Update app.py

app.py

@@ -1,3 +1,5 @@
+# --- START OF FILE app (8).py ---
+
 from flask import Flask, render_template_string, request, redirect, url_for, session, flash, send_file, jsonify
 from flask_caching import Cache
 import json
@@ -11,7 +13,7 @@ from werkzeug.utils import secure_filename
 import requests
 from io import BytesIO
 import uuid
-import mimetypes
+import os.path
 
 app = Flask(__name__)
 app.secret_key = os.getenv("FLASK_SECRET_KEY", "supersecretkey")
@@ -52,6 +54,9 @@ def save_data(data):
         raise
 
 def upload_db_to_hf():
+    if not HF_TOKEN_WRITE:
+        logging.warning("HF_TOKEN_WRITE not set. Skipping database upload.")
+        return
     try:
         api = HfApi()
         api.upload_file(
@@ -67,6 +72,12 @@ def upload_db_to_hf():
         logging.error(f"Error uploading database: {e}")
 
 def download_db_from_hf():
+    if not HF_TOKEN_READ:
+        logging.warning("HF_TOKEN_READ not set. Cannot download database.")
+        if not os.path.exists(DATA_FILE):
+            with open(DATA_FILE, 'w', encoding='utf-8') as f:
+                json.dump({'users': {}, 'files': {}}, f)
+        return
     try:
         hf_hub_download(
             repo_id=REPO_ID,
@@ -74,7 +85,8 @@ def download_db_from_hf():
             repo_type="dataset",
             token=HF_TOKEN_READ,
             local_dir=".",
-            local_dir_use_symlinks=False
+            local_dir_use_symlinks=False,
+            force_download=True # Ensure we get the latest version
         )
         logging.info("Database downloaded from Hugging Face")
     except Exception as e:
@@ -85,20 +97,20 @@ def download_db_from_hf():
 
 def periodic_backup():
     while True:
-        upload_db_to_hf()
         time.sleep(1800)
+        logging.info("Attempting periodic backup...")
+        upload_db_to_hf()
 
 def get_file_type(filename):
-    mime_type, _ = mimetypes.guess_type(filename)
-    if mime_type:
-        if mime_type.startswith('image'):
-            return 'image'
-        elif mime_type.startswith('video'):
-            return 'video'
-        elif mime_type == 'application/pdf':
-            return 'pdf'
-        elif mime_type == 'text/plain':
-            return 'text'
+    filename_lower = filename.lower()
+    if filename_lower.endswith(('.mp4', '.mov', '.avi', '.webm', '.mkv', '.flv')):
+        return 'video'
+    elif filename_lower.endswith(('.jpg', '.jpeg', '.png', '.gif', '.bmp', '.webp', '.svg')):
+        return 'image'
+    elif filename_lower.endswith('.pdf'):
+        return 'pdf'
+    elif filename_lower.endswith('.txt'):
+        return 'text'
     return 'other'
 
 BASE_STYLE = '''
@@ -187,6 +199,8 @@ input:focus, textarea:focus {
     box-shadow: var(--shadow);
     display: inline-block;
     text-decoration: none;
+    margin-right: 5px; /* Added margin */
+    margin-bottom: 5px; /* Added margin */
 }
 .btn:hover {
     transform: scale(1.05);
@@ -194,14 +208,12 @@ input:focus, textarea:focus {
 }
 .download-btn {
     background: var(--secondary);
-    margin-top: 10px;
 }
 .download-btn:hover {
     background: #00b8c5;
 }
 .delete-btn {
     background: var(--delete-color);
-    margin-top: 10px;
 }
 .delete-btn:hover {
     background: #cc3333;
@@ -244,7 +256,7 @@ body.dark .user-item {
 }
 @media (max-width: 768px) {
     .file-grid {
-        grid-template-columns: repeat(2, 1fr);
+        grid-template-columns: repeat(auto-fill, minmax(200px, 1fr));
     }
 }
 @media (max-width: 480px) {
@@ -259,6 +271,8 @@ body.dark .user-item {
     box-shadow: var(--shadow);
     text-align: center;
     transition: var(--transition);
+    word-wrap: break-word; /* Ensure long names wrap */
+    overflow: hidden; /* Hide overflow */
 }
 body.dark .file-item {
     background: var(--card-bg-dark);
@@ -267,16 +281,37 @@ body.dark .file-item {
     transform: translateY(-5px);
 }
 .file-preview {
-    max-width: 100%;
-    max-height: 200px;
-    object-fit: cover;
+    width: 100%; /* Ensure preview takes full width */
+    height: 180px; /* Fixed height for consistency */
+    object-fit: cover; /* Cover the area */
+    border-radius: 10px;
+    margin-bottom: 10px;
+    cursor: pointer;
+    background-color: #eee; /* Placeholder color */
+}
+.file-preview-icon { /* Style for icons */
+    width: 100%;
+    height: 180px;
+    display: flex;
+    justify-content: center;
+    align-items: center;
+    font-size: 5em; /* Large icon */
+    color: var(--secondary);
     border-radius: 10px;
     margin-bottom: 10px;
-    loading: lazy;
+    background-color: rgba(0, 221, 235, 0.1); /* Light background */
+    cursor: pointer;
 }
 .file-item p {
     font-size: 0.9em;
     margin: 5px 0;
+    white-space: nowrap;
+    overflow: hidden;
+    text-overflow: ellipsis; /* Add ellipsis for long names */
+}
+.file-item .filename { /* Style for filename */
+    font-weight: 600;
+    margin-bottom: 8px;
 }
 .file-item a {
     color: var(--primary);
@@ -296,19 +331,29 @@ body.dark .file-item {
     z-index: 2000;
     justify-content: center;
     align-items: center;
+    padding: 10px;
 }
-.modal img, .modal video {
+.modal-content {
     max-width: 95%;
     max-height: 95%;
+    display: flex; /* Use flex for centering */
+    justify-content: center;
+    align-items: center;
+}
+
+.modal img, .modal video {
+    max-width: 100%;
+    max-height: 100%;
     object-fit: contain;
-    border-radius: 20px;
+    border-radius: 10px;
     box-shadow: var(--shadow);
 }
 .modal iframe {
+    width: 90vw;
+    height: 90vh;
     border: none;
-    width: 95%;
-    max-width: 100%;
-    height: 95%;
+    border-radius: 10px;
+    background: white; /* Background for iframe content */
 }
 #progress-container {
     width: 100%;
@@ -440,6 +485,9 @@ def login():
             .then(data => {
                 if (data.status === 'success') {
                     window.location.href = data.redirect;
+                } else {
+                    // Clear invalid stored credentials
+                    localStorage.removeItem('zeusCredentials');
                 }
             })
             .catch(error => console.error('Ошибка автовхода:', error));
@@ -486,54 +534,85 @@ def dashboard():
         flash('Пользователь не найден!')
         return redirect(url_for('login'))
 
