diff --git "a/app.py" "b/app.py"
--- "a/app.py"
+++ "b/app.py"
@@ -1,3 +1,5 @@
+# --- START OF FILE app (8).py ---
+
 from flask import Flask, render_template_string, request, redirect, url_for, session, flash, send_file, jsonify
 from flask_caching import Cache
 import json
@@ -6,66 +8,62 @@ import logging
 import threading
 import time
 from datetime import datetime
-from huggingface_hub import HfApi, hf_hub_download
+from huggingface_hub import HfApi, hf_hub_download, HfHubHTTPError
 from werkzeug.utils import secure_filename
 import requests
 from io import BytesIO
 import uuid
+from pathlib import Path
 
 app = Flask(__name__)
-app.secret_key = os.getenv("FLASK_SECRET_KEY", "supersecretkey")
-DATA_FILE = 'cloudeng_data.json'
+app.secret_key = os.getenv("FLASK_SECRET_KEY", "supersecretkey_for_zeus_cloud_v2")
+DATA_FILE = 'cloudeng_data_v2.json'
 REPO_ID = "Eluza133/Z1e1u"
 HF_TOKEN_WRITE = os.getenv("HF_TOKEN")
 HF_TOKEN_READ = os.getenv("HF_TOKEN_READ") or HF_TOKEN_WRITE
+UPLOADS_DIR = 'uploads'
+CLOUD_BASE_FOLDER = 'cloud_files'
 
 cache = Cache(app, config={'CACHE_TYPE': 'simple'})
 logging.basicConfig(level=logging.INFO)
 
-@cache.memoize(timeout=300)
+# --- Data Handling ---
+
+@cache.memoize(timeout=60)
 def load_data():
     try:
-        download_db_from_hf()
+        if not os.path.exists(DATA_FILE):
+             logging.info(f"{DATA_FILE} not found locally, attempting download from HF.")
+             download_db_from_hf() # This will create an empty one if download fails
+
         with open(DATA_FILE, 'r', encoding='utf-8') as file:
-            data = json.load(file)
+            try:
+                data = json.load(file)
+            except json.JSONDecodeError:
+                logging.warning("JSONDecodeError: Data file is corrupted or empty. Initializing empty database.")
+                return {'users': {}} # Return only users initially
+
             if not isinstance(data, dict):
+                logging.warning("Data is not in dict format, initializing empty database")
                 return {'users': {}}
-            data.setdefault('users', {})
-            # Initialize 'items' list for users if migrating from old structure
-            for user_data in data['users'].values():
-                if 'files' in user_data:
-                    if 'items' not in user_data or not user_data['items']:
-                        # Convert old 'files' list to new 'items' format
-                        user_data['items'] = []
-                        for file_info in user_data['files']:
-                             # Assuming old files were in the root
-                             original_filename = file_info.get('filename', 'unknown_file')
-                             unique_path = file_info.get('path') # Old path might be unique enough or need migration
-                             # If unique_path wasn't stored before, generate one (simple migration assumption)
-                             if not unique_path or not os.path.basename(unique_path).startswith(file_info.get('filename', '')):
-                                 unique_id = uuid.uuid4().hex
-                                 sanitized_name = secure_filename(original_filename)
-                                 unique_filename = f"{unique_id}_{sanitized_name}"
-                                 unique_path = f"cloud_files/{file_info.get('username')}/{unique_filename}" # Need username here, but old structure doesn't store it per file
-
-                             # This migration is imperfect without knowing the old path structure exactly
-                             # A safer migration would iterate the HF repo structure
-                             # For simplicity here, we assume files were at cloud_files/user/filename and might need new unique ID if filename wasn't sufficient
-                             # Let's stick to the assumption that old 'path' was unique enough for HF but not necessarily for display filename duplicates
-                             user_data['items'].append({
-                                 'type': 'file',
-                                 'name': original_filename,
-                                 'original_filename': original_filename,
-                                 'unique_path': file_info['path'], # Use existing path from old structure
-                                 'parent_path': os.path.dirname(file_info['path']).rstrip('/') + '/', # Infer parent path (should be cloud_files/username/)
-                                 'upload_date': file_info.get('upload_date', datetime.now().strftime('%Y-%m-%d %H:%M:%S')),
-                                 'preview_type': get_preview_type(original_filename)
-                             })
-                        del user_data['files'] # Remove old key after migration
 
+            # Ensure basic structure and initialize root folder for users if missing
+            data.setdefault('users', {})
+            for username, user_data in data['users'].items():
+                if 'root' not in user_data:
+                    user_data['root'] = {
+                        "type": "folder",
+                        "name": "/",
+                        "children": {}
+                    }
+            logging.info("Data successfully loaded and validated")
             return data
+    except FileNotFoundError:
+         logging.warning(f"Data file {DATA_FILE} not found after attempting download. Initializing empty database.")
+         return {'users': {}}
     except Exception as e:
-        return {'users': {}}
+        logging.error(f"Error loading data: {e}")
+        return {'users': {}} # Safer default
 
 def save_data(data):
     try:
@@ -73,11 +71,14 @@ def save_data(data):
             json.dump(data, file, ensure_ascii=False, indent=4)
         upload_db_to_hf()
         cache.clear()
+        logging.info("Data saved and uploaded to HF")
     except Exception as e:
+        logging.error(f"Error saving data: {e}")
         raise
 
 def upload_db_to_hf():
     if not HF_TOKEN_WRITE:
+        logging.warning("HF_TOKEN_WRITE not set. Skipping database upload.")
         return
     try:
         api = HfApi()
@@ -89,10 +90,17 @@ def upload_db_to_hf():
             token=HF_TOKEN_WRITE,
             commit_message=f"Backup {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}"
         )
+        logging.info("Database uploaded to Hugging Face")
     except Exception as e:
         logging.error(f"Error uploading database: {e}")
 
 def download_db_from_hf():
+    if not HF_TOKEN_READ:
+        logging.warning("HF_TOKEN_READ not set. Skipping database download.")
+        if not os.path.exists(DATA_FILE):
+             with open(DATA_FILE, 'w', encoding='utf-8') as f:
+                 json.dump({'users': {}}, f)
+        return
     try:
         hf_hub_download(
             repo_id=REPO_ID,
@@ -100,401 +108,297 @@ def download_db_from_hf():
             repo_type="dataset",
             token=HF_TOKEN_READ,
             local_dir=".",
-            local_dir_use_symlinks=False
+            local_dir_use_symlinks=False,
+            force_download=True # Ensure we get the latest version
         )
+        logging.info("Database downloaded from Hugging Face")
+    except HfHubHTTPError as e:
+         logging.error(f"Error downloading database (HTTP Error): {e}")
+         if e.response.status_code == 404:
+             logging.info("Database file not found on Hugging Face. Creating a new local file.")
+             if not os.path.exists(DATA_FILE):
+                  with open(DATA_FILE, 'w', encoding='utf-8') as f:
+                      json.dump({'users': {}}, f)
+         elif not os.path.exists(DATA_FILE):
+             logging.warning("Download failed, and local file doesn't exist. Creating empty file.")
+             with open(DATA_FILE, 'w', encoding='utf-8') as f:
+                 json.dump({'users': {}}, f)
     except Exception as e:
-        logging.error(f"Error downloading database: {e}")
+        logging.error(f"Generic error downloading database: {e}")
         if not os.path.exists(DATA_FILE):
+            logging.warning("Generic download error, and local file doesn't exist. Creating empty file.")
             with open(DATA_FILE, 'w', encoding='utf-8') as f:
                 json.dump({'users': {}}, f)
 
 def periodic_backup():
-    if not HF_TOKEN_WRITE:
-        return
     while True:
-        time.sleep(1800)
+        time.sleep(1800) # Backup every 30 minutes
+        logging.info("Initiating periodic backup...")
         upload_db_to_hf()
 
-def get_preview_type(filename):
-    video_extensions = ('.mp4', '.mov', '.avi', '.webm')
-    image_extensions = ('.jpg', '.jpeg', '.png', '.gif', '.bmp', '.webp')
-    pdf_extensions = ('.pdf',)
-    text_extensions = ('.txt', '.log', '.md', '.csv') # Common text types
+# --- Helper Functions ---
+
+def get_node_by_path(user_data, path_str):
+    """Navigates the user's file tree and returns the node at the given path."""
+    if path_str == '/' or not path_str:
+        return user_data.get('root')
+
+    parts = [part for part in path_str.strip('/').split('/') if part]
+    current_node = user_data.get('root')
+    if not current_node:
+        return None
+
+    for part in parts:
+        if current_node.get('type') == 'folder' and part in current_node.get('children', {}):
+            current_node = current_node['children'][part]
+        else:
+            return None # Path not found
+    return current_node
+
+def add_node(user_data, parent_path_str, node_data):
+    """Adds a new node (file or folder) to the parent path."""
+    parent_node = get_node_by_path(user_data, parent_path_str)
+    if not parent_node or parent_node.get('type') != 'folder':
+        logging.error(f"Cannot add node: Parent path '{parent_path_str}' not found or is not a folder.")
+        return False
+
+    node_name = node_data.get('name')
+    if not node_name:
+        logging.error("Cannot add node: Node data must include a 'name'.")
+        return False
+
+    if node_name in parent_node.get('children', {}):
+        logging.warning(f"Node '{node_name}' already exists in '{parent_path_str}'. Overwriting not implemented here.")
+        # Or decide how to handle conflicts, maybe return False
+        return False # Prevent overwriting for now
+
+    if 'children' not in parent_node:
+        parent_node['children'] = {}
+
+    parent_node['children'][node_name] = node_data
+    logging.info(f"Node '{node_name}' added to '{parent_path_str}'.")
+    return True
+
+def delete_node_recursive(user_data, path_str, api, username):
+    """Deletes a node and its children (if a folder) from JSON and HF Hub."""
+    node_to_delete = get_node_by_path(user_data, path_str)
+    if not node_to_delete:
+        logging.warning(f"Node not found for deletion: {path_str}")
+        return False, "Node not found"
+
+    parent_path_str = '/'.join(path_str.strip('/').split('/')[:-1])
+    if not parent_path_str:
+        parent_path_str = '/'
+    node_name = path_str.strip('/').split('/')[-1]
+
+    parent_node = get_node_by_path(user_data, parent_path_str)
+
+    paths_to_delete_hf = []
+    def collect_hf_paths(node):
+        if node.get('type') == 'file':
+            paths_to_delete_hf.append(node.get('storage_path'))
+        elif node.get('type') == 'folder':
+            for child in node.get('children', {}).values():
+                collect_hf_paths(child)
+
+    collect_hf_paths(node_to_delete)
+
+    # Delete from HF Hub first
+    deleted_count_hf = 0
+    errors_hf = []
+    if HF_TOKEN_WRITE:
+         for hf_path in paths_to_delete_hf:
+             if hf_path: # Ensure path exists
+                 try:
+                     logging.info(f"Attempting to delete from HF: {hf_path}")
+                     api.delete_file(
+                         path_in_repo=hf_path,
+                         repo_id=REPO_ID,
+                         repo_type="dataset",
+                         token=HF_TOKEN_WRITE,
+                     )
+                     deleted_count_hf += 1
+                 except HfHubHTTPError as e:
+                     if e.response.status_code == 404:
+                          logging.warning(f"File not found on HF Hub (already deleted?): {hf_path}")
+                          # Count as success if not found, maybe it was already gone
+                          deleted_count_hf += 1
+                     else:
+                          logging.error(f"Error deleting file {hf_path} from HF: {e}")
+                          errors_hf.append(f"Failed to delete {hf_path.split('/')[-1]}")
+                 except Exception as e:
+                     logging.error(f"Unexpected error deleting file {hf_path} from HF: {e}")
+                     errors_hf.append(f"Error deleting {hf_path.split('/')[-1]}")
+    else:
+         logging.warning("HF_TOKEN_WRITE not set. Skipping deletion from HF Hub.")
+         errors_hf.append("Cannot delete from cloud: Write token missing.")
 
-    name, ext = os.path.splitext(filename.lower())
-    if ext in video_extensions:
+
+    # Delete from JSON structure if HF deletion was at least partially successful or skipped
+    if parent_node and node_name in parent_node.get('children', {}):
+        del parent_node['children'][node_name]
+        logging.info(f"Node '{node_name}' removed from JSON structure.")
+        if not errors_hf:
+             return True, "Deleted successfully."
+        else:
+             # Report partial success with errors
+             return True, f"Deleted from storage structure. HF deletion issues: {'; '.join(errors_hf)}"
+    else:
+        logging.error(f"Could not find node '{node_name}' in parent '{parent_path_str}' for JSON deletion.")
+        # Even if JSON delete fails, report HF errors if any
+        if errors_hf:
+            return False, f"JSON deletion failed. HF deletion issues: {'; '.join(errors_hf)}"
+        else:
+             return False, "Failed to delete from storage structure."
+
+
+def get_file_type(filename):
+    ext = Path(filename).suffix.lower()
+    if ext in ('.mp4', '.mov', '.avi', '.webm', '.mkv'):
         return 'video'
-    elif ext in image_extensions:
+    elif ext in ('.jpg', '.jpeg', '.png', '.gif', '.bmp', '.webp', '.svg'):
         return 'image'
-    elif ext in pdf_extensions:
+    elif ext == '.pdf':
         return 'pdf'
-    elif ext in text_extensions:
-        return 'txt'
-    return 'other'
-
-def get_item_by_path(user_data, item_path):
-    for item in user_data.get('items', []):
-        # Files use 'unique_path', Folders use 'path' for lookup
-        if item.get('type') == 'file' and item.get('unique_path') == item_path:
-            return item
-        if item.get('type') == 'folder' and item.get('path') == item_path:
-             return item
-    return None
-
-def get_items_in_folder(user_data, folder_path):
-    # Ensure folder_path ends with a slash for accurate parent matching
-    if not folder_path.endswith('/'):
-        folder_path += '/'
-    
-    items = [item for item in user_data.get('items', []) if item.get('parent_path') == folder_path]
-    # Sort: folders first, then files, then alphabetically by name
-    items.sort(key=lambda x: (x.get('type') != 'folder', x.get('name', '').lower()))
-    return items
-
-def get_all_descendant_files(user_data, folder_path):
-    files_to_delete = []
-    folder_path = folder_path.rstrip('/') + '/' # Ensure trailing slash
-
-    for item in user_data.get('items', []):
-        # Check if item is a file and its parent path starts with the folder path
-        if item.get('type') == 'file' and item.get('parent_path', '').startswith(folder_path):
-            files_to_delete.append(item)
-        # Also need to handle files directly inside the folder
-        # This logic is covered by startswith if the folder path is correct
-    return files_to_delete
+    elif ext in ('.txt', '.md', '.log', '.py', '.js', '.css', '.html', '.json', '.xml', '.csv'):
+        return 'text'
+    else:
+        return 'other'
 
