # Use stream=True for potentially large files
-        response = requests.get(file_url, headers=headers, stream=True, timeout=30) # 30 sec timeout
-        response.raise_for_status() # Check for 4xx/5xx errors
+        response = requests.get(file_url, headers=headers, stream=True, timeout=30)
+        response.raise_for_status()
+
+        # Use Content-Disposition header for filename
+        encoded_filename = urlencode({'filename': original_filename})[9:] # Crude but often works
+        # A more robust way involves RFC 6266 encoding, but keep it simple
+        disposition = f"attachment; filename=\"{original_filename}\"; filename*=UTF-8''{encoded_filename}"
 
-        # Stream the response
         return Response(response.iter_content(chunk_size=8192),
                         mimetype=response.headers.get('Content-Type', 'application/octet-stream'),
-                        headers={"Content-Disposition": f"attachment; filename=\"{original_filename}\""})
+                        headers={"Content-Disposition": disposition})
 
     except requests.exceptions.RequestException as e:
         logging.error(f"Error downloading file from HF ({hf_path}, owner: {owner_user_id}): {e}")
@@ -1202,7 +1182,7 @@ def download_file_route(file_id):
 def delete_file_route(file_id):
     """ Deletes a file for the validated user. """
     data = request.get_json()
-    if not data or 'initData' not in data or 'current_folder_id' not in data: # current_folder_id used for context/logging
+    if not data or 'initData' not in data or 'current_folder_id' not in data:
         return jsonify({"status": "error", "message": "Неполный запрос"}), 400
 
     user_info = check_telegram_authorization(data['initData'], BOT_TOKEN)
@@ -1228,7 +1208,6 @@ def delete_file_route(file_id):
     original_filename = file_node.get('original_filename', 'файл')
     needs_save = False
 
-    # Attempt HF deletion first (if path exists)
     if hf_path:
         try:
             api = HfApi()
@@ -1239,19 +1218,16 @@ def delete_file_route(file_id):
             logging.info(f"Deleted file {hf_path} from HF Hub for user {tg_user_id}")
         except hf_utils.EntryNotFoundError:
             logging.warning(f"File {hf_path} not found on HF Hub for delete attempt ({tg_user_id}).")
-            # Continue to remove from DB anyway
         except Exception as e:
             logging.error(f"Error deleting file from HF Hub ({hf_path}, {tg_user_id}): {e}")
-            return jsonify({'status': 'error', 'message': f'Ошибка удаления файла с сервера: {e}'}), 500
+            # Don't stop here, still try to remove from DB
+            # return jsonify({'status': 'error', 'message': f'Ошибка удаления файла с сервера: {e}'}), 500
 
-    # Remove from DB structure
     if remove_node(user_data['filesystem'], file_id):
         needs_save = True
         logging.info(f"Removed file node {file_id} from DB for user {tg_user_id}")
     else:
-        # This would be strange if find_node_by_id succeeded earlier
         logging.error(f"Failed to remove file node {file_id} from DB structure for {tg_user_id} after HF delete.")
-        # Potentially inconsistent state, but proceed.
 
     if needs_save:
         try:
@@ -1261,11 +1237,9 @@ def delete_file_route(file_id):
             logging.error(f"Delete file DB save error ({tg_user_id}): {e}")
             return jsonify({'status': 'error', 'message': 'Файл удален с сервера, но ошибка сохранения ��азы данных.'}), 500
     else:
-        # If HF path was missing and remove_node failed (e.g., file not found initially)
          return jsonify({'status': 'error', 'message': 'Файл не найден в базе данных для удаления.'}), 404
 
 
-
 @app.route('/delete_folder/<folder_id>', methods=['POST'])
 def delete_folder_route(folder_id):
     """ Deletes an empty folder for the validated user. """
@@ -1273,7 +1247,7 @@ def delete_folder_route(folder_id):
          return jsonify({'status': 'error', 'message': 'Нельзя удалить корневую папку!'}), 400
 
     data = request.get_json()
-    if not data or 'initData' not in data or 'current_folder_id' not in data: # current_folder_id is parent context
+    if not data or 'initData' not in data or 'current_folder_id' not in data:
          return jsonify({"status": "error", "message": "Неполный запрос"}), 400
 
     user_info = check_telegram_authorization(data['initData'], BOT_TOKEN)
@@ -1297,9 +1271,6 @@ def delete_folder_route(folder_id):
     if folder_node.get('children'):
         return jsonify({'status': 'error', 'message': f'Папку "{folder_name}" можно удалить только если она пуста.'}), 400
 
-    # Note: We don't explicitly delete folders on HF Hub here, as HF manages directories implicitly.
-    # If the folder structure on HF needs cleanup, it might require separate logic or rely on deleting parent folders.
-
     if remove_node(user_data['filesystem'], folder_id):
         try:
             save_data(db_data)
@@ -1314,7 +1285,7 @@ def delete_folder_route(folder_id):
 