-    user_files = sorted(data['users'][username]['files'], key=lambda x: x['upload_date'], reverse=True)
-
     if request.method == 'POST':
         files = request.files.getlist('files')
-        if files and len(files) > 20:
+        if not files or all(not f.filename for f in files):
+            flash('Файлы не выбраны!')
+            return redirect(url_for('dashboard'))
+
+        if len(files) > 20:
             flash('Максимум 20 файлов за раз!')
             return redirect(url_for('dashboard'))
 
-        if files:
-            os.makedirs('uploads', exist_ok=True)
-            api = HfApi()
-            temp_files = []
+        if not HF_TOKEN_WRITE:
+            flash('Загрузка невозможна: отсутствует токен Hugging Face для записи.')
+            return redirect(url_for('dashboard'))
 
-            for file in files:
-                if file and file.filename:
-                    original_filename = secure_filename(file.filename)
-                    unique_filename = f"{uuid.uuid4().hex}_{original_filename}"
-                    temp_path = os.path.join('uploads', unique_filename)
+        os.makedirs('uploads', exist_ok=True)
+        api = HfApi()
+        uploaded_files_info = []
+        upload_errors = []
+
+        for file in files:
+            if file and file.filename:
+                original_filename = file.filename
+                sanitized_base, extension = os.path.splitext(secure_filename(original_filename))
+                unique_id = str(uuid.uuid4())[:8] # Shorter UUID for filename
+                unique_filename = f"{sanitized_base}_{unique_id}{extension}"
+                temp_path = os.path.join('uploads', unique_filename) # Save temp with unique name
+
+                try:
                     file.save(temp_path)
-                    temp_files.append((temp_path, unique_filename, original_filename))
-
-            for temp_path, unique_filename, original_filename in temp_files:
-                file_path = f"cloud_files/{username}/{unique_filename}"
-                api.upload_file(
-                    path_or_fileobj=temp_path,
-                    path_in_repo=file_path,
-                    repo_id=REPO_ID,
-                    repo_type="dataset",
-                    token=HF_TOKEN_WRITE,
-                    commit_message=f"Uploaded file for {username}"
-                )
-
-                file_info = {
-                    'filename': original_filename,
-                    'unique_filename': unique_filename,
-                    'path': file_path,
-                    'type': get_file_type(original_filename),
-                    'upload_date': datetime.now().strftime('%Y-%m-%d %H:%M:%S')
-                }
-                data['users'][username]['files'].append(file_info)
-
-                if os.path.exists(temp_path):
-                    os.remove(temp_path)
-
-            save_data(data)
-            flash('Файлы успешно загружены!')
+                    file_path_in_repo = f"cloud_files/{username}/{unique_filename}"
+
+                    api.upload_file(
+                        path_or_fileobj=temp_path,
+                        path_in_repo=file_path_in_repo,
+                        repo_id=REPO_ID,
+                        repo_type="dataset",
+                        token=HF_TOKEN_WRITE,
+                        commit_message=f"Uploaded {unique_filename} for {username}"
+                    )
+
+                    file_info = {
+                        'filename': unique_filename, # Unique name used in storage
+                        'original_name': original_filename, # Original name for display
+                        'path': file_path_in_repo,
+                        'type': get_file_type(original_filename),
+                        'upload_date': datetime.now().strftime('%Y-%m-%d %H:%M:%S')
+                    }
+                    uploaded_files_info.append(file_info)
+
+                except Exception as e:
+                    logging.error(f"Error uploading file {original_filename} ({unique_filename}): {e}")
+                    upload_errors.append(original_filename)
+                finally:
+                    if os.path.exists(temp_path):
+                        os.remove(temp_path)
+
+        if uploaded_files_info:
+            current_data = load_data() # Reload data before modifying
+            if username in current_data['users']:
+                 if 'files' not in current_data['users'][username]:
+                     current_data['users'][username]['files'] = []
+                 current_data['users'][username]['files'].extend(uploaded_files_info)
+                 save_data(current_data)
+                 flash(f'{len(uploaded_files_info)} файл(ов) успешно загружено!')
+            else:
+                flash('Ошибка: пользователь не найден после загрузки.') # Should not happen if session check passed
+
+        if upload_errors:
+            flash(f'Ошибка при загрузке файлов: {", ".join(upload_errors)}')
+
+        # Use AJAX response if request expects JSON (like from the JS progress handler)
+        if request.headers.get('X-Requested-With') == 'XMLHttpRequest':
+             # Even though JS reloads, sending a success helps confirm operation
+             return jsonify({'status': 'success', 'uploaded': len(uploaded_files_info), 'errors': len(upload_errors)})
+        else:
+            return redirect(url_for('dashboard')) # Standard redirect for non-JS form submit
 