+# --- Base Style ---
 BASE_STYLE = '''
 :root {
-    --primary: #ff4d6d;
-    --secondary: #00ddeb;
-    --accent: #8b5cf6;
-    --background-light: #f5f6fa;
-    --background-dark: #1a1625;
-    --card-bg: rgba(255, 255, 255, 0.95);
-    --card-bg-dark: rgba(40, 35, 60, 0.95);
-    --text-light: #2a1e5a;
-    --text-dark: #e8e1ff;
-    --shadow: 0 10px 30px rgba(0, 0, 0, 0.2);
-    --glass-bg: rgba(255, 255, 255, 0.15);
-    --transition: all 0.3s ease;
-    --delete-color: #ff4444;
-    --folder-color: #ffc107;
+    --primary: #ff4d6d; --secondary: #00ddeb; --accent: #8b5cf6;
+    --background-light: #f5f6fa; --background-dark: #1a1625;
+    --card-bg: rgba(255, 255, 255, 0.95); --card-bg-dark: rgba(40, 35, 60, 0.95);
+    --text-light: #2a1e5a; --text-dark: #e8e1ff;
+    --shadow: 0 10px 30px rgba(0, 0, 0, 0.2); --glass-bg: rgba(255, 255, 255, 0.15);
+    --transition: all 0.3s ease; --delete-color: #ff4444; --folder-color: #ffcc00;
 }
 * { margin: 0; padding: 0; box-sizing: border-box; }
-body {
-    font-family: 'Inter', sans-serif;
-    background: var(--background-light);
-    color: var(--text-light);
-    line-height: 1.6;
-}
-body.dark {
-    background: var(--background-dark);
-    color: var(--text-dark);
-}
-.container {
-    margin: 20px auto;
-    max-width: 1200px;
-    padding: 25px;
-    background: var(--card-bg);
-    border-radius: 20px;
-    box-shadow: var(--shadow);
-}
-body.dark .container {
-    background: var(--card-bg-dark);
-}
-h1 {
-    font-size: 2em;
-    font-weight: 800;
-    text-align: center;
-    margin-bottom: 25px;
-    background: linear-gradient(135deg, var(--primary), var(--accent));
-    -webkit-background-clip: text;
-    color: transparent;
-}
-h2 {
-    font-size: 1.5em;
-    margin-top: 30px;
-    color: var(--text-light);
-}
-body.dark h2 {
-    color: var(--text-dark);
-}
-input, textarea {
-    width: 100%;
-    padding: 14px;
-    margin: 12px 0;
-    border: none;
-    border-radius: 14px;
-    background: var(--glass-bg);
-    color: var(--text-light);
-    font-size: 1.1em;
-    box-shadow: inset 0 3px 10px rgba(0, 0, 0, 0.1);
-}
-body.dark input, body.dark textarea {
-    color: var(--text-dark);
-}
-input:focus, textarea:focus {
-    outline: none;
-    box-shadow: 0 0 0 4px var(--primary);
-}
-.btn {
-    padding: 14px 28px;
-    background: var(--primary);
-    color: white;
-    border: none;
-    border-radius: 14px;
-    cursor: pointer;
-    font-size: 1.1em;
-    font-weight: 600;
-    transition: var(--transition);
-    box-shadow: var(--shadow);
-    display: inline-block;
-    text-decoration: none;
-}
-.btn:hover {
-    transform: scale(1.05);
-    background: #e6415f;
-}
-.download-btn {
-    background: var(--secondary);
-    margin-top: 10px;
-}
-.download-btn:hover {
-    background: #00b8c5;
-}
-.delete-btn {
-    background: var(--delete-color);
-    margin-top: 10px;
-}
-.delete-btn:hover {
-    background: #cc3333;
-}
-.flash {
-    color: var(--secondary);
-    text-align: center;
-    margin-bottom: 15px;
-}
-.item-grid {
-    display: grid;
-    grid-template-columns: repeat(auto-fill, minmax(150px, 1fr)); /* Smaller grid for folders/files */
-    gap: 20px;
-    margin-top: 20px;
-}
-.user-list {
-    margin-top: 20px;
-}
-.user-item {
-    padding: 15px;
-    background: var(--card-bg);
-    border-radius: 16px;
-    margin-bottom: 10px;
-    box-shadow: var(--shadow);
-    transition: var(--transition);
-}
-body.dark .user-item {
-    background: var(--card-bg-dark);
-}
-.user-item:hover {
-    transform: translateY(-5px);
-}
-.user-item a {
-    color: var(--primary);
-    text-decoration: none;
-    font-weight: 600;
-}
-.user-item a:hover {
-    color: var(--accent);
-}
-.item-item {
-    background: var(--card-bg);
-    padding: 15px;
-    border-radius: 16px;
-    box-shadow: var(--shadow);
-    text-align: center;
-    transition: var(--transition);
-    display: flex;
-    flex-direction: column;
-    align-items: center;
-    justify-content: space-between;
-    min-height: 150px; /* Ensure consistent size */
-}
-body.dark .item-item {
-    background: var(--card-bg-dark);
-}
-.item-item:hover {
-    transform: translateY(-5px);
-}
-.item-icon {
-    width: 60px;
-    height: 60px;
-    margin-bottom: 10px;
-}
-.item-icon.folder {
-     fill: var(--folder-color); /* SVG color */
-}
-.item-icon.file {
-     fill: var(--secondary); /* SVG color */
-}
-.item-preview {
-    max-width: 100%;
-    max-height: 120px; /* Smaller preview */
-    object-fit: contain;
-    border-radius: 10px;
-    margin-bottom: 10px;
-    loading: lazy;
-    cursor: pointer; /* Indicate clickable */
-}
-.item-name {
-    font-size: 1em;
-    margin: 5px 0;
-    word-break: break-all;
-    flex-grow: 1; /* Allow name to take space */
-}
-.item-item .item-actions {
-    margin-top: auto; /* Push actions to bottom */
-    display: flex;
-    flex-direction: column; /* Stack buttons */
-    width: 100%;
-    align-items: center;
-}
-.item-item .item-actions .btn {
-    width: 80%; /* Make buttons narrower */
-    margin-top: 5px; /* Space between buttons */
-    padding: 8px 15px; /* Smaller padding */
-    font-size: 0.9em; /* Smaller font */
-}
-.modal {
-    display: none;
-    position: fixed;
-    top: 0;
-    left: 0;
-    width: 100%;
-    height: 100%;
-    background: rgba(0, 0, 0, 0.85);
-    z-index: 2000;
-    justify-content: center;
-    align-items: center;
-    padding: 20px;
-}
-.modal-content {
-    max-width: 95%;
-    max-height: 95%;
-    background: white; /* Background for non-media */
-    padding: 20px;
-    border-radius: 10px;
-    box-shadow: var(--shadow);
-    overflow: auto; /* Scroll for text/pdf */
-}
-.modal img, .modal video, .modal iframe {
-    display: block; /* Remove extra space below inline elements */
-    margin: auto; /* Center media */
-    max-width: 100%;
-    max-height: 80vh; /* Limit height to avoid overflow */
-    object-fit: contain;
-    border-radius: 10px;
-}
-.modal pre {
-    white-space: pre-wrap; /* Wrap text */
-    word-wrap: break-word;
-    color: var(--text-light); /* Text color */
-}
-body.dark .modal-content {
-     background: var(--card-bg-dark);
-     color: var(--text-dark);
-}
-body.dark .modal pre {
-     color: var(--text-dark);
-}
-#progress-container {
-    width: 100%;
-    background: var(--glass-bg);
-    border-radius: 10px;
-    margin: 15px 0;
-    display: none;
-}
-#progress-bar {
-    width: 0%;
-    height: 20px;
-    background: var(--primary);
-    border-radius: 10px;
-    transition: width 0.3s ease;
-}
-.path-breadcrumb {
-    margin-bottom: 20px;
-    font-size: 1.1em;
-}
-.path-breadcrumb a {
-    color: var(--accent);
-    text-decoration: none;
-}
-.path-breadcrumb a:hover {
-    text-decoration: underline;
-}
-.path-breadcrumb span {
-    margin: 0 5px;
-}
-.action-bar {
-    display: flex;
-    gap: 10px;
-    margin-bottom: 20px;
-    flex-wrap: wrap;
-}
-.action-bar .btn {
-    padding: 10px 20px;
-    font-size: 1em;
-    margin-top: 0;
-}
+body { font-family: 'Inter', sans-serif; background: var(--background-light); color: var(--text-light); line-height: 1.6; }
+body.dark { background: var(--background-dark); color: var(--text-dark); }
+.container { margin: 20px auto; max-width: 1200px; padding: 25px; background: var(--card-bg); border-radius: 20px; box-shadow: var(--shadow); }
+body.dark .container { background: var(--card-bg-dark); }
+h1 { font-size: 2em; font-weight: 800; text-align: center; margin-bottom: 25px; background: linear-gradient(135deg, var(--primary), var(--accent)); -webkit-background-clip: text; color: transparent; }
+h2 { font-size: 1.5em; margin-top: 30px; color: var(--text-light); }
+body.dark h2 { color: var(--text-dark); }
+input, textarea { width: 100%; padding: 14px; margin: 12px 0; border: none; border-radius: 14px; background: var(--glass-bg); color: var(--text-light); font-size: 1.1em; box-shadow: inset 0 3px 10px rgba(0, 0, 0, 0.1); }
+body.dark input, body.dark textarea { color: var(--text-dark); }
+input:focus, textarea:focus { outline: none; box-shadow: 0 0 0 4px var(--primary); }
+.btn { padding: 10px 20px; background: var(--primary); color: white; border: none; border-radius: 12px; cursor: pointer; font-size: 1em; font-weight: 600; transition: var(--transition); box-shadow: var(--shadow); display: inline-block; text-decoration: none; margin: 5px; }
+.btn:hover { transform: scale(1.05); background: #e6415f; }
+.download-btn { background: var(--secondary); }
+.download-btn:hover { background: #00b8c5; }
+.delete-btn { background: var(--delete-color); }
+.delete-btn:hover { background: #cc3333; }
+.folder-btn { background: var(--folder-color); color: #333; }
+.folder-btn:hover { background: #e6b800; }
+.flash { padding: 10px; margin-bottom: 15px; border-radius: 8px; text-align: center; }
+.flash.success { background-color: #d4edda; color: #155724; border: 1px solid #c3e6cb; }
+.flash.error { background-color: #f8d7da; color: #721c24; border: 1px solid #f5c6cb; }
+.flash.info { background-color: #d1ecf1; color: #0c5460; border: 1px solid #bee5eb; }
+.file-grid { display: grid; grid-template-columns: repeat(auto-fill, minmax(200px, 1fr)); gap: 20px; margin-top: 20px; }
+.user-list { margin-top: 20px; }
+.user-item { padding: 15px; background: var(--card-bg); border-radius: 16px; margin-bottom: 10px; box-shadow: var(--shadow); transition: var(--transition); }
+body.dark .user-item { background: var(--card-bg-dark); }
+.user-item:hover { transform: translateY(-5px); }
+.user-item a { color: var(--primary); text-decoration: none; font-weight: 600; }
+.user-item a:hover { color: var(--accent); }
+.item { background: var(--card-bg); padding: 15px; border-radius: 16px; box-shadow: var(--shadow); text-align: center; transition: var(--transition); display: flex; flex-direction: column; justify-content: space-between; }
+body.dark .item { background: var(--card-bg-dark); }
+.item:hover { transform: translateY(-5px); }
+.item-icon { font-size: 3em; margin-bottom: 10px; }
+.folder-icon { color: var(--folder-color); }
+.file-icon { color: var(--secondary); }
+.item-preview { max-width: 100%; height: 150px; object-fit: cover; border-radius: 10px; margin-bottom: 10px; cursor: pointer; background-color: #eee; display: flex; align-items: center; justify-content: center; font-size: 2em; }
+body.dark .item-preview { background-color: #333; }
+.item p { font-size: 0.9em; margin: 5px 0; word-break: break-all; }
+.item a { color: var(--primary); text-decoration: none; }
+.item a:hover { color: var(--accent); }
+.item-actions { margin-top: 10px; }
+.modal { display: none; position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: rgba(0, 0, 0, 0.85); z-index: 2000; justify-content: center; align-items: center; padding: 20px; }
+.modal-content { background: white; padding: 20px; border-radius: 15px; max-width: 90%; max-height: 90%; overflow: auto; position: relative; }
+body.dark .modal-content { background: var(--card-bg-dark); }
+.modal-close { position: absolute; top: 10px; right: 15px; font-size: 2em; color: #aaa; cursor: pointer; line-height: 1; }
+body.dark .modal-close { color: #ccc; }
+.modal img, .modal video, .modal iframe, .modal embed { display: block; max-width: 100%; max-height: 80vh; margin: 0 auto; border-radius: 10px; }
+.modal pre { white-space: pre-wrap; word-wrap: break-word; max-height: 80vh; overflow-y: auto; background: #f8f8f8; padding: 15px; border-radius: 8px; color: #333; }
+body.dark .modal pre { background: #222; color: #eee; }
+#progress-container { width: 100%; background: var(--glass-bg); border-radius: 10px; margin: 15px 0; display: none; }
+#progress-bar { width: 0%; height: 20px; background: var(--primary); border-radius: 10px; transition: width 0.3s ease; }
+.breadcrumbs { margin-bottom: 20px; font-size: 1.1em; }
+.breadcrumbs a { color: var(--accent); text-decoration: none; }
+.breadcrumbs span { margin: 0 5px; color: #aaa; }
 '''
 
+# --- Flask Routes ---
+
 @app.route('/register', methods=['GET', 'POST'])
 def register():
     if request.method == 'POST':
         username = request.form.get('username')
         password = request.form.get('password')
 
-        data = load_data()
-
         if not username or not password:
-            flash('Имя пользователя и пароль обязательны!')
+            flash('Имя пользователя и пароль обязательны!', 'error')
             return redirect(url_for('register'))
 
+        # Basic validation
+        if not username.isalnum() or len(username) < 3:
+             flash('Имя пользователя должно быть не менее 3 символов и содержать только буквы и цифры.', 'error')
+             return redirect(url_for('register'))
+        if len(password) < 6:
+             flash('Пароль должен быть не менее 6 символов.', 'error')
+             return redirect(url_for('register'))
+
+        data = load_data()
+
         if username in data['users']:
-            flash('Пользователь с таким именем уже существует!')
+            flash('Пользователь с таким именем уже существует!', 'error')
             return redirect(url_for('register'))
 
         data['users'][username] = {
-            'password': password,
+            'password': password, # TODO: Hash passwords in a real app!
             'created_at': datetime.now().strftime('%Y-%m-%d %H:%M:%S'),
-            'items': [] # Use 'items' for files and folders
+            'root': { # Initialize root folder
+                "type": "folder",
+                "name": "/",
+                "children": {}
+            }
         }
-        save_data(data)
-        session['username'] = username
-        flash('Регистрация прошла успешно!')
-        return redirect(url_for('dashboard'))
+        try:
+            save_data(data)
+            session['username'] = username
+            flash('Регистрация прошла успешно!', 'success')
+            return redirect(url_for('dashboard'))
+        except Exception as e:
+             flash('Ошибка при сохранении данных пользователя.', 'error')
+             logging.error(f"Registration save error: {e}")
+             return redirect(url_for('register'))
 
     html = '''
 <!DOCTYPE html>
 <html lang="ru">
 <head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>Регистр��ция - Zeus Cloud</title>
+    <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Регистрация - Zeus Cloud V2</title>
     <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;800&display=swap" rel="stylesheet">
     <style>''' + BASE_STYLE + '''</style>
 </head>
 <body>
     <div class="container">
-        <h1>Регистрация в Zeus Cloud</h1>
-        {% with messages = get_flashed_messages() %}
+        <h1>Регистрация в Zeus Cloud V2</h1>
+        {% with messages = get_flashed_messages(with_categories=true) %}
             {% if messages %}
-                {% for message in messages %}
-                    <div class="flash">{{ message }}</div>
+                {% for category, message in messages %}
+                    <div class="flash {{ category }}">{{ message }}</div>
                 {% endfor %}
             {% endif %}
         {% endwith %}
         <form method="POST" id="register-form">
-            <input type="text" name="username" placeholder="Введите имя пользователя" required>
-            <input type="password" name="password" placeholder="Введите пароль" required>
+            <input type="text" name="username" placeholder="Имя пользователя (буквы и цифры, мин. 3)" required pattern="[a-zA-Z0-9]{3,}">
+            <input type="password" name="password" placeholder="Пароль (мин. 6 символов)" required minlength="6">
             <button type="submit" class="btn">Зарегистрироваться</button>
         </form>
         <p style="margin-top: 20px;">Уже есть аккаунт? <a href="{{ url_for('login') }}">Войти</a></p>
@@ -506,446 +410,414 @@ def register():
 
 @app.route('/', methods=['GET', 'POST'])
 def login():
+    if 'username' in session:
+        return redirect(url_for('dashboard'))
+
     if request.method == 'POST':
         username = request.form.get('username')
         password = request.form.get('password')
         data = load_data()
 