 @app.route('/get_text_content/<file_id>')
 def get_text_content_route(file_id):
-    """ Serves text file content. NO AUTH HERE - see download route notes. """
+    """ Serves text file content. NO AUTH HERE. """
     db_data = load_data()
     file_node = None
     owner_user_id = None
@@ -1341,27 +1312,26 @@ def get_text_content_route(file_id):
         if HF_TOKEN_READ:
             headers["authorization"] = f"Bearer {HF_TOKEN_READ}"
 
-        response = requests.get(file_url, headers=headers, timeout=15) # 15 sec timeout for text files
+        response = requests.get(file_url, headers=headers, timeout=15)
         response.raise_for_status()
 
-        # Limit preview size
         max_preview_size = 1 * 1024 * 1024 # 1 MB
         if len(response.content) > max_preview_size:
              return Response("Файл слишком большой для предпросмотра (>1MB).", status=413)
 
-        # Try common encodings
         text_content = None
-        try: text_content = response.content.decode('utf-8')
-        except UnicodeDecodeError:
-            try: text_content = response.content.decode('cp1251') # Windows Cyrillic
-            except UnicodeDecodeError:
-                 try: text_content = response.content.decode('latin-1') # Fallback
-                 except Exception: pass
+        encodings_to_try = ['utf-8', 'cp1251', 'latin-1']
+        for enc in encodings_to_try:
+             try:
+                 text_content = response.content.decode(enc)
+                 break
+             except UnicodeDecodeError:
+                 continue
 
         if text_content is None:
              return Response("Не удалось определить кодировку файла.", status=500)
 
-        return Response(text_content, mimetype='text/plain; charset=utf-8') # Specify charset
+        return Response(text_content, mimetype='text/plain; charset=utf-8')
 
     except requests.exceptions.RequestException as e:
         logging.error(f"Error fetching text content from HF ({hf_path}, owner {owner_user_id}): {e}")
@@ -1374,14 +1344,7 @@ def get_text_content_route(file_id):
 
 @app.route('/preview_thumb/<file_id>')
 def preview_thumb_route(file_id):
-    """ Serves a potentially resized image preview. NO AUTH HERE. """
-    # Placeholder: This currently just redirects to the full download.
-    # Real implementation would require image processing (e.g., Pillow)
-    # to generate thumbnails server-side, or rely on client-side rendering only.
-    # For simplicity, we redirect.
-    # return redirect(url_for('download_file_route', file_id=file_id))
-
-    # Attempt direct serving like download, relying on browser caching/rendering
+    """ Serves image previews. NO AUTH HERE. """
     db_data = load_data()
     file_node = None
     owner_user_id = None
@@ -1398,7 +1361,6 @@ def preview_thumb_route(file_id):
     hf_path = file_node.get('path')
     if not hf_path: return Response("Путь к файлу не найден", status=500)
 
-    # Serve directly without download=true for potential browser caching
     file_url = f"https://huggingface.co/datasets/{REPO_ID}/resolve/main/{hf_path}"
 
     try:
@@ -1406,10 +1368,12 @@ def preview_thumb_route(file_id):
         if HF_TOKEN_READ: headers["authorization"] = f"Bearer {HF_TOKEN_READ}"
         response = requests.get(file_url, headers=headers, stream=True, timeout=20)
         response.raise_for_status()
+        # Return directly, let browser handle image rendering
         return Response(response.iter_content(chunk_size=8192), mimetype=response.headers.get('Content-Type', 'image/jpeg'))
     except requests.exceptions.RequestException as e:
         logging.error(f"Error fetching preview from HF ({hf_path}, owner: {owner_user_id}): {e}")
-        return Response(f"Ошибка загрузки превью ({e.response.status_code if e.response else 502})", status=e.response.status_code if e.response else 502)
+        status_code = e.response.status_code if e.response is not None else 502
+        return Response(f"Ошибка загрузки превью ({status_code})", status=status_code)
     except Exception as e:
         logging.error(f"Unexpected error during preview ({hf_path}, owner: {owner_user_id}): {e}")
         return Response("Внутренняя ошибка сервера при загрузке превью", status=500)
@@ -1427,11 +1391,8 @@ if __name__ == '__main__':
     if not HF_TOKEN_READ:
         logging.warning("HF_TOKEN_READ is not set. File downloads/previews might fail for private repos.")
 
-    # Initial DB download before starting server
     logging.info("Performing initial database download...")
     download_db_from_hf()
     logging.info("Initial download attempt complete.")
 
-    # No periodic backup thread in this version for simplicity. Save triggers upload.
-
     app.run(debug=False, host='0.0.0.0', port=7860)