-        return redirect(url_for('dashboard'))
+    # GET request part
+    user_files = sorted(data['users'][username].get('files', []), key=lambda x: x.get('upload_date', ''), reverse=True)
 
     html = '''
 <!DOCTYPE html>
@@ -543,12 +622,13 @@ def dashboard():
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <title>Панель управления - Zeus Cloud</title>
     <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;800&display=swap" rel="stylesheet">
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css"> <!-- Font Awesome for icons -->
     <style>''' + BASE_STYLE + '''</style>
 </head>
 <body>
     <div class="container">
         <h1>Панель управления Zeus Cloud</h1>
-        <p>Пользователь: {{ username }}</p>
+        <p>Пользователь: <strong>{{ username }}</strong></p>
         {% with messages = get_flashed_messages() %}
             {% if messages %}
                 {% for message in messages %}
@@ -560,7 +640,7 @@ def dashboard():
             <input type="file" name="files" multiple required>
             <button type="submit" class="btn" id="upload-btn">Загрузить файлы</button>
         </form>
-        <div id="progress-container">
+        <div id="progress-container" style="display: none;">
             <div id="progress-bar"></div>
         </div>
         <h2 style="margin-top: 30px;">Ваши файлы</h2>
@@ -568,23 +648,32 @@ def dashboard():
         <div class="file-grid">
             {% for file in user_files %}
                 <div class="file-item">
-                    <p style="font-size: 1.1em; font-weight: bold;">{{ file['filename'] }}</p>
-                    {% if file['type'] == 'video' %}
-                        <video class="file-preview" preload="metadata" muted loading="lazy" onclick="openModal('https://huggingface.co/datasets/{{ repo_id }}/resolve/main/{{ file['path'] }}', true)">
-                            <source src="https://huggingface.co/datasets/{{ repo_id }}/resolve/main/{{ file['path'] }}" type="video/mp4">
+                    <p class="filename" title="{{ file.original_name }}">{{ file.original_name }}</p> {# Display original name #}
+                    {% set file_url = "https://huggingface.co/datasets/" + repo_id + "/resolve/main/" + file.path + "?token=" + hf_token_read if hf_token_read else "https://huggingface.co/datasets/" + repo_id + "/resolve/main/" + file.path %}
+                    {% if file.type == 'video' %}
+                        <video class="file-preview" preload="metadata" muted loading="lazy" onclick="openModal('{{ file_url }}', '{{ file.type }}')">
+                            <source src="{{ file_url }}" type="video/mp4"> {# Use variable for URL #}
+                            Ваш браузер не поддерживает предпросмотр видео.
                         </video>
-                    {% elif file['type'] == 'image' %}
-                        <img class="file-preview" src="https://huggingface.co/datasets/{{ repo_id }}/resolve/main/{{ file['path'] }}" alt="{{ file['filename'] }}" loading="lazy" onclick="openModal(this.src, false)">
-                    {% elif file['type'] == 'pdf' %}
-                        <iframe class="file-preview" src="https://huggingface.co/datasets/{{ repo_id }}/resolve/main/{{ file['path'] }}" loading="lazy"></iframe>
-                    {% elif file['type'] == 'text' %}
-                        <textarea class="file-preview" readonly style="font-family: monospace; padding: 10px; border: 1px solid #ddd; border-radius: 5px; overflow: auto; width: 100%; height: 200px;">Предпросмотр текстовых файлов пока не поддерживается. Скачайте файл для просмотра.</textarea>
+                    {% elif file.type == 'image' %}
+                        <img class="file-preview" src="{{ file_url }}" alt="{{ file.original_name }}" loading="lazy" onclick="openModal('{{ file_url }}', '{{ file.type }}')">
+                    {% elif file.type == 'pdf' %}
+                         <div class="file-preview-icon" onclick="openModal('{{ file_url }}', '{{ file.type }}')">
+                            <i class="fas fa-file-pdf"></i>
+                         </div>
+                    {% elif file.type == 'text' %}
+                         <div class="file-preview-icon" onclick="openModal('{{ file_url }}', '{{ file.type }}')">
+                            <i class="fas fa-file-alt"></i>
+                         </div>
                     {% else %}
-                        <p>Тип файла не поддерживается для предпросмотра</p>
+                         <div class="file-preview-icon" onclick="alert('Предпросмотр для этого типа файла не поддерживается.')">
+                              <i class="fas fa-file"></i> {# Generic file icon #}
+                         </div>
                     {% endif %}
-                    <p>{{ file['upload_date'] }}</p>
-                    <a href="{{ url_for('download_file', file_path=file['path'], filename=file['unique_filename'], original_filename=file['filename']) }}" class="btn download-btn">Скачать</a>
-                    <a href="{{ url_for('delete_file', file_path=file['path']) }}" class="btn delete-btn" onclick="return confirm('Вы уверены, что хотите удалить этот файл?');">Удалить</a>
+                    <p style="font-size: 0.8em; color: #666;">{{ file.upload_date }}</p> {# Smaller date #}
+                    {# Use original_name for the download attribute #}
+                    <a href="{{ url_for('download_file', file_path=file.path, filename=file.original_name) }}" class="btn download-btn">Скачать</a>
+                    <a href="{{ url_for('delete_file', file_path=file.path) }}" class="btn delete-btn" onclick="return confirm('Вы уверены, что хотите удалить файл \'{{ file.original_name }}\'?');">Удалить</a>