-        if username in data['users'] and data['users'][username]['password'] == password:
+        if username in data.get('users', {}) and data['users'][username].get('password') == password:
             session['username'] = username
-            return jsonify({'status': 'success', 'redirect': url_for('dashboard')})
+            # Use JSON response for JS fetch
+            if request.headers.get('X-Requested-With') == 'XMLHttpRequest':
+                return jsonify({'status': 'success', 'redirect': url_for('dashboard')})
+            else:
+                return redirect(url_for('dashboard')) # Fallback for non-JS
         else:
-            return jsonify({'status': 'error', 'message': 'Неверное имя пользователя или пароль!'})
+            if request.headers.get('X-Requested-With') == 'XMLHttpRequest':
+                 return jsonify({'status': 'error', 'message': 'Неверное имя пользователя или пароль!'})
+            else:
+                 flash('Неверное имя пользователя или пароль!', 'error')
+                 return redirect(url_for('login'))
+
 
     html = '''
 <!DOCTYPE html>
 <html lang="ru">
 <head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>Zeus Cloud</title>
+    <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Zeus Cloud V2</title>
     <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;800&display=swap" rel="stylesheet">
     <style>''' + BASE_STYLE + '''</style>
 </head>
 <body>
     <div class="container">
-        <h1>Zeus Cloud</h1>
+        <h1>Zeus Cloud V2</h1>
         <div id="flash-messages">
-            {% with messages = get_flashed_messages() %}
+            {% with messages = get_flashed_messages(with_categories=true) %}
                 {% if messages %}
-                    {% for message in messages %}
-                        <div class="flash">{{ message }}</div>
+                    {% for category, message in messages %}
+                        <div class="flash {{ category }}">{{ message }}</div>
                     {% endfor %}
                 {% endif %}
             {% endwith %}
         </div>
         <form method="POST" id="login-form">
-            <input type="text" name="username" placeholder="Введите имя пользователя" required>
-            <input type="password" name="password" placeholder="Введите пароль" required>
+            <input type="text" name="username" placeholder="Имя пользователя" required>
+            <input type="password" name="password" placeholder="Пароль" required>
             <button type="submit" class="btn">Войти</button>
         </form>
         <p style="margin-top: 20px;">Нет аккаунта? <a href="{{ url_for('register') }}">Зарегистри��уйтесь</a></p>
     </div>
     <script>
-        const savedCredentials = JSON.parse(localStorage.getItem('zeusCredentials'));
-        if (savedCredentials) {
-            fetch('/', {
-                method: 'POST',
-                headers: {
-                    'Content-Type': 'application/x-www-form-urlencoded',
-                },
-                body: `username=${encodeURIComponent(savedCredentials.username)}&password=${encodeURIComponent(savedCredentials.password)}`
-            })
-            .then(response => response.json())
-            .then(data => {
-                if (data.status === 'success') {
-                    window.location.href = data.redirect;
-                }
-                // If auto-login fails, allow manual login form to be used
-            })
-            .catch(error => console.error('Ошибка автовхода:', error));
-        }
-
         document.getElementById('login-form').addEventListener('submit', function(e) {
             e.preventDefault();
             const formData = new FormData(this);
             fetch('/', {
                 method: 'POST',
+                headers: {'X-Requested-With': 'XMLHttpRequest'}, // Identify as AJAX
                 body: formData
             })
             .then(response => response.json())
             .then(data => {
+                const flashContainer = document.getElementById('flash-messages');
+                flashContainer.innerHTML = ''; // Clear previous messages
                 if (data.status === 'success') {
-                    const username = formData.get('username');
-                    const password = formData.get('password');
-                    localStorage.setItem('zeusCredentials', JSON.stringify({ username, password }));
+                    // Optionally store credentials for auto-login attempt next time (consider security implications)
+                    // localStorage.setItem('zeusCredentials', JSON.stringify({ username: formData.get('username'), password: formData.get('password') }));
                     window.location.href = data.redirect;
                 } else {
-                    document.getElementById('flash-messages').innerHTML = `<div class="flash">${data.message}</div>`;
+                    flashContainer.innerHTML = `<div class="flash error">${data.message}</div>`;
                 }
             })
             .catch(error => {
-                document.getElementById('flash-messages').innerHTML = `<div class="flash">Ошибка соединения!</div>`;
+                console.error('Login error:', error);
+                document.getElementById('flash-messages').innerHTML = `<div class="flash error">Ошибка соединения!</div>`;
             });
         });
+
+        // Basic auto-login attempt example (use with caution)
+        /*
+        const savedCredentials = JSON.parse(localStorage.getItem('zeusCredentials'));
+        if (savedCredentials) {
+             const autoLoginData = new FormData();
+             autoLoginData.append('username', savedCredentials.username);
+             autoLoginData.append('password', savedCredentials.password);
+             fetch('/', {
+                 method: 'POST',
+                 headers: {'X-Requested-With': 'XMLHttpRequest'},
+                 body: autoLoginData
+             })
+             .then(response => response.json())
+             .then(data => {
+                 if (data.status === 'success') {
+                     window.location.href = data.redirect;
+                 } else {
+                      localStorage.removeItem('zeusCredentials'); // Remove invalid credentials
+                 }
+             }).catch(err => console.log('Auto-login failed silently'));
+        }
+        */
     </script>
 </body>
 </html>
 '''
     return render_template_string(html)
 
-@app.route('/dashboard', methods=['GET', 'POST'])
-def dashboard():
+@app.route('/dashboard/')
+@app.route('/dashboard/<path:folder_path>')
+def dashboard(folder_path='/'):
     if 'username' not in session:
-        flash('Пожалуйста, войдите в систему!')
+        flash('Пожалуйста, войдите в систему!', 'info')
         return redirect(url_for('login'))
 
     username = session['username']
     data = load_data()
-    if username not in data['users']:
+    if username not in data.get('users', {}):
         session.pop('username', None)
-        flash('Пользователь не найден!')
+        flash('Пользователь не найден!', 'error')
         return redirect(url_for('login'))
 
     user_data = data['users'][username]
-    
-    # Determine current path
-    current_path = request.args.get('path', f'cloud_files/{username}/')
-    # Validate path belongs to the user
-    if not current_path.startswith(f'cloud_files/{username}/'):
-         flash('Неверный путь!')
-         current_path = f'cloud_files/{username}/'
-
-    if request.method == 'POST': # Handle file upload
-        files = request.files.getlist('files')
-        if files and len(files) > 20:
-            flash('Максимум 20 файлов за раз!')
-            return redirect(url_for('dashboard', path=current_path))
-
-        if files:
-            os.makedirs('uploads', exist_ok=True)
-            api = HfApi()
-            temp_files = []
-
-            for file in files:
-                if file and file.filename:
-                    original_filename = file.filename
-                    sanitized_name = secure_filename(original_filename)
-                    unique_id = uuid.uuid4().hex
-                    unique_filename_on_hf = f"{unique_id}_{sanitized_name}"
-                    
-                    temp_path = os.path.join('uploads', unique_filename_on_hf) # Use unique name for temp file
-                    file.save(temp_path)
-                    temp_files.append((temp_path, unique_filename_on_hf, original_filename)) # Store temp path, unique name, original name
-
-            uploaded_count = 0
-            for temp_path, unique_filename_on_hf, original_filename in temp_files:
-                # Construct the HF path using the current directory structure
-                file_hf_path = os.path.join(current_path, unique_filename_on_hf).replace('\\', '/') # Ensure Unix-like path
-
-                try:
-                    api.upload_file(
-                        path_or_fileobj=temp_path,
-                        path_in_repo=file_hf_path,
-                        repo_id=REPO_ID,
-                        repo_type="dataset",
-                        token=HF_TOKEN_WRITE,
-                        commit_message=f"Uploaded file {original_filename} for {username} in {current_path}"
-                    )
-
-                    file_info = {
-                        'type': 'file',
-                        'name': original_filename, # Display original name
-                        'original_filename': original_filename,
-                        'unique_path': file_hf_path, # Store the actual path on HF
-                        'parent_path': current_path,
-                        'upload_date': datetime.now().strftime('%Y-%m-%d %H:%M:%S'),
-                        'preview_type': get_preview_type(original_filename)
-                    }
-                    user_data['items'].append(file_info)
-                    uploaded_count += 1
-
-                except Exception as e:
-                    logging.error(f"Error uploading file {original_filename} to HF: {e}")
-                    flash(f'Ошибка при загрузке файла {original_filename}.')
-                finally:
-                    if os.path.exists(temp_path):
-                        os.remove(temp_path)
-
-            if uploaded_count > 0:
-                save_data(data)
-                flash(f'Успешно загружено {uploaded_count} файл(ов)!')
-
-        return redirect(url_for('dashboard', path=current_path))
-
-    # GET request: Display items
-    items_in_current_folder = get_items_in_folder(user_data, current_path)
-
-    # Build breadcrumb path
-    breadcrumb = []
-    path_parts = current_path.replace(f'cloud_files/{username}/', '', 1).split('/')
-    cumulative_path = f'cloud_files/{username}/'
-    breadcrumb.append({'name': 'Root', 'path': cumulative_path})
-
-    for part in path_parts:
-        if part:
-            cumulative_path = os.path.join(cumulative_path, part).replace('\\', '/')
-            if not cumulative_path.endswith('/'):
-                 cumulative_path += '/'
-            breadcrumb.append({'name': part, 'path': cumulative_path})
-
-    # Remove the current folder from breadcrumb if it's the root
-    if len(breadcrumb) > 1 and breadcrumb[-1]['path'] == breadcrumb[-2]['path']:
-         breadcrumb.pop()
-    # Handle case where current_path is just the root
-    if current_path == f'cloud_files/{username}/' and len(breadcrumb) > 1:
-        breadcrumb = breadcrumb[:1]
 
+    # Normalize folder_path
+    folder_path = '/' + folder_path.strip('/')
+    if folder_path != '/' and not folder_path.endswith('/'):
+        folder_path += '/'
+
+    current_node = get_node_by_path(user_data, folder_path)
+
+    if not current_node or current_node.get('type') != 'folder':
+        flash('Папка не найдена!', 'error')
+        return redirect(url_for('dashboard', folder_path='/')) # Redirect to root
+
+    items = []
+    # Sort folders first, then files, both alphabetically
+    children = current_node.get('children', {})
+    sorted_names = sorted(children.keys())
+
+    for name in sorted_names:
+         child = children[name]
+         if child.get('type') == 'folder':
+              items.append(child)
+
+    for name in sorted_names:
+         child = children[name]
+         if child.get('type') == 'file':
+             # Ensure necessary keys exist
+             child.setdefault('original_filename', name)
+             child.setdefault('storage_path', 'Unknown Path')
+             child.setdefault('upload_date', 'N/A')
+             child['file_type'] = get_file_type(child['original_filename'])
+             items.append(child)
+
+
+    # Breadcrumbs
+    breadcrumbs = [{'name': 'Корень', 'path': '/'}]
+    cumulative_path = '/'
+    for part in [p for p in folder_path.strip('/').split('/') if p]:
+        cumulative_path += part + '/'
+        breadcrumbs.append({'name': part, 'path': cumulative_path})
 
     html = '''
 <!DOCTYPE html>
 <html lang="ru">
 <head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>Панель управления - Zeus Cloud</title>
+    <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Панель управления - Zeus Cloud V2</title>
     <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;800&display=swap" rel="stylesheet">
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css">
     <style>''' + BASE_STYLE + '''</style>
-    <script src="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/js/all.min.js"></script> <!-- For icons -->
 </head>
 <body>
     <div class="container">
-        <h1>Панель управления Zeus Cloud</h1>
-        <p>Пользователь: {{ username }}</p>
-        {% with messages = get_flashed_messages() %}
+        <h1>Zeus Cloud V2</h1>
+        <p>Пользователь: {{ username }} | <a href="{{ url_for('logout') }}" id="logout-btn">Выйти</a></p>
+
+        {% with messages = get_flashed_messages(with_categories=true) %}
             {% if messages %}
-                {% for message in messages %}
-                    <div class="flash">{{ message }}</div>
+                {% for category, message in messages %}
+                    <div class="flash {{ category }}">{{ message }}</div>
                 {% endfor %}
             {% endif %}
         {% endwith %}
 
-        <div class="path-breadcrumb">
-            {% for crumb in breadcrumb %}
-                <a href="{{ url_for('dashboard', path=crumb.path) }}">{{ crumb.name }}</a>
-                {% if not loop.last %}<span>/</span>{% endif %}
+        <div class="breadcrumbs">
+            {% for crumb in breadcrumbs %}
+                {% if not loop.last %}
+                    <a href="{{ url_for('dashboard', folder_path=crumb.path) }}">{{ crumb.name }}</a><span>/</span>
+                {% else %}
+                    <span>{{ crumb.name }}</span>
+                {% endif %}
             {% endfor %}
         </div>
 
-        <div class="action-bar">
-             <form id="upload-form" method="POST" enctype="multipart/form-data">
-                <input type="file" name="files" multiple required>
-                <button type="submit" class="btn" id="upload-btn">Загрузить файлы</button>
+        <div style="margin-bottom: 20px; display: flex; gap: 10px; flex-wrap: wrap; align-items: center;">
+            <form id="upload-form" method="POST" action="{{ url_for('upload_files') }}" enctype="multipart/form-data" style="display: inline-block;">
                 <input type="hidden" name="current_path" value="{{ current_path }}">
+                <input type="file" name="files" multiple required id="file-input" style="display: none;">
+                <button type="button" class="btn" onclick="document.getElementById('file-input').click();">Выбрать файлы</button>
+                <button type="submit" class="btn" id="upload-btn">Загрузить</button>
+            </form>
+             <form id="create-folder-form" method="POST" action="{{ url_for('create_folder') }}" style="display: inline-block;">
+                <input type="hidden" name="current_path" value="{{ current_path }}">
+                <input type="text" name="folder_name" placeholder="Имя новой папки" required pattern="[a-zA-Z0-9_.-]+" title="Только буквы, цифры, _, ., -" style="width: auto; display: inline-block; vertical-align: middle; margin: 0 5px 0 0; padding: 10px; font-size: 1em;">
+                <button type="submit" class="btn folder-btn">Создать папку</button>
             </form>
-             <button type="button" class="btn" onclick="showCreateFolderModal()">Создать папку</button>
-             {% if current_path != 'cloud_files/' + username + '/' %}
-                <a href="{{ url_for('dashboard', path=parent_path) }}" class="btn">Назад</a>
-             {% endif %}
-        </div>
-
-        <div id="progress-container">
-            <div id="progress-bar"></div>
         </div>
-
-        <h2 style="margin-top: 10px;">Содержимое папки "{{ breadcrumb[-1].name }}"</h2>
-        <p style="text-align: center; margin-top: 10px; color: var(--accent);">Ваши файлы под надежной защитой квантовой криптографии</p>
-
-        <div class="item-grid">
-            {% for item in items_in_current_folder %}
-                {% if item.type == 'folder' %}
-                    <div class="item-item folder-item" onclick="window.location.href='{{ url_for('dashboard', path=item.path) }}'">
-                         <svg class="item-icon folder" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 576 512"><path d="M384 128H192c-35.3 0-64 28.7-64 64V416c0 35.3 28.7 64 64 64H384c35.3 0 64-28.7 64-64V192c0-35.3-28.7-64-64-64zm-64-96C300.8 0 288 12.8 288 32V64H192c-52.9 0-96 43.1-96 96V416c0 52.9 43.1 96 96 96H384c52.9 0 96-43.1 96-96V160c0-52.9-43.1-96-96-96H320V32c0-19.2-12.8-32-32-32zM160 192c0-17.7 14.3-32 32-32H384c17.7 0 32 14.3 32 32v192c0 17.7-14.3 32-32 32H192c-17.7 0-32-14.3-32-32V192zM288 64V32h0 0c0-19.2 12.8-32 32-32s32 12.8 32 32V64h-64z"/></svg>
-                        <p class="item-name">{{ item.name }}</p>
+        <div id="progress-container"><div id="progress-bar"></div></div>
+        <span id="selected-files" style="display: block; margin-bottom: 10px;"></span>
+
+        <h2>Содержимое папки: {{ current_node.name }}</h2>
+        <div class="file-grid">
+            {% for item in items %}
+                <div class="item">
+                    {% if item.type == 'folder' %}
+                        <div class="item-icon folder-icon"><i class="fas fa-folder"></i></div>
+                        <p><strong>{{ item.name }}</strong></p>
                         <div class="item-actions">
-                            <form method="POST" action="{{ url_for('delete_item', item_path=item.path) }}" onsubmit="return confirm('Вы уверены, что хотите удалить папку {{ item.name }} и все ее содержимое?');">
+                            <a href="{{ url_for('dashboard', folder_path=current_path + item.name + '/') }}" class="btn folder-btn">Открыть</a>
+                            <form method="POST" action="{{ url_for('delete_item') }}" style="display:inline;" onsubmit="return confirm('Удалить папку \'{{ item.name }}\' и ВСЁ её содержимое?');">
+                                <input type="hidden" name="item_path" value="{{ current_path + item.name }}">
                                 <button type="submit" class="btn delete-btn">Удалить</button>
                             </form>
                         </div>
-                    </div>
-                {% elif item.type == 'file' %}
-                    <div class="item-item file-item">
-                        {% if item.preview_type == 'image' %}
-                            <img class="item-preview" src="https://huggingface.co/datasets/{{ repo_id }}/resolve/main/{{ item.unique_path }}" alt="{{ item.name }}" loading="lazy" onclick="openModal('{{ item.unique_path }}', 'image')">
-                        {% elif item.preview_type == 'video' %}
-                            <video class="item-preview" preload="metadata" muted loading="lazy" onclick="openModal('{{ item.unique_path }}', 'video')">
-                                <source src="https://huggingface.co/datasets/{{ repo_id }}/resolve/main/{{ item.unique_path }}" type="video/mp4"> <!-- Assuming mp4 is common -->
-                            </video>
-                        {% elif item.preview_type == 'pdf' %}
-                             <svg class="item-icon file" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 384 512"><path d="M0 64C0 28.7 28.7 0 64 0H224V128c0 17.7 14.3 32 32 32H384V448c0 35.3-28.7 64-64 64H64c-35.3 0-64-28.7-64-64V64zm384 64L256 0H64c-17.7 0-32 14.3-32 32V448c0 17.7 14.3 32 32 32H320c17.7 0 32-14.3 32-32V128z"/></svg>
-                             <p class="item-name">{{ item.name }}</p>
-                             <div class="item-actions">
-                                  <button type="button" class="btn download-btn" onclick="openModal('{{ item.unique_path }}', 'pdf')">Просмотр</button>
-                                  <a href="{{ url_for('download_item', item_path=item.path) }}" class="btn download-btn">Скачать</a>
-                                  <form method="POST" action="{{ url_for('delete_item', item_path=item.path) }}" onsubmit="return confirm('Вы уверены, что хотите удалить файл {{ item.name }}?');">
-                                       <button type="submit" class="btn delete-btn">Удалить</button>
-                                  </form>
-                             </div>
-                        {% elif item.preview_type == 'txt' %}
-                             <svg class="item-icon file" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 384 512"><path d="M0 64C0 28.7 28.7 0 64 0H224V128c0 17.7 14.3 32 32 32H384V448c0 35.3-28.7 64-64 64H64c-35.3 0-64-28.7-64-64V64zm384 64L256 0H64c-17.7 0-32 14.3-32 32V448c0 17.7 14.3 32 32 32H320c17.7 0 32-14.3 32-32V128z"/></svg>
-                             <p class="item-name">{{ item.name }}</p>
-                             <div class="item-actions">
-                                  <button type="button" class="btn download-btn" onclick="openModal('{{ item.unique_path }}', 'txt')">Просмотр</button>
-                                  <a href="{{ url_for('download_item', item_path=item.path) }}" class="btn download-btn">Скачать</a>
-                                  <form method="POST" action="{{ url_for('delete_item', item_path=item.path) }}" onsubmit="return confirm('Вы уверены, что хотите удалить файл {{ item.name }}?');">
-                                       <button type="submit" class="btn delete-btn">Удалить</button>
-                                  </form>
-                             </div>
-                        {% else %}
-                            <svg class="item-icon file" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 384 512"><path d="M64 0C28.7 0 0 28.7 0 64V448c0 35.3 28.7 64 64 64H320c35.3 0 64-28.7 64-64V160H256c-17.7 0-32-14.3-32-32V0H64zM256 0V128H384L256 0z"/></svg>
-                            <p class="item-name">{{ item.name }}</p>
-                            <div class="item-actions">
-                                 <a href="{{ url_for('download_item', item_path=item.path) }}" class="btn download-btn">Скачать</a>
-                                <form method="POST" action="{{ url_for('delete_item', item_path=item.path) }}" onsubmit="return confirm('Вы уверены, что хотите удалить файл {{ item.name }}?');">
-                                     <button type="submit" class="btn delete-btn">Удалить</button>
-                                </form>
-                            </div>
-                        {% endif %}
-                        <p style="font-size: 0.8em; color: #888;">{{ item.upload_date }}</p>
-                    </div>
-                {% endif %}
-            {% endfor %}
-            {% if not items_in_current_folder %}
+                    {% elif item.type == 'file' %}
+                         <div class="item-preview" onclick="openModal('{{ url_for('get_hf_url', storage_path=item.storage_path) }}', '{{ item.file_type }}', '{{ item.original_filename }}')">
+                             {% if item.file_type == 'image' %}
+                                 <img src="{{ url_for('get_hf_url', storage_path=item.storage_path) }}" alt="{{ item.original_filename }}" loading="lazy" style="width:100%; height:100%; object-fit: cover;">
+                             {% elif item.file_type == 'video' %}
+                                 <i class="fas fa-film"></i>
+                             {% elif item.file_type == 'pdf' %}
+                                 <i class="fas fa-file-pdf"></i>
+                             {% elif item.file_type == 'text' %}
+                                 <i class="fas fa-file-alt"></i>
+                             {% else %}
+                                 <i class="fas fa-file"></i>
+                             {% endif %}
+                         </div>
+                         <p title="{{ item.original_filename }}"><strong>{{ item.original_filename | truncate(25) }}</strong></p>
+                         <p><small>Тип: {{ item.file_type }} | {{ item.upload_date }}</small></p>
+                        <div class="item-actions">
+                            <a href="{{ url_for('download_file', storage_path=item.storage_path, filename=item.original_filename) }}" class="btn download-btn">Скачать</a>
+                             <form method="POST" action="{{ url_for('delete_item') }}" style="display:inline;" onsubmit="return confirm('Удалить файл \'{{ item.original_filename }}\'?');">
+                                <input type="hidden" name="item_path" value="{{ current_path + item.original_filename }}">
+                                <button type="submit" class="btn delete-btn">Удалить</button>
+                            </form>
+                        </div>
+                    {% endif %}
+                </div>
+            {% else %}
                 <p>Эта папка пуста.</p>
-            {% endif %}
+            {% endfor %}
         </div>
 
-        <h2 style="margin-top: 30px;">Добавить на главный экран</h2>
-        <p>Для быстрого доступа к Zeus Cloud, вы можете добавить это приложение на главный экран вашего телефона:</p>
-        <div style="margin-top: 10px;">
-            <h3>Для пользователей Android:</h3>
-            <ol>
-                <li>Откройте Zeus Cloud в браузере Chrome.</li>
-                <li>Нажмите на меню браузера (обычно три точки вверху справа).</li>
-                <li>Выберите <strong>"Добавить на главный экран"</strong>.</li>
-                <li>Подтвердите добавление, и иконка приложения появится на вашем главном экране.</li>
-            </ol>
+        <div style="margin-top: 40px; border-top: 1px solid #eee; padding-top: 20px;">
+         <h2>Добавить на главный экран</h2>
+            <p>Для быстрого доступа к Zeus Cloud V2, добавьте приложе��ие на главный экран:</p>
+            <ul style="margin-top: 10px; list-style: disc; margin-left: 20px;">
+                <li><strong>Android (Chrome):</strong> Меню (три точки) -> "Установить приложение" или "Добавить на главный экран".</li>
+                <li><strong>iOS (Safari):</strong> Кнопка "Поделиться" (квадрат со стрелкой) -> "На экран «Домой»".</li>
+            </ul>
         </div>
-        <div style="margin-top: 10px;">
-            <h3>Для пользователей iOS (iPhone/iPad):</h3>
-            <ol>
-                <li>Откройте Zeus Cloud в браузере Safari.</li>
-                <li>Нажмите кнопку <strong>"Поделиться"</strong> (квадрат со стрелкой вверх) в нижней части экрана.</li>
-                <li>Прокрутите список опций вниз и выберите <strong>"Добавить на экран «Домой»"</strong>.</li>
-                <li>В правом верхнем углу нажмите <strong>"Добавить"</strong>. Иконка приложения появится на вашем главном экране.</li>
-            </ol>
-        </div>
-
-        <a href="{{ url_for('logout') }}" class="btn" style="margin-top: 20px;" id="logout-btn">Выйти</a>
     </div>
 
-    <div class="modal" id="mediaModal" onclick="closeModal(event)">
-        <div class="modal-content" id="modalContent"></div>
-    </div>
-
-    <div class="modal" id="createFolderModal">
+    <div class="modal" id="mediaModal">
         <div class="modal-content">
-            <h2>Создать новую папку</h2>
-            <form id="create-folder-form" method="POST" action="{{ url_for('create_folder') }}">
-                <input type="text" name="folder_name" placeholder="Введите имя папки" required>
-                <input type="hidden" name="current_path" value="{{ current_path }}">
-                <button type="submit" class="btn">Создать</button>
-                 <button type="button" class="btn" onclick="closeCreateFolderModal()" style="background-color: #6c757d;">Отмена</button>
-            </form>
+            <span class="modal-close" onclick="closeModal()">×</span>
+            <div id="modalBody"></div>
         </div>
     </div>
 
     <script>
-        const HF_REPO_ID = "{{ repo_id }}";
-        const HF_TOKEN_READ = "{{ os.getenv('HF_TOKEN_READ') or os.getenv('HF_TOKEN') }}"; // Pass token if available
-
-        function getFileUrl(uniquePath) {
-            let url = `https://huggingface.co/datasets/${HF_REPO_ID}/resolve/main/${uniquePath}`;
-            if (HF_TOKEN_READ) {
-                url += `?token=${HF_TOKEN_READ}`;
-            }
-             // Add download=true for media preview if needed for auth, but resolve usually handles it
-             // url += '&download=true'; // May be needed depending on HF setup
-            return url;
+        const repoId = "{{ repo_id }}";
+        const hfTokenRead = "{{ hf_token_read if hf_token_read else '' }}"; // Pass token if exists
+
+        function getFileUrl(storagePath) {
+             // Construct the URL for accessing the file on Hugging Face Hub
+             // Use 'resolve' for direct access, potentially adding download=true if needed
+             let baseUrl = `https://huggingface.co/datasets/${repoId}/resolve/main/${storagePath}`;
+             // For private repos, direct access might need token auth or use download link
+             // For simplicity, we'll use the base resolve URL. Downloads handle auth separately.
+             return baseUrl;
         }
 
-        async function openModal(itemUniquePath, itemPreviewType) {
+        function openModal(fileUrl, fileType, fileName) {
             const modal = document.getElementById('mediaModal');
-            const modalContent = document.getElementById('modalContent');
-            modalContent.innerHTML = ''; // Clear previous content
-            const fileUrl = getFileUrl(itemUniquePath);
-
-            if (itemPreviewType === 'image') {
-                modalContent.innerHTML = `<img src="${fileUrl}" alt="Preview">`;
-            } else if (itemPreviewType === 'video') {
-                modalContent.innerHTML = `<video controls autoplay><source src="${fileUrl}" type="video/mp4"></video>`; // Assume mp4 is playable
-            } else if (itemPreviewType === 'pdf') {
-                 // Using iframe directly to HF URL works well for PDFs
-                 modalContent.innerHTML = `<iframe src="${fileUrl}" style="width: 100%; height: 80vh; border: none;"></iframe>`;
-            } else if (itemPreviewType === 'txt') {
-                 // Fetch text content to display in pre tag
-                 try {
-                     const response = await fetch(fileUrl);
-                     if (!response.ok) throw new Error('Failed to fetch text file');
-                     const textContent = await response.text();
-                     modalContent.innerHTML = `<pre>${textContent}</pre>`;
-                 } catch (error) {
-                     console.error("Error fetching text file:", error);
-                     modalContent.innerHTML = `<p>Не удалось загрузить текстовый файл для предпросмотра.</p><p>${error.message}</p>`;
-                 }
+            const modalBody = document.getElementById('modalBody');
+            modalBody.innerHTML = ''; // Clear previous content
+
+            let content = '';
+            const authenticatedUrl = fileUrl; // URL already points to flask endpoint which handles auth
+
+            if (fileType === 'image') {
+                content = `<img src="${authenticatedUrl}" alt="${fileName}">`;
+            } else if (fileType === 'video') {
+                content = `<video controls autoplay style="max-width:100%; max-height: 80vh;"><source src="${authenticatedUrl}" type="video/mp4">Your browser does not support the video tag.</video>`; // Basic type, might need adjustment
+            } else if (fileType === 'pdf') {
+                // Use iframe for better browser compatibility
+                content = `<iframe src="${authenticatedUrl}" style="width: 80vw; height: 80vh; border: none;"></iframe>`;
+                 // Alternatively, embed:
+                 // content = `<embed src="${authenticatedUrl}" type="application/pdf" style="width: 80vw; height: 80vh;">`;
+            } else if (fileType === 'text') {
+                 content = `<p>Загрузка текстового файла...</p><pre id="textContent"></pre>`;
+                 fetch(authenticatedUrl)
+                    .then(response => {
+                        if (!response.ok) throw new Error('Network response was not ok: ' + response.statusText);
+                        return response.text();
+                    })
+                    .then(text => {
+                        const preElement = document.getElementById('textContent');
+                        if (preElement) {
+                             // Sanitize text slightly (basic example, consider a library for robust sanitization)
+                             const safeText = text.replace(/</g, "<").replace(/>/g, ">");
+                             preElement.textContent = safeText;
+                             modalBody.querySelector('p').style.display = 'none'; // Hide loading message
+                        }
+                    })
+                    .catch(error => {
+                         console.error('Error fetching text file:', error);
+                         const preElement = document.getElementById('textContent');
+                         if (preElement) {
+                            preElement.textContent = 'Не удалось загрузить файл: ' + error.message;
+                         } else {
+                             modalBody.innerHTML = '<p>Ошибка загрузки файла.</p>';
+                         }
+                    });
+
             } else {
-                // No preview available for other types
-                modalContent.innerHTML = `<p>Предпросмотр недоступен для этого типа файла.</p>`;
+                content = `<p>Предпросмотр для типа файла '${fileType}' не поддерживается.</p><p><a href="{{ url_for('download_file', storage_path='${fileUrl.split('/').slice(-3).join('/')}', filename='${fileName}') }}" class="btn download-btn">Скачать файл</a></p>`;
             }
 
-            modal.style.display = 'flex';
+             modalBody.innerHTML = content;
+             modal.style.display = 'flex';
+
         }
 
-        function closeModal(event) {
+        function closeModal() {
             const modal = document.getElementById('mediaModal');
-             // Close only if clicking the background or an explicit close button (if added)
-             // Adding check for modal-content prevents closing when clicking inside the content itself
-             const modalContent = document.getElementById('modalContent');
-             if (event.target === modal || !modalContent.contains(event.target)) {
-                 modal.style.display = 'none';
-                 // Pause video if playing
-                 const video = modal.querySelector('video');
-                 if (video) {
-                    video.pause();
-                 }
-                 modalContent.innerHTML = ''; // Clear content
+            const video = modal.querySelector('video');
+            if (video) {
+                video.pause();
+                video.src = ''; // Stop loading
             }
+            const iframe = modal.querySelector('iframe');
+            if (iframe) {
+                 iframe.src = 'about:blank';
+            }
+             modal.style.display = 'none';
+             document.getElementById('modalBody').innerHTML = ''; // Clear content
         }
 