                 </div>
             {% endfor %}
             {% if not user_files %}
@@ -593,49 +682,74 @@ def dashboard():
         </div>
         <h2 style="margin-top: 30px;">Добавить на главный экран</h2>
         <p>Для быстрого доступа к Zeus Cloud, вы можете добавить это приложение на главный экран вашего телефона:</p>
-        <div style="margin-top: 10px;">
-            <h3>Для пользователей Android:</h3>
-            <ol>
-                <li>Откройте Zeus Cloud в браузере Chrome.</li>
-                <li>Нажмите на меню браузера (обычно три точки вверху справа).</li>
-                <li>Выберите <strong>"Добавить на главный экран"</strong>.</li>
-                <li>Подтвердите добавление, и иконка приложения появится на вашем главном экране.</li>
-            </ol>
-        </div>
-        <div style="margin-top: 10px;">
-            <h3>Для пользователей iOS (iPhone/iPad):</h3>
-            <ol>
-                <li>Откройте Zeus Cloud в браузере Safari.</li>
-                <li>Нажмите кнопку <strong>"Поделиться"</strong> (квадрат со стрелкой вверх) в нижней части экрана.</li>
-                <li>Прокрутите список опций вниз и выберите <strong>"Добавить на экран «Домой»"</strong>.</li>
-                <li>В правом верхнем углу нажмите <strong>"Добавить"</strong>. Иконка приложения появится на вашем главном экране.</li>
-            </ol>
+         <div style="display: flex; flex-wrap: wrap; gap: 20px; margin-top: 15px;">
+             <div style="flex: 1; min-width: 250px;">
+                 <h3><i class="fab fa-android"></i> Android:</h3>
+                 <ol>
+                     <li>Откройте Zeus Cloud в браузере Chrome.</li>
+                     <li>Нажмите на меню <i class="fas fa-ellipsis-v"></i> (обычно три точки).</li>
+                     <li>Выберите <strong>"Установить приложение"</strong> или <strong>"Добавить на главный экран"</strong>.</li>
+                     <li>Подтвердите добавление.</li>
+                 </ol>
+             </div>
+             <div style="flex: 1; min-width: 250px;">
+                 <h3><i class="fab fa-apple"></i> iOS (iPhone/iPad):</h3>
+                 <ol>
+                     <li>Откройте Zeus Cloud в браузере Safari.</li>
+                     <li>Нажмите кнопку <strong>"Поделиться"</strong> <i class="fas fa-external-link-square-alt"></i> (квадрат со стрелкой).</li>
+                     <li>Прокрутите вниз и выберите <strong>"На экран «Домой»"</strong>.</li>
+                     <li>Нажмите <strong>"Добавить"</strong>.</li>
+                 </ol>
+            </div>
         </div>
-        <a href="{{ url_for('logout') }}" class="btn" style="margin-top: 20px;" id="logout-btn">Выйти</a>
+        <a href="{{ url_for('logout') }}" class="btn" style="margin-top: 30px; background-color: var(--accent);" id="logout-btn">Выйти</a>
     </div>
     <div class="modal" id="mediaModal" onclick="closeModal(event)">
-        <div id="modalContent"></div>
+        <div class="modal-content" id="modalContent"></div>
     </div>
     <script>
-        function openModal(src, isVideo) {
+        const HF_TOKEN_READ = "{{ hf_token_read or '' }}"; // Pass read token to JS if available
+
+        function openModal(src, fileType) {
             const modal = document.getElementById('mediaModal');
             const modalContent = document.getElementById('modalContent');
-            if (isVideo) {
-                modalContent.innerHTML = `<video controls autoplay><source src="${src}" type="video/mp4"></video>`;
+            modalContent.innerHTML = ''; // Clear previous content
+
+            // Add token to URL if needed and not already present
+            let finalSrc = src;
+            if (HF_TOKEN_READ && src.indexOf('token=') === -1) {
+                 finalSrc += (src.indexOf('?') === -1 ? '?' : '&') + 'token=' + HF_TOKEN_READ;
+            }
+
+            if (fileType === 'video') {
+                modalContent.innerHTML = `<video controls autoplay><source src="${finalSrc}" type="video/mp4">Ваш браузер не поддерживает это видео.</video>`;
+            } else if (fileType === 'image') {
+                modalContent.innerHTML = `<img src="${finalSrc}" alt="Предпросмотр изображения">`;
+            } else if (fileType === 'pdf' || fileType === 'text') {
+                 // Use iframe for PDF and Text preview
+                 modalContent.innerHTML = `<iframe src="${finalSrc}"></iframe>`;
             } else {
-                modalContent.innerHTML = `<img src="${src}">`;
+                 alert('Предпросмотр для этого типа файла не поддерживается.');
+                 return; // Don't open modal for unsupported types
             }
             modal.style.display = 'flex';
         }
+
         function closeModal(event) {
             const modal = document.getElementById('mediaModal');
+            // Close only if clicking on the background (the modal itself)
             if (event.target === modal) {
                  modal.style.display = 'none';
                  const video = modal.querySelector('video');
                  if (video) {
                     video.pause();
+                    video.src = ''; // Stop loading video
+                 }
+                 const iframe = modal.querySelector('iframe');
+                 if (iframe) {
+                    iframe.src = 'about:blank'; // Clear iframe
                  }
-                 modalContent.innerHTML = '';
+                 document.getElementById('modalContent').innerHTML = ''; // Clear content
             }
         }
 