-        function showCreateFolderModal() {
-            document.getElementById('createFolderModal').style.display = 'flex';
-        }
-
-        function closeCreateFolderModal() {
-            document.getElementById('createFolderModal').style.display = 'none';
-        }
+        // Close modal on clicking background
+         document.getElementById('mediaModal').addEventListener('click', function(event) {
+             if (event.target === this) {
+                 closeModal();
+             }
+         });
+         // Close modal on Escape key
+         document.addEventListener('keydown', function(event) {
+             if (event.key === "Escape") {
+                 closeModal();
+             }
+         });
 
 
         const form = document.getElementById('upload-form');
         const progressBar = document.getElementById('progress-bar');
         const progressContainer = document.getElementById('progress-container');
         const uploadBtn = document.getElementById('upload-btn');
+        const fileInput = document.getElementById('file-input');
+        const selectedFilesSpan = document.getElementById('selected-files');
+
+        fileInput.addEventListener('change', () => {
+            const files = fileInput.files;
+             if (files.length > 0) {
+                 selectedFilesSpan.textContent = `Выбрано файлов: ${files.length}`;
+                 uploadBtn.disabled = false; // Enable upload button
+             } else {
+                 selectedFilesSpan.textContent = '';
+                 uploadBtn.disabled = true;
+             }
+         });
+
+        // Disable upload button initially
+        uploadBtn.disabled = true;
+
 
         form.addEventListener('submit', function(e) {
             e.preventDefault();
-            const files = form.querySelector('input[type="file"]').files;
-            if (files.length > 20) {
-                alert('Максимум 20 файлов за раз!');
-                return;
-            }
+            const files = fileInput.files;
             if (files.length === 0) {
-                 alert('Пожалуйста, выберите файлы для загрузки.');
+                 flashMessage('Пожалуйста, выберите файлы для загрузки.', 'info');
                  return;
             }
+             if (files.length > 20) { // Limit simultaneous uploads
+                 flashMessage('Можно загрузить максимум 20 файлов за раз!', 'error');
+                 return;
+             }
 
             const formData = new FormData(form);
             progressContainer.style.display = 'block';
             progressBar.style.width = '0%';
-            uploadBtn.disabled = true; // Disable button during upload
+            uploadBtn.disabled = true;
+            fileInput.disabled = true; // Prevent changing files during upload
 
             const xhr = new XMLHttpRequest();
-            // Use the current page URL for submission, which is /dashboard with path arg
             xhr.open('POST', form.action, true);
+            xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest'); // Identify as AJAX
 
             xhr.upload.onprogress = function(event) {
                 if (event.lengthComputable) {
@@ -956,671 +828,745 @@ def dashboard():
 
             xhr.onload = function() {
                 uploadBtn.disabled = false;
+                 fileInput.disabled = false;
                  progressContainer.style.display = 'none';
                  progressBar.style.width = '0%';
-                if (xhr.status === 200) {
-                     // Reload page to show updated file list
-                    location.reload();
-                } else {
-                    // Handle server-side errors
-                    alert('Ошибка загрузки!');
+                 selectedFilesSpan.textContent = ''; // Clear selection text
+                 fileInput.value = ''; // Clear the file input
+
+                 if (xhr.status >= 200 && xhr.status < 300) {
+                    try {
+                        const response = JSON.parse(xhr.responseText);
+                         if(response.status === 'success') {
+                             // Reload the page to show new files/folders
+                             window.location.reload();
+                             // Optionally, update the list dynamically instead of reloading
+                         } else {
+                            flashMessage(response.message || 'Ошибка загрузки.', 'error');
+                         }
+                    } catch (e) {
+                        flashMessage('Ошибка ответа сервера.', 'error');
+                         console.error("Parse error:", e, xhr.responseText);
+                    }
+                 } else {
+                     flashMessage(`Ошибка загрузки: ${xhr.statusText}`, 'error');
                  }
             };
 
             xhr.onerror = function() {
-                alert('Ошибка соединения!');
+                flashMessage('Ошибка ��ети при загрузке!', 'error');
                 progressContainer.style.display = 'none';
                 progressBar.style.width = '0%';
                 uploadBtn.disabled = false;
+                fileInput.disabled = false;
             };
 
             xhr.send(formData);
         });
 
+        // Logout confirmation or just direct logout
         document.getElementById('logout-btn').addEventListener('click', function(e) {
-            e.preventDefault();
-            localStorage.removeItem('zeusCredentials');
-            window.location.href = '/logout';
+            // Optional: add confirmation prompt
+            // if (!confirm('Вы уверены, что хотите выйти?')) {
+            //     e.preventDefault();
+            // } else {
+                 // localStorage.removeItem('zeusCredentials'); // Clear saved creds if using auto-login
+            // }
+            // No need for prevention, just let the link work
         });
 
-        // Allow clicking anywhere on folder item to navigate
-        document.querySelectorAll('.folder-item').forEach(item => {
-            item.addEventListener('click', function(e) {
-                // Prevent click on actions inside the folder item from triggering navigation
-                if (!e.target.closest('.item-actions') && !e.target.closest('button')) {
-                     window.location.href = item.onclick.toString().match(/window.location.href='([^']+)'/)[1];
-                }
-            });
-        });
+        // Helper to add flash messages dynamically
+         function flashMessage(message, category = 'info') {
+             const flashContainer = document.createElement('div');
+             // Assuming you have a container with id="dynamic-flash-messages" or similar
+             // For now, just alerting
+             alert(`${category.toUpperCase()}: ${message}`);
+             // TODO: Implement dynamic insertion into the DOM
+         }
 
     </script>
 </body>
 </html>
 '''
-    # Calculate parent path for 'Back' button
-    parent_path = '/'.join(current_path.rstrip('/').split('/')[:-1]) + '/'
-    if parent_path == 'cloud_files/': # Avoid going above user root
-         parent_path = f'cloud_files/{username}/'
+    return render_template_string(html, username=username, items=items,
+                                  current_node=current_node, current_path=folder_path,
+                                  breadcrumbs=breadcrumbs, repo_id=REPO_ID, hf_token_read=HF_TOKEN_READ)
 
-    return render_template_string(html, username=username, items_in_current_folder=items_in_current_folder, repo_id=REPO_ID, os=os, current_path=current_path, breadcrumb=breadcrumb, parent_path=parent_path)
 
-@app.route('/create_folder', methods=['POST'])
-def create_folder():
+@app.route('/upload', methods=['POST'])
+def upload_files():
     if 'username' not in session:
-        flash('Пожалуйста, войдите в систему!')
-        return redirect(url_for('login'))
+        return jsonify({'status': 'error', 'message': 'Не авторизован'}), 401
 
     username = session['username']
     data = load_data()
-    if username not in data['users']:
-        session.pop('username', None)
-        flash('Пользователь не найден!')
-        return redirect(url_for('login'))
+    if username not in data.get('users', {}):
+        return jsonify({'status': 'error', 'message': 'Пользователь не найден'}), 403
 
     user_data = data['users'][username]
-    folder_name = request.form.get('folder_name')
-    current_path = request.form.get('current_path', f'cloud_files/{username}/')
+    current_path_str = request.form.get('current_path', '/')
+    current_path_str = '/' + current_path_str.strip('/')
+    if current_path_str != '/':
+        current_path_str += '/'
 
-    # Validate path and folder name
-    if not current_path.startswith(f'cloud_files/{username}/'):
-         flash('Неверный путь!')
-         return redirect(url_for('dashboard', path=f'cloud_files/{username}/'))
-
-    if not folder_name:
-        flash('Имя папки не может быть пустым!')
-        return redirect(url_for('dashboard', path=current_path))
-
-    sanitized_folder_name = secure_filename(folder_name)
-    if not sanitized_folder_name:
-         flash('Недопустимое имя папки!')
-         return redirect(url_for('dashboard', path=current_path))
-
-    # Construct the full path for the new folder
-    new_folder_path = os.path.join(current_path, sanitized_folder_name).replace('\\', '/') + '/'
-
-    # Check if an item with the same path already exists
-    if any(item.get('path') == new_folder_path or item.get('name') == sanitized_folder_name and item.get('parent_path') == current_path for item in user_data.get('items', [])):
-        flash(f'Папка или файл с именем "{sanitized_folder_name}" уже существует в этой директории.')
-        return redirect(url_for('dashboard', path=current_path))
-
-
-    # Add the new folder item to the user's items list
-    folder_item = {
-        'type': 'folder',
-        'name': sanitized_folder_name,
-        'path': new_folder_path, # Store the full path as its identifier
-        'parent_path': current_path,
-        'created_at': datetime.now().strftime('%Y-%m-%d %H:%M:%S')
-    }
-    user_data['items'].append(folder_item)
+    parent_node = get_node_by_path(user_data, current_path_str)
+    if not parent_node or parent_node.get('type') != 'folder':
+        return jsonify({'status': 'error', 'message': 'Целевая папка не найдена'}), 404
 
-    try:
-        save_data(data)
-        flash(f'Папка "{sanitized_folder_name}" успешно создана!')
-    except Exception as e:
-        flash('Ошибка при создании папки.')
+    files = request.files.getlist('files')
+    if not files or all(not f.filename for f in files):
+         return jsonify({'status': 'error', 'message': 'Файлы не выбраны'}), 400
 
-    return redirect(url_for('dashboard', path=current_path))
+    if len(files) > 20:
+         return jsonify({'status': 'error', 'message': 'Максимум 20 файлов за раз'}), 400
 
 
-@app.route('/delete_item/<path:item_path>', methods=['POST'])
-def delete_item(item_path):
-    if 'username' not in session:
-        flash('Пожалуйста, войдите в систему!')
-        return redirect(url_for('login'))
-
-    username = session['username']
-    data = load_data()
-    if username not in data['users']:
-        session.pop('username', None)
-        flash('Пользователь не найден!')
-        return redirect(url_for('login'))
+    if not HF_TOKEN_WRITE:
+        return jsonify({'status': 'error', 'message': 'Ошибка конфигурации сервера: отсутствует токен для записи'}), 500
 
-    user_data = data['users'][username]
-    item_to_delete = get_item_by_path(user_data, item_path)
+    os.makedirs(UPLOADS_DIR, exist_ok=True)
+    api = HfApi()
+    uploaded_files_info = []
+    errors = []
+    save_needed = False
 
-    if not item_to_delete:
-        flash('Элемент (файл или папка) не найден!')
-        # Try to determine a plausible parent path to redirect back to
-        parent_path_guess = os.path.dirname(item_path.rstrip('/')).replace('\\', '/') + '/'
-        if not parent_path_guess.startswith(f'cloud_files/{username}/'):
-             parent_path_guess = f'cloud_files/{username}/'
-        return redirect(url_for('dashboard', path=parent_path_guess))
+    for file in files:
+        if file and file.filename:
+            original_filename = secure_filename(file.filename)
+            unique_id = uuid.uuid4().hex[:12] # Shorter unique ID
+            storage_filename = f"{unique_id}_{original_filename}"
 
+            # Determine full path on HF Hub including folders
+            hf_folder_path = Path(CLOUD_BASE_FOLDER) / username / current_path_str.strip('/')
+            hf_full_path = hf_folder_path / storage_filename
+            hf_path_str = hf_full_path.as_posix() # Use posix paths for HF
 
-    parent_path_after_delete = item_to_delete.get('parent_path', f'cloud_files/{username}/')
+            # Check for name collision in current directory JSON (original name)
+            if original_filename in parent_node.get('children', {}):
+                 errors.append(f"Файл '{original_filename}' уже существует в этой папке.")
+                 continue # Skip this file
 
-    try:
-        api = HfApi()
+            temp_local_path = os.path.join(UPLOADS_DIR, storage_filename)
 
-        if item_to_delete['type'] == 'file':
-            hf_path = item_to_delete['unique_path']
-            api.delete_file(
-                path_in_repo=hf_path,
-                repo_id=REPO_ID,
-                repo_type="dataset",
-                token=HF_TOKEN_WRITE,
-                commit_message=f"Deleted file {item_to_delete['name']} for {username}"
-            )
-            # Remove the file item from the list
-            user_data['items'] = [item for item in user_data['items'] if item.get('unique_path') != item_path]
-            flash(f"Файл '{item_to_delete['name']}' успешно удален!")
-
-        elif item_to_delete['type'] == 'folder':
-            # Find all files within this folder and its subfolders
-            files_to_delete_blobs = get_all_descendant_files(user_data, item_to_delete['path'])
-            
-            # Attempt to delete the folder structure on HF by deleting all files first
-            deleted_blob_count = 0
-            for file_item in files_to_delete_blobs:
-                 try:
-                      api.delete_file(
-                          path_in_repo=file_item['unique_path'],
-                          repo_id=REPO_ID,
-                          repo_type="dataset",
-                          token=HF_TOKEN_WRITE
-                      )
-                      deleted_blob_count += 1
-                 except Exception as file_delete_error:
-                      logging.error(f"Error deleting blob {file_item['unique_path']} during folder delete: {file_delete_error}")
-                      # Continue attempting to delete other files
-
-            # Try deleting the folder path itself on HF (might not do anything if empty)
             try:
-                api.delete_folder(
-                    folder_path=item_to_delete['path'].rstrip('/'), # HF API might expect path without trailing slash
+                file.save(temp_local_path)
+
+                api.upload_file(
+                    path_or_fileobj=temp_local_path,
+                    path_in_repo=hf_path_str,
                     repo_id=REPO_ID,
                     repo_type="dataset",
                     token=HF_TOKEN_WRITE,
-                     commit_message=f"Deleted folder {item_to_delete['name']} for {username} and its contents"
+                    commit_message=f"User {username} uploaded {original_filename} to {current_path_str}"
                 )
-            except Exception as folder_delete_error:
-                 logging.warning(f"Could not delete folder path {item_to_delete['path']} on HF, likely already empty or API limitation: {folder_delete_error}")
 
+                file_info = {
+                    'type': 'file',
+                    'name': original_filename, # Key in children dict
+                    'original_filename': original_filename, # For display
+                    'storage_path': hf_path_str, # Unique path on HF
+                    'upload_date': datetime.now().strftime('%Y-%m-%d %H:%M:%S')
+                }
 
-            # Remove the folder item and all its descendants from the items list
-            folder_prefix = item_to_delete['path']
-            user_data['items'] = [item for item in user_data['items'] if not (
-                 item.get('path', '').startswith(folder_prefix) or # Delete descendant folders
-                 item.get('unique_path', '').startswith(folder_prefix) or # Delete descendant files
-                 item.get('path') == item_path # Delete the folder itself
-            )]
+                # Add to JSON structure
+                if add_node(user_data, current_path_str, file_info):
+                    uploaded_files_info.append(original_filename)
+                    save_needed = True
+                else:
+                    # This case should be rare due to check above, but handle defensively
+                    errors.append(f"Не удалось добавить '{original_filename}' в структуру данных.")
+                    # Consider deleting the uploaded file from HF if JSON add fails
+                    try:
+                         api.delete_file(path_in_repo=hf_path_str, repo_id=REPO_ID, repo_type="dataset", token=HF_TOKEN_WRITE)
+                         logging.warning(f"Rolled back HF upload for {hf_path_str} due to JSON add failure.")
+                    except Exception as del_e:
+                         logging.error(f"Failed to rollback HF upload for {hf_path_str}: {del_e}")
+
+
+            except Exception as e:
+                logging.error(f"Error uploading file {original_filename}: {e}")
+                errors.append(f"Ошибка при загрузке файла '{original_filename}'.")
+            finally:
+                 # Clean up local temp file
+                if os.path.exists(temp_local_path):
+                    try:
+                        os.remove(temp_local_path)
+                    except Exception as e:
+                        logging.warning(f"Could not remove temp file {temp_local_path}: {e}")
+
+    if save_needed:
+        try:
+            save_data(data)
+        except Exception as e:
+            errors.append("Критическая ошибка: не удалось сохранить изменения.")
+            # This is bad, state might be inconsistent
+            return jsonify({'status': 'error', 'message': "Ошибка сохранения данных. " + "; ".join(errors)}), 500
+
+
+    if not errors:
+        return jsonify({'status': 'success', 'message': f'Файлы успешно загружены: {", ".join(uploaded_files_info)}'})
+    elif uploaded_files_info: # Partial success
+        return jsonify({'status': 'partial', 'message': f'Загружено: {", ".join(uploaded_files_info)}. Ошибки: {"; ".join(errors)}'})
+    else: # Complete failure
+        return jsonify({'status': 'error', 'message': "; ".join(errors)}), 400
 