@@ -643,50 +757,71 @@ def dashboard():
         const progressBar = document.getElementById('progress-bar');
         const progressContainer = document.getElementById('progress-container');
         const uploadBtn = document.getElementById('upload-btn');
+        const fileInput = form.querySelector('input[type="file"]');
 
         form.addEventListener('submit', function(e) {
-            e.preventDefault();
-            const files = form.querySelector('input[type="file"]').files;
-            if (files.length > 20) {
-                alert('Максимум 20 файлов за раз!');
-                return;
-            }
+            e.preventDefault(); // Prevent default form submission
+
+            const files = fileInput.files;
             if (files.length === 0) {
                  alert('Пожалуйста, выберите файлы для загрузки.');
                  return;
             }
+            if (files.length > 20) {
+                alert('Ма��симум 20 файлов за раз!');
+                return;
+            }
 
             const formData = new FormData(form);
             progressContainer.style.display = 'block';
             progressBar.style.width = '0%';
             uploadBtn.disabled = true;
+            uploadBtn.textContent = 'Загрузка...';
 
             const xhr = new XMLHttpRequest();
-            xhr.open('POST', '/dashboard', true);
+            xhr.open('POST', '{{ url_for("dashboard") }}', true);
+            // Required for Flask to know it's an AJAX request (optional but good practice)
+            xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
 
             xhr.upload.onprogress = function(event) {
                 if (event.lengthComputable) {
-                    const percent = (event.loaded / event.total) * 100;
+                    const percent = Math.round((event.loaded / event.total) * 100);
                     progressBar.style.width = percent + '%';
+                    progressBar.textContent = percent + '%'; // Show percentage text
                 }
             };
 
-            xhr.onload = function() {
-                uploadBtn.disabled = false;
+             xhr.onload = function() {
+                 uploadBtn.disabled = false;
+                 uploadBtn.textContent = 'Загрузить файлы';
                  progressContainer.style.display = 'none';
                  progressBar.style.width = '0%';
-                if (xhr.status === 200) {
-                    location.reload();
-                } else {
-                    alert('Ошибка загрузки!');
+                 progressBar.textContent = ''; // Clear percentage text
+
+                 if (xhr.status === 200) {
+                     // Attempt to parse JSON response for more detailed feedback (optional)
+                     try {
+                         const response = JSON.parse(xhr.responseText);
+                         // We could potentially update the file list dynamically here
+                         // For now, just reload to show flash messages and updated list
+                         location.reload();
+                     } catch (err) {
+                         // If response wasn't JSON or error, still reload
+                         location.reload();
+                     }
+                 } else {
+                     // Handle server errors (e.g., 500)
+                     alert('Ошибка сервера при загрузке файлов. Код: ' + xhr.status);
                  }
-            };
+             };
 
             xhr.onerror = function() {
-                alert('Ошибка соединения!');
+                alert('Ошибка сети при загрузке файлов.');
                 progressContainer.style.display = 'none';
                 progressBar.style.width = '0%';
+                progressBar.textContent = '';
                 uploadBtn.disabled = false;
+                uploadBtn.textContent = 'Загрузить файлы';
             };
 
             xhr.send(formData);
@@ -695,37 +830,53 @@ def dashboard():
         document.getElementById('logout-btn').addEventListener('click', function(e) {
             e.preventDefault();
             localStorage.removeItem('zeusCredentials');
-            window.location.href = '/logout';
+            window.location.href = '{{ url_for("logout") }}';
         });
     </script>
 </body>
 </html>
 '''
-    return render_template_string(html, username=username, user_files=user_files, repo_id=REPO_ID)
+    return render_template_string(html, username=username, user_files=user_files, repo_id=REPO_ID, hf_token_read=HF_TOKEN_READ)
 
-@app.route('/download/<path:file_path>/<filename>/<original_filename>')
-def download_file(file_path, filename, original_filename):
-    if 'username' not in session:
-        flash('Пожалуйста, войдите в систему!')
-        return redirect(url_for('login'))
 
-    username = session['username']
+@app.route('/download/<path:file_path>/<filename>')
+def download_file(file_path, filename):
+    if 'username' not in session and not (request.referrer and 'admhosto' in request.referrer):
+         flash('Пожалуйста, войдите в систему!')
+         return redirect(url_for('login'))
+
+    current_username = session.get('username')
+    is_admin_request = request.referrer and 'admhosto' in request.referrer
+
+    # Basic check: if it's not an admin request, the user must be logged in
+    if not is_admin_request and not current_username:
+         flash('Доступ запрещен.')
+         return redirect(url_for('login'))
+
     data = load_data()
-    if username not in data['users']:
-        session.pop('username', None)
-        flash('Пользователь не найден!')
-        return redirect(url_for('login'))
 
-    user_files = data['users'][username]['files']
-    if not any(file['path'] == file_path for file in user_files):
-         is_admin_route = request.referrer and 'admhosto' in request.referrer
-         if not is_admin_route:
+    # Determine the owner of the file from the path
+    try:
+        file_owner = file_path.split('/')[1]
+    except IndexError:
+         flash('Неверный путь к файлу.')
+         return redirect(request.referrer or url_for('dashboard'))
+
+    # Permission check
+    if not is_admin_request:
+        # Regular user request: check if they own the file
+        if current_username != file_owner:
              flash('У вас нет доступа к этому файлу!')
              return redirect(url_for('dashboard'))
+        # Verify the file exists in their list (optional, but good practice)
+        if not any(f['path'] == file_path for f in data.get('users', {}).get(current_username, {}).get('files', [])):
+            flash('Файл не найден в вашем аккаунте.')
+            return redirect(url_for('dashboard'))
+    # If it's an admin request, we allow the download (assuming admin is verified elsewhere or implicitly via URL)
 
+    # Construct download URL
     file_url = f"https://huggingface.co/datasets/{REPO_ID}/resolve/main/{file_path}?download=true"
     try:
-        api = HfApi()
         headers = {}
         if HF_TOKEN_READ:
             headers["authorization"] = f"Bearer {HF_TOKEN_READ}"
@@ -733,27 +884,29 @@ def download_file(file_path, filename, original_filename):
         response = requests.get(file_url, headers=headers, stream=True)
         response.raise_for_status()
 
+        # Use BytesIO to handle the content in memory
         file_content = BytesIO(response.content)
+
+        # Send the file using the original filename provided in the URL
         return send_file(
             file_content,
             as_attachment=True,
-            download_name=original_filename,
+            download_name=filename, # Use the passed filename for download
             mimetype='application/octet-stream'
         )
     except requests.exceptions.RequestException as e:
-        logging.error(f"Error downloading file from HF: {e}")
-        flash('Ошибка скачивания файла!')
-        if request.referrer and 'admhosto' in request.referrer:
-             return redirect(url_for('admin_user_files', username=file_path.split('/')[1]))
+        logging.error(f"Error downloading file '{filename}' ({file_path}) from HF: {e}")
+        status_code = e.response.status_code if e.response is not None else 'N/A'
+        if status_code == 404:
+             flash(f'Ошибка скачивания: Файл "{filename}" не найден на сервере.')
         else:
-             return redirect(url_for('dashboard'))
+             flash(f'Ошибка скачивания файла "{filename}" (код: {status_code}).')
+        return redirect(request.referrer or url_for('dashboard'))
     except Exception as e:
-        logging.error(f"Unexpected error during download: {e}")
-        flash('Произошла непредвиденная ошибка при скачивании файла.')
-        if request.referrer and 'admhosto' in request.referrer:
-             return redirect(url_for('admin_user_files', username=file_path.split('/')[1]))
-        else:
-             return redirect(url_for('dashboard'))
+        logging.error(f"Unexpected error during download of '{filename}' ({file_path}): {e}")
+        flash(f'Произошла непредвиденная ошибка при скачивании файла "{filename}".')
+        return redirect(request.referrer or url_for('dashboard'))
+
 
 @app.route('/delete/<path:file_path>')
 def delete_file(file_path):
@@ -768,13 +921,19 @@ def delete_file(file_path):
         flash('Пользователь не найден!')
         return redirect(url_for('login'))
 
-    user_files = data['users'][username]['files']
+    user_files = data['users'][username].get('files', [])
     file_to_delete = next((file for file in user_files if file['path'] == file_path), None)
 
     if not file_to_delete:
         flash('Файл не найден!')
         return redirect(url_for('dashboard'))
 
+    if not HF_TOKEN_WRITE:
+        flash('Удаление невозможно: отсутствует токен Hugging Face для записи.')
+        return redirect(url_for('dashboard'))
+
+    original_name = file_to_delete.get('original_name', 'N/A') # Get original name for message
+
     try:
         api = HfApi()
         api.delete_file(
@@ -782,26 +941,31 @@ def delete_file(file_path):
             repo_id=REPO_ID,
             repo_type="dataset",
             token=HF_TOKEN_WRITE,
-            commit_message=f"Deleted file {file_path} for {username}"
+            commit_message=f"Deleted {file_path} for {username}"
         )
+        # Update data only after successful deletion from HF
         data['users'][username]['files'] = [f for f in user_files if f['path'] != file_path]
         save_data(data)
-        flash('Файл успешно удален!')
+        flash(f'Файл "{original_name}" успешн�� удален!')
     except Exception as e:
-        logging.error(f"Error deleting file: {e}")
-        flash('Ошибка удаления файла!')
+        logging.error(f"Error deleting file {file_path} for {username}: {e}")
+        flash(f'Ошибка удаления файла "{original_name}"!')
 
     return redirect(url_for('dashboard'))
 
 @app.route('/logout')
 def logout():
     session.pop('username', None)
+    flash('Вы вышли из системы.')
+    # Redirecting to login page handles clearing localStorage via its JS
     return redirect(url_for('login'))
 
+
 @app.route('/admhosto')
 def admin_panel():
+    # Add proper admin authentication here if needed
     data = load_data()
-    users = data['users']
+    users = data.get('users', {})
 
     html = '''
 <!DOCTYPE html>
@@ -811,6 +975,7 @@ def admin_panel():
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <title>Админ-панель - Zeus Cloud</title>
     <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;800&display=swap" rel="stylesheet">
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css">
     <style>''' + BASE_STYLE + '''</style>
 </head>
 <body>
@@ -824,7 +989,7 @@ def admin_panel():
                     <p>Дата регистрации: {{ user_data.get('created_at', 'N/A') }}</p>
                     <p>Количество файлов: {{ user_data.get('files', []) | length }}</p>
                      <form method="POST" action="{{ url_for('admin_delete_user', username=username) }}" style="display: inline; margin-left: 10px;" onsubmit="return confirm('Вы уверены, что хотите удалить пользователя {{ username }} и все его файлы? Это действие необратимо!');">
-                         <button type="submit" class="btn delete-btn" style="padding: 5px 10px; font-size: 0.9em;">Удалить</button>
+                         <button type="submit" class="btn delete-btn" style="padding: 5px 10px; font-size: 0.9em;">Удалить пользователя</button>
                      </form>
                 </div>
             {% endfor %}
@@ -849,8 +1014,9 @@ def admin_panel():
 