-            flash(f"Папка '{item_to_delete['name']}' и ее содержимое успешно удалены! ({deleted_blob_count} файлов удалено из хранилища)")
 
+@app.route('/create_folder', methods=['POST'])
+def create_folder():
+    if 'username' not in session:
+        return jsonify({'status': 'error', 'message': 'Не авторизован'}), 401
 
-        save_data(data)
+    username = session['username']
+    data = load_data()
+    if username not in data.get('users', {}):
+        return jsonify({'status': 'error', 'message': 'Пользователь не найден'}), 403
 
-    except Exception as e:
-        logging.error(f"Error deleting item {item_path}: {e}")
-        flash('Ошибка при удалении элемента!')
+    user_data = data['users'][username]
+    current_path_str = request.form.get('current_path', '/')
+    folder_name = request.form.get('folder_name', '').strip()
+
+    # Basic validation
+    if not folder_name:
+        flash('Имя папки не может быть пустым!', 'error')
+        return redirect(url_for('dashboard', folder_path=current_path_str))
+    if not folder_name.replace('.', '').replace('_', '').replace('-', '').isalnum():
+         flash('Имя папки может содержать только буквы, цифры, точки, дефисы и подчеркивания!', 'error')
+         return redirect(url_for('dashboard', folder_path=current_path_str))
+    if folder_name in ['.', '..']:
+        flash('Недопустимое имя папки.', 'error')
+        return redirect(url_for('dashboard', folder_path=current_path_str))
+
+
+    folder_name = secure_filename(folder_name) # Sanitize further
+
+    new_folder_data = {
+        "type": "folder",
+        "name": folder_name,
+        "children": {}
+    }
+
+    if add_node(user_data, current_path_str, new_folder_data):
+        try:
+            save_data(data)
+            flash(f'Папка "{folder_name}" успешно создана.', 'success')
+        except Exception as e:
+            flash('Ошибка при сохранении данных.', 'error')
+            # Attempt to revert the change in memory? Difficult.
+    else:
+        flash(f'Папка "{folder_name}" уже существует или произошла ошибка.', 'error')
 
-    return redirect(url_for('dashboard', path=parent_path_after_delete))
+    return redirect(url_for('dashboard', folder_path=current_path_str))
 
 
-@app.route('/download_item/<path:item_path>')
-def download_item(item_path):
+@app.route('/delete_item', methods=['POST'])
+def delete_item():
     if 'username' not in session:
-        flash('Пожалуйста, войдите в систему!')
+        flash('Пожалуйста, войдите в систему!', 'info')
         return redirect(url_for('login'))
 
     username = session['username']
     data = load_data()
-    if username not in data['users']:
+    if username not in data.get('users', {}):
         session.pop('username', None)
-        flash('Пользователь не найден!')
+        flash('Пользователь не найден!', 'error')
         return redirect(url_for('login'))
 
+    item_path_str = request.form.get('item_path', '').strip()
+    if not item_path_str:
+        flash('Не указан путь к элементу для удаления.', 'error')
+        return redirect(url_for('dashboard'))
+
     user_data = data['users'][username]
-    item = get_item_by_path(user_data, item_path)
-
-    # Admins can download any file via their panel, which will use this route.
-    # Check if the item belongs to the logged-in user, unless this request came from the admin panel.
-    # The referrer check is weak, a better way is to pass an 'is_admin' flag or use a separate route.
-    # Sticking to referrer check for minimal change relative to original logic.
-    is_admin_request = request.referrer and '/admhosto/user/' in request.referrer
-
-    if not item or item['type'] != 'file':
-        flash('Элемент не найден или не является файлом!')
-        # Redirect back to dashboard or admin page based on referrer
-        if is_admin_request:
-            # Try to guess username from item_path (format cloud_files/username/...)
-            try:
-                 admin_user = item_path.split('/')[1]
-                 return redirect(url_for('admin_user_files', username=admin_user))
-            except IndexError:
-                 return redirect(url_for('admin_panel'))
-        else:
-            # Try to determine a plausible parent path to redirect back to
-            parent_path_guess = os.path.dirname(item_path.rstrip('/')).replace('\\', '/') + '/'
-            if not parent_path_guess.startswith(f'cloud_files/{username}/'):
-                 parent_path_guess = f'cloud_files/{username}/'
-            return redirect(url_for('dashboard', path=parent_path_guess))
+    api = HfApi() if HF_TOKEN_WRITE else None
+
+    if not api and get_node_by_path(user_data, item_path_str): # Need token to delete from HF
+        node_to_delete = get_node_by_path(user_data, item_path_str)
+        is_file = node_to_delete.get('type') == 'file' if node_to_delete else False
+        if is_file and node_to_delete.get('storage_path'):
+             flash('Ошибка конфигурации: невозможно удалить файл из облака без токена записи.', 'error')
+             # Redirect back to the containing folder
+             parent_path = '/'.join(item_path_str.strip('/').split('/')[:-1])
+             return redirect(url_for('dashboard', folder_path=parent_path))
+        elif node_to_delete and node_to_delete.get('type') == 'folder':
+            # Allow deleting empty folder structure from JSON even without token? Risky.
+            # For now, require token for all deletes involving potential cloud objects.
+            flash('Ошибка конфигурации: невозможно удалить папку из облака без токена записи.', 'error')
+            parent_path = '/'.join(item_path_str.strip('/').split('/')[:-1])
+            return redirect(url_for('dashboard', folder_path=parent_path))
+
+
+    # Call recursive delete helper
+    deleted, message = delete_node_recursive(user_data, item_path_str, api, username)
+
+    if deleted:
+        try:
+            save_data(data)
+            flash(f'Элемент "{item_path_str.split("/")[-1]}" удален. {message}', 'success')
+        except Exception as e:
+            flash(f'Элемент удален из структуры, но произошла ошибка сохранения: {e}', 'error')
+            # State might be inconsistent
+    else:
+        flash(f'Ошибка удаления элемента "{item_path_str.split("/")[-1]}": {message}', 'error')
 
+    # Redirect back to the containing folder
+    parent_path = '/'.join(item_path_str.strip('/').split('/')[:-1])
+    return redirect(url_for('dashboard', folder_path=parent_path))
 
-    # Check if the file belongs to the logged-in user, unless it's an admin request
-    if not is_admin_request and item.get('parent_path', '').split('/')[1] != username:
-         flash('У вас нет доступа к этому файлу!')
-         return redirect(url_for('dashboard'))
 
-    hf_path = item['unique_path']
-    original_filename = item.get('original_filename', item.get('name', 'download')) # Use original or display name
+@app.route('/download/<path:storage_path>/<filename>')
+def download_file(storage_path, filename):
+    if 'username' not in session:
+        flash('Пожалуйста, войдите в систему!', 'info')
+        return redirect(url_for('login'))
+
+    username = session['username']
+    data = load_data()
+    user_data = data.get('users', {}).get(username)
+
+    if not user_data:
+        session.pop('username', None)
+        flash('Пользователь не найден!', 'error')
+        return redirect(url_for('login'))
 
-    file_url = f"https://huggingface.co/datasets/{REPO_ID}/resolve/main/{hf_path}?download=true"
+    # Verify the user actually owns this file via storage_path
+    # This requires searching the user's data structure.
+    # For simplicity here, we assume the path is correct if the user is logged in.
+    # A more secure check would traverse the user_data['root'] to find the storage_path.
+    # Example check (can be slow for large structures):
+    # file_found = False
+    # def find_file(node):
+    #    nonlocal file_found
+    #    if file_found: return
+    #    if node.get('type') == 'file' and node.get('storage_path') == storage_path:
+    #        file_found = True
+    #        return
+    #    if node.get('type') == 'folder':
+    #        for child in node.get('children', {}).values():
+    #            find_file(child)
+    # find_file(user_data['root'])
+    # if not file_found:
+    #     # Check if admin is trying to download (referer check is weak security)
+    #     is_admin_route = request.referrer and '/admhosto/' in request.referrer
+    #     if not is_admin_route:
+    #         flash('Доступ к файлу запрещен.', 'error')
+    #         # Redirect to user's root or previous page if possible
+    #         return redirect(url_for('dashboard'))
+    #     # If admin, allow proceed (admin authorization should be robust)
+
+    # If checks pass or are skipped:
+    file_url = f"https://huggingface.co/datasets/{REPO_ID}/resolve/main/{storage_path}?download=true"
     try:
         headers = {}
         if HF_TOKEN_READ:
             headers["authorization"] = f"Bearer {HF_TOKEN_READ}"
 
-        response = requests.get(file_url, headers=headers, stream=True)
+        response = requests.get(file_url, headers=headers, stream=True, timeout=60) # Add timeout
         response.raise_for_status()
 
-        file_content = BytesIO(response.content)
+        # Stream the download
         return send_file(
-            file_content,
+            BytesIO(response.content), # Consider streaming response.raw if files are large
             as_attachment=True,
-            download_name=original_filename,
+            download_name=filename, # Use the original filename for the user
             mimetype='application/octet-stream'
         )
     except requests.exceptions.RequestException as e:
-        logging.error(f"Error downloading file from HF: {e}")
-        flash('Ошибка скачивания файла!')
+        logging.error(f"Error downloading file from HF {storage_path}: {e}")
+        flash(f'Ошибка скачивания файла "{filename}".', 'error')
     except Exception as e:
-        logging.error(f"Unexpected error during download: {e}")
-        flash('Произошла непредвиденная ошибка при скачивании файла.')
+        logging.error(f"Unexpected error during download {storage_path}: {e}")
+        flash(f'Непредвиденная ошибка при скачивании файла "{filename}".', 'error')
+
+    # Redirect back to the likely folder view if download fails
+    folder_parts = storage_path.split('/')
+    # Assuming structure cloud_files/username/folder/../unique_file
+    if len(folder_parts) > 3:
+         referer_folder = '/'.join(folder_parts[2:-1]) # Extract folder path part
+         return redirect(url_for('dashboard', folder_path=referer_folder))
+    else:
+         return redirect(url_for('dashboard')) # Fallback to root
 
-    # Redirect back to dashboard or admin page
-    if is_admin_request:
-         try:
-             admin_user = item.get('parent_path', '').split('/')[1] # Get username from parent path
-             return redirect(url_for('admin_user_files', username=admin_user))
-         except IndexError:
-             return redirect(url_for('admin_panel'))
+
+@app.route('/hf_url/<path:storage_path>')
+def get_hf_url(storage_path):
+    """Provides a potentially authenticated URL for previews (images, videos, pdf)."""
+    if 'username' not in session:
+         return "Unauthorized", 401
+
+    # Basic check: ensure the user is logged in.
+    # More robust check: verify user owns storage_path (as in download_file).
+
+    base_url = f"https://huggingface.co/datasets/{REPO_ID}/resolve/main/{storage_path}"
+
+    # For private repos, direct linking might not work without extra steps
+    # or redirecting through the app which handles authentication.
+    # If repo is public or using token for access via JS isn't feasible/secure,
+    # we might need to proxy the content.
+
+    # Simple approach: Redirect to HF URL, relying on browser auth or public access.
+    # If using a read token, it needs to be handled client-side (potentially insecure)
+    # or server-side via proxying.
+
+    # Let's proxy for simplicity and security if a token is needed.
+    if HF_TOKEN_READ:
+        try:
+            headers = {"authorization": f"Bearer {HF_TOKEN_READ}"}
+            response = requests.get(base_url, headers=headers, stream=True, timeout=15)
+            response.raise_for_status()
+
+            # Stream the content back
+            return send_file(
+                 BytesIO(response.content), # Again, consider response.raw for large files
+                 mimetype=response.headers.get('Content-Type', 'application/octet-stream'),
+                 as_attachment=False # Display inline
+            )
+        except requests.exceptions.RequestException as e:
+            logging.error(f"Proxy error for {storage_path}: {e}")
+            return "Error fetching file", 500
+        except Exception as e:
+            logging.error(f"Unexpected proxy error for {storage_path}: {e}")
+            return "Server error", 500
     else:
-         return redirect(url_for('dashboard', path=item.get('parent_path', f'cloud_files/{username}/')))
+        # If no read token, assume public repo and redirect
+        return redirect(base_url)
 
 
 @app.route('/logout')
 def logout():
     session.pop('username', None)
+    flash('Вы успешно вышли из системы.', 'success')
+    # Client-side JS on login page should handle clearing localStorage if used
     return redirect(url_for('login'))
 
 
+# --- Admin Routes (Placeholder - Add Proper Admin Auth!) ---
+# WARNING: These routes currently lack proper authentication!
+# Implement robust admin checks (e.g., specific admin user, role, session flag).
+
+def is_admin():
+     # Placeholder: Implement real admin check here!
+     # return session.get('is_admin') == True
+     # For now, allow access if logged in (INSECURE!)
+     return 'username' in session
+
 @app.route('/admhosto')
 def admin_panel():
+    if not is_admin(): return redirect(url_for('login'))
     data = load_data()
-    users = data['users']
+    users = data.get('users', {})
+    user_list = []
+    for uname, udata in users.items():
+         file_count = 0
+         def count_files(node):
+             nonlocal file_count
+             if node.get('type') == 'file':
+                 file_count += 1
+             elif node.get('type') == 'folder':
+                 for child in node.get('children', {}).values():
+                     count_files(child)
+         count_files(udata.get('root', {}))
+         user_list.append({
+             'username': uname,
+             'created_at': udata.get('created_at', 'N/A'),
+             'file_count': file_count
+         })
 
     html = '''
-<!DOCTYPE html>
-<html lang="ru">
-<head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>Админ-панель - Zeus Cloud</title>
-    <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;800&display=swap" rel="stylesheet">
-    <style>''' + BASE_STYLE + '''</style>
-</head>
-<body>
-    <div class="container">
-        <h1>Админ-панель Zeus Cloud</h1>
-        <h2>Список пользователей</h2>
-        <div class="user-list">
-            {% for username, user_data in users.items() %}
-                <div class="user-item">
-                    <a href="{{ url_for('admin_user_files', username=username) }}">{{ username }}</a>
-                    <p>Дата регистрации: {{ user_data.get('created_at', 'N/A') }}</p>
-                    <p>Количество элементов: {{ user_data.get('items', []) | length }}</p>
-                     <form method="POST" action="{{ url_for('admin_delete_user', username=username) }}" style="display: inline; margin-left: 10px;" onsubmit="return confirm('Вы уверены, что хотите удалить пользователя {{ username }} и все его файлы? Это действие необратимо!');">
-                         <button type="submit" class="btn delete-btn" style="padding: 5px 10px; font-size: 0.9em;">Удалить</button>
-                     </form>
-                </div>
-            {% endfor %}
-            {% if not users %}
-                <p>Пользователей пока нет.</p>
-            {% endif %}
-        </div>
-        {% with messages = get_flashed_messages() %}
-          {% if messages %}
-            <div style="margin-top: 20px;">
-              {% for message in messages %}
-                <div class="flash">{{ message }}</div>
-              {% endfor %}
-            </div>
-          {% endif %}
-        {% endwith %}
-    </div>
-</body>
-</html>
+<!DOCTYPE html><html lang="ru"><head><meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>Админ-панель - Zeus Cloud V2</title>
+<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;800&display=swap" rel="stylesheet">
+<style>''' + BASE_STYLE + '''</style></head><body><div class="container"><h1>Админ-панель Zeus Cloud V2</h1>
+<h2>Список пользователей</h2><div class="user-list">
+{% for user in user_list %}
+<div class="user-item">
+    <a href="{{ url_for('admin_user_files', username=user.username) }}">{{ user.username }}</a>
+    <p>Дата регистрации: {{ user.created_at }} | Файлов: {{ user.file_count }}</p>
+    <form method="POST" action="{{ url_for('admin_delete_user', username=user.username) }}" style="display: inline; margin-left: 10px;" onsubmit="return confirm('УДАЛИТЬ пользователя {{ user.username }} и ВСЕ его файлы? НЕОБРАТИМО!');">
+        <button type="submit" class="btn delete-btn" style="padding: 5px 10px; font-size: 0.9em;">Удалить пользователя</button>
+    </form>
+</div>
+{% else %} <p>Пользователей пока нет.</p> {% endfor %}</div>
+{% with messages = get_flashed_messages(with_categories=true) %}
+{% if messages %}<div style="margin-top: 20px;">
+{% for category, message in messages %}<div class="flash {{ category }}">{{ message }}</div>{% endfor %}
+</div>{% endif %}{% endwith %}</div></body></html>
 '''
-    return render_template_string(html, users=users)
+    return render_template_string(html, user_list=user_list)
+
+@app.route('/admhosto/user/<username>/')
+@app.route('/admhosto/user/<username>/<path:folder_path>')
+def admin_user_files(username, folder_path='/'):
+    if not is_admin(): return redirect(url_for('login'))
 
-@app.route('/admhosto/user/<username>')
-def admin_user_files(username):
     data = load_data()
-    if username not in data['users']:
-        flash('Пользователь не найден!')
+    user_data = data.get('users', {}).get(username)
+    if not user_data:
+        flash(f'Пользователь "{username}" не найден!', 'error')
         return redirect(url_for('admin_panel'))
 
-    user_data = data['users'][username]
-    # For admin view, show all items flattened, maybe grouped later
-    # For simplicity, let's show them grouped by their parent path
-    
-    # Get items and group by parent path for a structured view
-    items = sorted(user_data.get('items', []), key=lambda x: (x.get('parent_path', ''), x.get('type') != 'folder', x.get('name', '').lower()))
+    folder_path = '/' + folder_path.strip('/')
+    if folder_path != '/' and not folder_path.endswith('/'):
+        folder_path += '/'
 
-    # Create a dictionary where keys are parent_paths and values are lists of items
-    items_by_folder = {}
-    root_path = f'cloud_files/{username}/'
-    items_by_folder[root_path] = [] # Ensure root is always present
+    current_node = get_node_by_path(user_data, folder_path)
+    if not current_node or current_node.get('type') != 'folder':
+        flash('Папка не найдена для этого пользователя!', 'error')
+        return redirect(url_for('admin_user_files', username=username)) # Redirect to user's root
 
-    for item in items:
-         parent = item.get('parent_path', root_path)
-         if parent not in items_by_folder:
-             items_by_folder[parent] = []
-         items_by_folder[parent].append(item)
+    items = []
+    children = current_node.get('children', {})
+    sorted_names = sorted(children.keys())
 
+    for name in sorted_names:
+         child = children[name]
+         if child.get('type') == 'folder':
+              items.append(child)
 
-    html = '''
-<!DOCTYPE html>
-<html lang="ru">
-<head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>Файлы пользователя {{ username }} - Zeus Cloud</title>
-    <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;800&display=swap" rel="stylesheet">
-    <style>''' + BASE_STYLE + '''</style>
-     <script src="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/js/all.min.js"></script>
-</head>
-<body>
-    <div class="container">
-        <h1>Файлы пользователя: {{ username }}</h1>
-        {% with messages = get_flashed_messages() %}
-            {% if messages %}
-                {% for message in messages %}
-                    <div class="flash">{{ message }}</div>
-                {% endfor %}
-            {% endif %}
-        {% endwith %}
+    for name in sorted_names:
+         child = children[name]
+         if child.get('type') == 'file':
+             child.setdefault('original_filename', name)
+             child.setdefault('storage_path', 'Unknown Path')
+             child.setdefault('upload_date', 'N/A')
+             child['file_type'] = get_file_type(child['original_filename'])
+             items.append(child)
 
-        {% if not items_by_folder %}
-             <p>У этого пользователя пока нет элементов.</p>
-        {% else %}
-             {% for parent_path, items_in_folder in items_by_folder.items() %}
-                  <h3 style="margin-top: 20px; margin-bottom: 10px;">
-                       Папка: {{ parent_path.replace('cloud_files/' + username + '/', '', 1) or '/' }}
-                  </h3>
-                  {% if not items_in_folder %}
-                       <p style="margin-left: 20px; color: #666;">(пусто)</p>
-                  {% else %}
-                       <div class="item-grid">
-                           {% for item in items_in_folder %}
-                               <div class="item-item">
-                                   {% if item.type == 'folder' %}
-                                        <svg class="item-icon folder" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 576 512"><path d="M384 128H192c-35.3 0-64 28.7-64 64V416c0 35.3 28.7 64 64 64H384c35.3 0 64-28.7 64-64V192c0-35.3-28.7-64-64-64zm-64-96C300.8 0 288 12.8 288 32V64H192c-52.9 0-96 43.1-96 96V416c0 52.9 43.1 96 96 96H384c52.9 0 96-43.1 96-96V160c0-52.9-43.1-96-96-96H320V32c0-19.2-12.8-32-32-32zM160 192c0-17.7 14.3-32 32-32H384c17.7 0 32 14.3 32 32v192c0 17.7-14.3 32-32 32H192c-17.7 0-32-14.3-32-32V192zM288 64V32h0 0c0-19.2 12.8-32 32-32s32 12.8 32 32V64h-64z"/></svg>
-                                        <p class="item-name">{{ item.name }}</p>
-                                         <div class="item-actions">
-                                            <form method="POST" action="{{ url_for('admin_delete_item', username=username, item_path=item.path) }}" onsubmit="return confirm('Удалить папку {{ item.name }} и все ее содержимое?');">
-                                                <button type="submit" class="btn delete-btn">Удалить папку</button>
-                                            </form>
-                                        </div>
-                                   {% elif item.type == 'file' %}
-                                       {% if item.preview_type == 'image' %}
-                                           <img class="item-preview" src="https://huggingface.co/datasets/{{ repo_id }}/resolve/main/{{ item.unique_path }}" alt="{{ item.name }}" loading="lazy" onclick="openModal('{{ item.unique_path }}', 'image')">
-                                       {% elif item.preview_type == 'video' %}
-                                           <video class="item-preview" preload="metadata" muted loading="lazy" onclick="openModal('{{ item.unique_path }}', 'video')">
-                                                <source src="https://huggingface.co/datasets/{{ repo_id }}/resolve/main/{{ item.unique_path }}" type="video/mp4">
-                                           </video>
-                                       {% elif item.preview_type == 'pdf' %}
-                                            <svg class="item-icon file" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 384 512"><path d="M0 64C0 28.7 28.7 0 64 0H224V128c0 17.7 14.3 32 32 32H384V448c0 35.3-28.7 64-64 64H64c-35.3 0-64-28.7-64-64V64zm384 64L256 0H64c-17.7 0-32 14.3-32 32V448c0 17.7 14.3 32 32 32H320c17.7 0 32-14.3 32-32V128z"/></svg>
-                                           <p class="item-name">{{ item.name }}</p>
-                                       {% elif item.preview_type == 'txt' %}
-                                            <svg class="item-icon file" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 384 512"><path d="M0 64C0 28.7 28.7 0 64 0H224V128c0 17.7 14.3 32 32 32H384V448c0 35.3-28.7 64-64 64H64c-35.3 0-64-28.7-64-64V64zm384 64L256 0H64c-17.7 0-32 14.3-32 32V448c0 17.7 14.3 32 32 32H320c17.7 0 32-14.3 32-32V128z"/></svg>
-                                           <p class="item-name">{{ item.name }}</p>
-                                       {% else %}
-                                           <svg class="item-icon file" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 384 512"><path d="M64 0C28.7 0 0 28.7 0 64V448c0 35.3 28.7 64 64 64H320c35.3 0 64-28.7 64-64V160H256c-17.7 0-32-14.3-32-32V0H64zM256 0V128H384L256 0z"/></svg>
-                                           <p class="item-name">{{ item.name }}</p>
-                                       {% endif %}
-                                       <p style="font-size: 0.8em; color: #888;">{{ item.upload_date }}</p>
-                                       <div class="item-actions">
-                                           {% if item.preview_type in ['pdf', 'txt'] %}
-                                                <button type="button" class="btn download-btn" onclick="openModal('{{ item.unique_path }}', '{{ item.preview_type }}')">Просмотр</button>
-                                           {% elif item.preview_type in ['image', 'video'] %}
-                                                 <!-- Preview triggered by clicking the image/video -->
-                                           {% endif %}
-                                            <a href="{{ url_for('download_item', item_path=item.path) }}" class="btn download-btn">Скачать</a>
-                                           <form method="POST" action="{{ url_for('admin_delete_item', username=username, item_path=item.path) }}" onsubmit="return confirm('Удалить файл {{ item.name }}?');">
-                                                <button type="submit" class="btn delete-btn">Удалить файл</button>
-                                           </form>
-                                       </div>
-                                   {% endif %}
-                               </div>
-                           {% endfor %}
-                       </div>
-                  {% endif %}
-             {% endfor %}
-        {% endif %}
+    breadcrumbs = [{'name': 'Корень', 'path': '/'}]
+    cumulative_path = '/'
+    for part in [p for p in folder_path.strip('/').split('/') if p]:
+        cumulative_path += part + '/'
+        breadcrumbs.append({'name': part, 'path': cumulative_path})
 
 
-        <a href="{{ url_for('admin_panel') }}" class="btn" style="margin-top: 20px;">Назад к списку пользователей</a>
-    </div>
-    <div class="modal" id="mediaModal" onclick="closeModal(event)">
-        <div class="modal-content" id="modalContent"></div>
+    html = '''
+<!DOCTYPE html><html lang="ru"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>Файлы пользователя {{ username }} - Zeus Cloud V2</title>
+<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;800&display=swap" rel="stylesheet">
+<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css">
+<style>''' + BASE_STYLE + '''</style></head><body><div class="container">
+<h1>Файлы пользователя: {{ username }}</h1>
+<a href="{{ url_for('admin_panel') }}" class="btn" style="margin-bottom: 15px;">Назад к списку</a>
+{% with messages = get_flashed_messages(with_categories=true) %}
+{% if messages %}{% for category, message in messages %}<div class="flash {{ category }}">{{ message }}</div>{% endfor %}{% endif %}{% endwith %}
+
+<div class="breadcrumbs">
+    {% for crumb in breadcrumbs %}
+        {% if not loop.last %}
+            <a href="{{ url_for('admin_user_files', username=username, folder_path=crumb.path) }}">{{ crumb.name }}</a><span>/</span>
+        {% else %}
+            <span>{{ crumb.name }}</span>
+        {% endif %}
+    {% endfor %}
+</div>
+
+<h2>Содержимое: {{ current_node.name }}</h2>
+<div class="file-grid">
+{% for item in items %}
+    <div class="item">
+    {% if item.type == 'folder' %}
+        <div class="item-icon folder-icon"><i class="fas fa-folder"></i></div>
+        <p><strong>{{ item.name }}</strong></p>
+        <div class="item-actions">
+            <a href="{{ url_for('admin_user_files', username=username, folder_path=current_path + item.name + '/') }}" class="btn folder-btn">Открыть</a>
+            <form method="POST" action="{{ url_for('admin_delete_item', username=username) }}" style="display:inline;" onsubmit="return confirm('АДМИН: Удалить папку \'{{ item.name }}\' и ВСЁ её содержимое?');">
+                <input type="hidden" name="item_path" value="{{ current_path + item.name }}">
+                <button type="submit" class="btn delete-btn">Удалить</button>
+            </form>
+        </div>
+    {% elif item.type == 'file' %}
+         <div class="item-preview" onclick="openModal('{{ url_for('get_hf_url', storage_path=item.storage_path) }}', '{{ item.file_type }}', '{{ item.original_filename }}')">
+             {% if item.file_type == 'image' %}
+                 <img src="{{ url_for('get_hf_url', storage_path=item.storage_path) }}" alt="{{ item.original_filename }}" loading="lazy" style="width:100%; height:100%; object-fit: cover;">
+             {% elif item.file_type == 'video' %}<i class="fas fa-film"></i>
+             {% elif item.file_type == 'pdf' %}<i class="fas fa-file-pdf"></i>
+             {% elif item.file_type == 'text' %}<i class="fas fa-file-alt"></i>
+             {% else %}<i class="fas fa-file"></i>{% endif %}
+         </div>
+         <p title="{{ item.original_filename }}"><strong>{{ item.original_filename | truncate(25) }}</strong></p>
+         <p><small>Тип: {{ item.file_type }} | {{ item.upload_date }}</small></p>
+         <p><small>Путь: {{ item.storage_path }}</small></p>
+        <div class="item-actions">
+            <a href="{{ url_for('download_file', storage_path=item.storage_path, filename=item.original_filename) }}" class="btn download-btn">Скачать</a>
+             <form method="POST" action="{{ url_for('admin_delete_item', username=username) }}" style="display:inline;" onsubmit="return confirm('АДМИН: Удалить файл \'{{ item.original_filename }}\'?');">
+                <input type="hidden" name="item_path" value="{{ current_path + item.original_filename }}">
+                <button type="submit" class="btn delete-btn">Удалить</button>
+            </form>
+        </div>
+    {% endif %}
     </div>
-     <script>
-        const HF_REPO_ID = "{{ repo_id }}";
-        const HF_TOKEN_READ = "{{ os.getenv('HF_TOKEN_READ') or os.getenv('HF_TOKEN') }}";
-
-        function getFileUrl(uniquePath) {
-            let url = `https://huggingface.co/datasets/${HF_REPO_ID}/resolve/main/${uniquePath}`;
-            if (HF_TOKEN_READ) {
-                url += `?token=${HF_TOKEN_READ}`;
-            }
-            return url;
-        }
+{% else %}<p>Папка пуста.</p>{% endfor %}
+</div></div>
+
+<div class="modal" id="mediaModal"><div class="modal-content">
+    <span class="modal-close" onclick="closeModal()">×</span>
+    <div id="modalBody"></div>
+</div></div>
+<script>
+    // Re-use modal JS from dashboard, ensure getFileUrl and token logic is available if needed
+    const repoId = "{{ repo_id }}";
+    const hfTokenRead = "{{ hf_token_read if hf_token_read else '' }}";
+
+    function getFileUrl(storagePath) { return `{{ url_for('get_hf_url', storage_path='STORAGE_PATH') }}`.replace('STORAGE_PATH', storagePath); }
+
+    function openModal(fileUrl, fileType, fileName) {
+        const modal = document.getElementById('mediaModal');
+        const modalBody = document.getElementById('modalBody'); modalBody.innerHTML = '';
+        let content = ''; const authenticatedUrl = fileUrl; // Already proxied or direct link via get_hf_url
+
+        if (fileType === 'image') content = `<img src="${authenticatedUrl}" alt="${fileName}">`;
+        else if (fileType === 'video') content = `<video controls autoplay style="max-width:100%; max-height: 80vh;"><source src="${authenticatedUrl}">Видео не поддерживается.</video>`;
+        else if (fileType === 'pdf') content = `<iframe src="${authenticatedUrl}" style="width: 80vw; height: 80vh; border: none;"></iframe>`;
+        else if (fileType === 'text') {
+            content = `<p>Загрузка...</p><pre id="textContent"></pre>`;
+            fetch(authenticatedUrl).then(response => { if (!response.ok) throw new Error('Network response error'); return response.text(); })
+            .then(text => { document.getElementById('textContent').textContent = text; modalBody.querySelector('p').style.display = 'none'; })
+            .catch(error => { document.getElementById('textContent').textContent = 'Не удалось загрузить файл: ' + error; });
+        } else content = `<p>Предпросмотр для '${fileType}' не поддерживается.</p>`;
+
+        modalBody.innerHTML = content; modal.style.display = 'flex';
+    }
+    function closeModal() {
+        const modal = document.getElementById('mediaModal'); const video = modal.querySelector('video'); if (video) video.pause();
+        modal.style.display = 'none'; document.getElementById('modalBody').innerHTML = '';
+    }
+    document.getElementById('mediaModal').addEventListener('click', function(event) { if (event.target === this) closeModal(); });
+    document.addEventListener('keydown', function(event) { if (event.key === "Escape") closeModal(); });
+</script>
+</body></html>
+'''
+    return render_template_string(html, username=username, items=items, current_node=current_node,
+                                  current_path=folder_path, breadcrumbs=breadcrumbs, repo_id=REPO_ID, hf_token_read=HF_TOKEN_READ)
 