 @app.route('/admhosto/user/<username>')
 def admin_user_files(username):
+    # Add proper admin authentication here if needed
     data = load_data()
-    if username not in data['users']:
+    if username not in data.get('users', {}):
         flash('Пользователь не найден!')
         return redirect(url_for('admin_panel'))
 
@@ -864,11 +1030,13 @@ def admin_user_files(username):
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <title>Файлы пользователя {{ username }} - Zeus Cloud</title>
     <link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;800&display=swap" rel="stylesheet">
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0-beta3/css/all.min.css">
     <style>''' + BASE_STYLE + '''</style>
 </head>
 <body>
     <div class="container">
         <h1>Файлы пользователя: {{ username }}</h1>
+        <a href="{{ url_for('admin_panel') }}" class="btn" style="margin-bottom: 20px; background-color: var(--accent);">Назад к списку пользователей</a>
         {% with messages = get_flashed_messages() %}
             {% if messages %}
                 {% for message in messages %}
@@ -879,24 +1047,25 @@ def admin_user_files(username):
         <div class="file-grid">
             {% for file in user_files %}
                 <div class="file-item">
-                    <p style="font-size: 1.1em; font-weight: bold;">{{ file.get('filename', 'N/A') }}</p>
-                    {% if file.get('type') == 'video' %}
-                        <video class="file-preview" preload="metadata" muted loading="lazy" onclick="openModal('https://huggingface.co/datasets/{{ repo_id }}/resolve/main/{{ file['path'] }}?download=true', true)">
-                             <source src="https://huggingface.co/datasets/{{ repo_id }}/resolve/main/{{ file['path'] }}?download=true" type="video/mp4">
-                        </video>
-                    {% elif file.get('type') == 'image' %}
-                        <img class="file-preview" src="https://huggingface.co/datasets/{{ repo_id }}/resolve/main/{{ file['path'] }}?download=true" alt="{{ file['filename'] }}" loading="lazy" onclick="openModal(this.src, false)">
-                    {% elif file.get('type') == 'pdf' %}
-                        <iframe class="file-preview" src="https://huggingface.co/datasets/{{ repo_id }}/resolve/main/{{ file['path'] }}" loading="lazy"></iframe>
-                    {% elif file.get('type') == 'text' %}
-                        <textarea class="file-preview" readonly style="font-family: monospace; padding: 10px; border: 1px solid #ddd; border-radius: 5px; overflow: auto; width: 100%; height: 200px;">Предпросмотр текстовых файлов пока не поддерживается. Скачайте файл для просмотра.</textarea>
-                    {% else %}
-                        <p>Тип файла не поддерживается для предпросмотра</p>
-                    {% endif %}
-                    <p>{{ file.get('upload_date', 'N/A') }}</p>
-                    <a href="{{ url_for('download_file', file_path=file['path'], filename=file['unique_filename'], original_filename=file['filename']) }}" class="btn download-btn">Скачать</a>
-                     <form method="POST" action="{{ url_for('admin_delete_file', username=username, file_path=file['path']) }}" style="display: inline; margin-left: 5px;" onsubmit="return confirm('Вы уверены, что хотите удалить этот файл?');">
-                          <button type="submit" class="btn delete-btn" style="padding: 5px 10px; font-size: 0.9em;">Удалить</button>
+                     <p class="filename" title="{{ file.original_name }}">{{ file.original_name }}</p>
+                     {% set file_url = "https://huggingface.co/datasets/" + repo_id + "/resolve/main/" + file.path + "?token=" + hf_token_read if hf_token_read else "https://huggingface.co/datasets/" + repo_id + "/resolve/main/" + file.path %}
+                     {% if file.type == 'video' %}
+                         <video class="file-preview" preload="metadata" muted loading="lazy" onclick="openModal('{{ file_url }}', '{{ file.type }}')">
+                             <source src="{{ file_url }}" type="video/mp4">
+                         </video>
+                     {% elif file.type == 'image' %}
+                         <img class="file-preview" src="{{ file_url }}" alt="{{ file.original_name }}" loading="lazy" onclick="openModal('{{ file_url }}', '{{ file.type }}')">
+                     {% elif file.type == 'pdf' %}
+                          <div class="file-preview-icon" onclick="openModal('{{ file_url }}', '{{ file.type }}')"><i class="fas fa-file-pdf"></i></div>
+                     {% elif file.type == 'text' %}
+                          <div class="file-preview-icon" onclick="openModal('{{ file_url }}', '{{ file.type }}')"><i class="fas fa-file-alt"></i></div>
+                     {% else %}
+                          <div class="file-preview-icon" onclick="alert('Предпросмотр для этого типа файла не поддерживается.')"><i class="fas fa-file"></i></div>
+                     {% endif %}
+                     <p style="font-size: 0.8em; color: #666;">{{ file.get('upload_date', 'N/A') }}</p>
+                     <a href="{{ url_for('download_file', file_path=file.path, filename=file.original_name) }}" class="btn download-btn">Скачать</a>
+                     <form method="POST" action="{{ url_for('admin_delete_file', username=username, file_path=file.path) }}" style="display: inline;" onsubmit="return confirm('Вы уверены, что хотите удалить файл \'{{ file.original_name }}\'?');">
+                           <button type="submit" class="btn delete-btn" style="padding: 10px 15px; font-size: 0.9em;">Удалить</button>
                      </form>
                 </div>
             {% endfor %}
@@ -904,103 +1073,120 @@ def admin_user_files(username):
                 <p>У этого пользователя пока нет файлов.</p>
             {% endif %}
         </div>
-        <a href="{{ url_for('admin_panel') }}" class="btn" style="margin-top: 20px;">Назад к списку пользователей</a>
+
     </div>
     <div class="modal" id="mediaModal" onclick="closeModal(event)">
-        <div id="modalContent"></div>
+         <div class="modal-content" id="modalContent"></div>
     </div>
      <script>
-        function openModal(src, isVideo) {
+        const HF_TOKEN_READ = "{{ hf_token_read or '' }}";
+
+        function openModal(src, fileType) {
             const modal = document.getElementById('mediaModal');
             const modalContent = document.getElementById('modalContent');
-            const tokenParam = HF_TOKEN_READ ? `?token=${HF_TOKEN_READ}` : "";
-            const finalSrc = src + tokenParam;
-
-             if (isVideo) {
-                 const videoSrc = finalSrc.includes('?download=true') ? finalSrc : finalSrc.replace('?', '?download=true&');
-                 modalContent.innerHTML = `<video controls autoplay style='max-width: 95%; max-height: 95vh;'><source src="${videoSrc}" type="video/mp4"></video>`;
+            modalContent.innerHTML = ''; // Clear previous content
+
+            let finalSrc = src;
+             if (HF_TOKEN_READ && src.indexOf('token=') === -1) {
+                 finalSrc += (src.indexOf('?') === -1 ? '?' : '&') + 'token=' + HF_TOKEN_READ;
+             }
+
+             if (fileType === 'video') {
+                 modalContent.innerHTML = `<video controls autoplay><source src="${finalSrc}" type="video/mp4"></video>`;
+             } else if (fileType === 'image') {
+                 modalContent.innerHTML = `<img src="${finalSrc}">`;
+             } else if (fileType === 'pdf' || fileType === 'text') {
+                  modalContent.innerHTML = `<iframe src="${finalSrc}"></iframe>`;
              } else {
-                 const img_src = finalSrc.includes('?download=true') ? finalSrc : finalSrc.replace('?', '?download=true&');
-                 modalContent.innerHTML = `<img src="${img_src}" style='max-width: 95%; max-height: 95vh;'>`;
-            }
-            modal.style.display = 'flex';
+                  alert('Предпросмотр для этого типа файла не поддерживается.');
+                  return;
+             }
+             modal.style.display = 'flex';
         }
+
          function closeModal(event) {
             const modal = document.getElementById('mediaModal');
              if (event.target === modal) {
                  modal.style.display = 'none';
                  const video = modal.querySelector('video');
-                 if (video) {
-                    video.pause();
-                 }
+                 if (video) { video.pause(); video.src=''; }
+                 const iframe = modal.querySelector('iframe');
+                 if (iframe) { iframe.src = 'about:blank'; }
                  document.getElementById('modalContent').innerHTML = '';
             }
         }
-        const HF_TOKEN_READ = "{{ os.getenv('HF_TOKEN_READ') or os.getenv('HF_TOKEN') }}";
     </script>
 </body>
 </html>
 '''
-    return render_template_string(html, username=username, user_files=user_files, repo_id=REPO_ID, os=os)
+    return render_template_string(html, username=username, user_files=user_files, repo_id=REPO_ID, hf_token_read=HF_TOKEN_READ)
+
 