-        async function openModal(itemUniquePath, itemPreviewType) {
-            const modal = document.getElementById('mediaModal');
-            const modalContent = document.getElementById('modalContent');
-            modalContent.innerHTML = '';
-            const fileUrl = getFileUrl(itemUniquePath);
-
-            if (itemPreviewType === 'image') {
-                modalContent.innerHTML = `<img src="${fileUrl}" alt="Preview">`;
-            } else if (itemPreviewType === 'video') {
-                 modalContent.innerHTML = `<video controls autoplay><source src="${fileUrl}" type="video/mp4"></video>`;
-            } else if (itemPreviewType === 'pdf') {
-                 modalContent.innerHTML = `<iframe src="${fileUrl}" style="width: 100%; height: 80vh; border: none;"></iframe>`;
-            } else if (itemPreviewType === 'txt') {
-                 try {
-                     const response = await fetch(fileUrl);
-                     if (!response.ok) throw new Error('Failed to fetch text file');
-                     const textContent = await response.text();
-                     modalContent.innerHTML = `<pre>${textContent}</pre>`;
-                 } catch (error) {
-                     console.error("Error fetching text file:", error);
-                     modalContent.innerHTML = `<p>Не удалось загрузить текстовый файл для предпросмотра.</p><p>${error.message}</p>`;
-                 }
-            } else {
-                modalContent.innerHTML = `<p>Предпросмотр недоступен для этого типа файла.</p>`;
-            }
 
-            modal.style.display = 'flex';
-        }
+@app.route('/admhosto/delete_item/<username>', methods=['POST'])
+def admin_delete_item(username):
+    if not is_admin(): return redirect(url_for('login'))
 
-        function closeModal(event) {
-            const modal = document.getElementById('mediaModal');
-             const modalContent = document.getElementById('modalContent');
-             if (event.target === modal || !modalContent.contains(event.target)) {
-                 modal.style.display = 'none';
-                 const video = modal.querySelector('video');
-                 if (video) {
-                    video.pause();
-                 }
-                 modalContent.innerHTML = '';
-            }
-        }
-         // Event listeners for preview images/videos in the admin view grid
-        document.querySelectorAll('.item-preview').forEach(previewElement => {
-             previewElement.addEventListener('click', function() {
-                 const itemDiv = this.closest('.item-item');
-                 const itemType = itemDiv.classList.contains('file-item') ? (this.tagName === 'IMG' ? 'image' : 'video') : 'other'; // Simple type guess from tag
-                 // Need the unique_path from the item data - tricky in this template structure without data attributes
-                 // For admin view, the preview src is directly the HF URL. Let's pass that.
-                 const src = this.tagName === 'VIDEO' ? this.querySelector('source').src : this.src;
-                 const url = new URL(src);
-                 const uniquePath = url.pathname.replace(`/datasets/${HF_REPO_ID}/resolve/main/`, '').replace('?download=true', '');
-                 openModal(uniquePath, itemType); // Need more robust type detection here
-             });
-         });
-    </script>
-</body>
-</html>
-'''
-    return render_template_string(html, username=username, items_by_folder=items_by_folder, repo_id=REPO_ID, os=os)
+    data = load_data()
+    user_data = data.get('users', {}).get(username)
+    if not user_data:
+        flash(f'Пользователь "{username}" не найден!', 'error')
+        return redirect(url_for('admin_panel'))
 
+    item_path_str = request.form.get('item_path', '').strip()
+    if not item_path_str:
+        flash('Не указан путь к элементу для удаления.', 'error')
+        return redirect(url_for('admin_user_files', username=username))
+
+    api = HfApi() if HF_TOKEN_WRITE else None
+    if not api:
+         # Check if trying to delete something that exists in HF
+         node_to_delete = get_node_by_path(user_data, item_path_str)
+         if node_to_delete and (node_to_delete.get('storage_path') or node_to_delete.get('type') == 'folder'):
+             flash('Ошибка конфигурации: Админ не может удалить элементы из облака без токена записи.', 'error')
+             parent_path = '/'.join(item_path_str.strip('/').split('/')[:-1])
+             return redirect(url_for('admin_user_files', username=username, folder_path=parent_path))
+
+    # Call recursive delete
+    deleted, message = delete_node_recursive(user_data, item_path_str, api, username)
+
+    if deleted:
+        try:
+            save_data(data)
+            flash(f'Админ удалил "{item_path_str.split("/")[-1]}" пользователя {username}. {message}', 'success')
+        except Exception as e:
+            flash(f'Элемент удален из структуры, но ошибка сохранения: {e}', 'error')
+    else:
+        flash(f'Админ: Ошибка удаления "{item_path_str.split("/")[-1]}": {message}', 'error')
+
+    parent_path = '/'.join(item_path_str.strip('/').split('/')[:-1])
+    return redirect(url_for('admin_user_files', username=username, folder_path=parent_path))
 
 @app.route('/admhosto/delete_user/<username>', methods=['POST'])
 def admin_delete_user(username):
+    if not is_admin(): return redirect(url_for('login'))
+
     data = load_data()
-    if username not in data['users']:
-        flash('Пользователь не найден!')
+    if username not in data.get('users', {}):
+        flash(f'Пользователь "{username}" не найден!', 'error')
         return redirect(url_for('admin_panel'))
 
     user_data = data['users'][username]
-    user_items_to_delete = user_data.get('items', [])
+    api = HfApi() if HF_TOKEN_WRITE else None
 
-    try:
-        api = HfApi()
-        
-        # Collect all file unique paths for this user
-        file_paths_on_hf = [item['unique_path'] for item in user_items_to_delete if item['type'] == 'file']
-
-        # Delete files from HF Hub
-        if file_paths_on_hf:
-             try:
-                 # Attempt to delete the user's folder on HF directly
-                 user_folder_on_hf = f"cloud_files/{username}"
-                 api.delete_folder(
-                     folder_path=user_folder_on_hf,
-                     repo_id=REPO_ID,
-                     repo_type="dataset",
-                     token=HF_TOKEN_WRITE,
-                     commit_message=f"Admin deleted folder {user_folder_on_hf} and contents"
+    if not api:
+         flash('Ошибка конфигурации: Админ не может удалить пользователя и его файлы из облака без токена записи.', 'error')
+         return redirect(url_for('admin_panel'))
+
+    # Collect all file paths to delete from HF
+    hf_paths_to_delete = []
+    def collect_paths(node):
+        if node.get('type') == 'file' and node.get('storage_path'):
+            hf_paths_to_delete.append(node.get('storage_path'))
+        elif node.get('type') == 'folder':
+            for child in node.get('children', {}).values():
+                collect_paths(child)
+    collect_paths(user_data.get('root', {}))
+
+    # Delete files from HF Hub
+    errors_hf = []
+    if hf_paths_to_delete:
+         logging.info(f"Admin deleting {len(hf_paths_to_delete)} files for user {username} from HF...")
+         # Attempting folder deletion first might be faster if API supports it reliably
+         user_cloud_folder = f"{CLOUD_BASE_FOLDER}/{username}"
+         try:
+             # This might fail if folder isn't empty or API limitations
+             api.delete_folder(
+                 folder_path=user_cloud_folder,
+                 repo_id=REPO_ID, repo_type="dataset", token=HF_TOKEN_WRITE,
+                 commit_message=f"Admin deleted all data for user {username}"
                  )
-                 logging.info(f"Successfully deleted folder {user_folder_on_hf} for user {username}")
-             except Exception as folder_delete_error:
-                 logging.warning(f"Could not delete folder {user_folder_on_hf}, attempting individual file deletion: {folder_delete_error}")
-                 # If folder deletion fails, delete files one by one
-                 for hf_path in file_paths_on_hf:
-                     try:
-                         api.delete_file(
-                            path_in_repo=hf_path,
-                            repo_id=REPO_ID,
-                            repo_type="dataset",
-                            token=HF_TOKEN_WRITE
-                         )
-                         logging.info(f"Successfully deleted file {hf_path} for user {username}")
-                     except Exception as file_delete_error:
-                          logging.error(f"Error deleting file {hf_path} for user {username}: {file_delete_error}")
-                          # Continue deletion attempt for other files
-
-        # Remove the user from the database
-        del data['users'][username]
+             logging.info(f"Successfully deleted HF folder {user_cloud_folder}")
+         except Exception as folder_del_err:
+              logging.warning(f"Could not delete folder {user_cloud_folder} directly ({folder_del_err}), attempting individual file deletion...")
+              for hf_path in hf_paths_to_delete:
+                  try:
+                      api.delete_file(path_in_repo=hf_path, repo_id=REPO_ID, repo_type="dataset", token=HF_TOKEN_WRITE)
+                  except HfHubHTTPError as e:
+                      if e.response.status_code != 404: # Ignore if already gone
+                         logging.error(f"Admin: Error deleting file {hf_path} for user {username}: {e}")
+                         errors_hf.append(hf_path.split('/')[-1])
+                  except Exception as e:
+                      logging.error(f"Admin: Unexpected error deleting file {hf_path} for {username}: {e}")
+                      errors_hf.append(hf_path.split('/')[-1])
+
+    # Delete user from JSON data
+    del data['users'][username]
+    try:
         save_data(data)
-        flash(f'Пользователь {username} и его элементы успешно удалены!')
-        logging.info(f"Admin deleted user {username} and their items.")
-
+        msg = f'Пользователь {username} и его данные удалены.'
+        if errors_hf:
+            msg += f' Ошибки при удалении некоторых файлов из облака: {", ".join(errors_hf)}'
+        flash(msg, 'success' if not errors_hf else 'warning')
+        logging.info(f"Admin successfully deleted user {username}.")
     except Exception as e:
-        logging.error(f"Error deleting user {username}: {e}")
-        flash(f'Ошибка при удалении пользователя {username}!')
+        flash(f'Пользователь удален из облака (с возможными ошибками), но произошла ошибка сохранения локальных данных: {e}', 'error')
+        # Critical error, data file might be out of sync
+        logging.error(f"CRITICAL: Failed to save data after admin deleted user {username}: {e}")
 
     return redirect(url_for('admin_panel'))
 
 
-@app.route('/admhosto/delete_item/<username>/<path:item_path>', methods=['POST'])
-def admin_delete_item(username, item_path):
-     data = load_data()
-     if username not in data['users']:
-         flash('Пользователь не найден!')
-         return redirect(url_for('admin_panel'))
-
-     user_data = data['users'][username]
-     item_to_delete = get_item_by_path(user_data, item_path)
-
-     if not item_to_delete:
-         flash('Элемент (файл или папка) не найден в базе данных пользователя!')
-         # Still try to remove from HF if it was a file, in case of sync issues
-         # But can't determine HF path reliably without item info for folders/unique file names
-         return redirect(url_for('admin_user_files', username=username)) # Redirect back
-
-     try:
-         api = HfApi()
-         if item_to_delete['type'] == 'file':
-             hf_path = item_to_delete['unique_path']
-             api.delete_file(
-                 path_in_repo=hf_path,
-                 repo_id=REPO_ID,
-                 repo_type="dataset",
-                 token=HF_TOKEN_WRITE,
-                 commit_message=f"Admin deleted file {item_to_delete['name']} for {username}"
-             )
-             # Remove the file item
-             user_data['items'] = [item for item in user_data['items'] if item.get('unique_path') != item_path]
-             flash(f"Файл '{item_to_delete['name']}' успешно удален администратором!")
-
-         elif item_to_delete['type'] == 'folder':
-             # Find all files within this folder and its subfolders
-             files_to_delete_blobs = get_all_descendant_files(user_data, item_to_delete['path'])
-
-             # Delete files from HF Hub
-             deleted_blob_count = 0
-             for file_item in files_to_delete_blobs:
-                  try:
-                       api.delete_file(
-                           path_in_repo=file_item['unique_path'],
-                           repo_id=REPO_ID,
-                           repo_type="dataset",
-                           token=HF_TOKEN_WRITE
-                       )
-                       deleted_blob_count += 1
-                  except Exception as file_delete_error:
-                       logging.error(f"Admin error deleting blob {file_item['unique_path']} during folder delete: {file_delete_error}")
-                       # Continue attempting to delete other files
-
-             # Try deleting the folder path itself on HF
-             try:
-                 api.delete_folder(
-                     folder_path=item_to_delete['path'].rstrip('/'),
-                     repo_id=REPO_ID,
-                     repo_type="dataset",
-                     token=HF_TOKEN_WRITE,
-                     commit_message=f"Admin deleted folder {item_to_delete['name']} for {username} and its contents"
-                 )
-             except Exception as folder_delete_error:
-                  logging.warning(f"Admin could not delete folder path {item_to_delete['path']} on HF: {folder_delete_error}")
-
-             # Remove the folder item and all its descendants from the items list
-             folder_prefix = item_to_delete['path']
-             user_data['items'] = [item for item in user_data['items'] if not (
-                  item.get('path', '').startswith(folder_prefix) or # Delete descendant folders
-                  item.get('unique_path', '').startswith(folder_prefix) or # Delete descendant files
-                  item.get('path') == item_path # Delete the folder itself
-             )]
-
-             flash(f"Папка '{item_to_delete['name']}' и ее содержимое успешно удалены администратором! ({deleted_blob_count} файлов удалено из хранилища)")
-
-         save_data(data)
-
-     except Exception as e:
-         logging.error(f"Admin error deleting item {item_path}: {e}")
-         flash('Ошибка при удалении элемента администратором!')
+if __name__ == '__main__':
+    os.makedirs(UPLOADS_DIR, exist_ok=True)
 
-     return redirect(url_for('admin_user_files', username=username))
+    if not HF_TOKEN_WRITE:
+        logging.warning("HF_TOKEN (write access) is not set. File/folder uploads & deletions will fail.")
+    if not HF_TOKEN_READ:
+        logging.warning("HF_TOKEN_READ is not set. Falling back to HF_TOKEN. File downloads/previews might fail for private repos if HF_TOKEN is not set or lacks read access.")
 
+    # Initial data load attempt
+    load_data()
 
-if __name__ == '__main__':
+    # Start periodic backup thread only if write token exists
     if HF_TOKEN_WRITE:
-        threading.Thread(target=periodic_backup, daemon=True).start()
+        backup_thread = threading.Thread(target=periodic_backup, daemon=True)
+        backup_thread.start()
+        logging.info("Periodic backup thread started.")
+    else:
+        logging.warning("Periodic backup disabled (HF_TOKEN_WRITE not set).")
+
+    # Run Flask app
+    app.run(debug=False, host='0.0.0.0', port=7860)
 
-    app.run(debug=False, host='0.0.0.0', port=7860)
\ No newline at end of file
+# --- END OF FILE app (8).py ---
\ No newline at end of file