 @app.route('/admhosto/delete_user/<username>', methods=['POST'])
 def admin_delete_user(username):
+    # Add proper admin authentication here
+    if not HF_TOKEN_WRITE:
+        flash('Удаление невозможно: отсутствует токен Hugging Face для записи.')
+        return redirect(url_for('admin_panel'))
+
     data = load_data()
-    if username not in data['users']:
+    if username not in data.get('users', {}):
         flash('Пользователь не найден!')
         return redirect(url_for('admin_panel'))
 
-    user_files_to_delete = data['users'][username].get('files', [])
+    user_folder_path = f"cloud_files/{username}"
+    logging.info(f"Admin attempting to delete user '{username}' and folder '{user_folder_path}'")
 
     try:
         api = HfApi()
-        paths_to_delete = [file['path'] for file in user_files_to_delete]
-        if paths_to_delete:
-             try:
-                 api.delete_folder(
-                     folder_path=f"cloud_files/{username}",
-                     repo_id=REPO_ID,
-                     repo_type="dataset",
-                     token=HF_TOKEN_WRITE,
-                     commit_message=f"Deleted all files for user {username} by admin"
-                 )
-                 logging.info(f"Successfully deleted folder for user {username}")
-             except Exception as folder_delete_error:
-                 logging.warning(f"Could not delete folder for {username}, attempting individual file deletion: {folder_delete_error}")
-                 for file_path in paths_to_delete:
-                     try:
-                         api.delete_file(
-                            path_in_repo=file_path,
-                            repo_id=REPO_ID,
-                            repo_type="dataset",
-                            token=HF_TOKEN_WRITE
-                         )
-                     except Exception as file_delete_error:
-                          logging.error(f"Error deleting file {file_path} for user {username}: {file_delete_error}")
+        # Attempt to delete the entire user folder from Hugging Face Hub
+        api.delete_folder(
+            folder_path=user_folder_path,
+            repo_id=REPO_ID,
+            repo_type="dataset",
+            token=HF_TOKEN_WRITE,
+            commit_message=f"Admin deleted folder {user_folder_path} for user {username}",
+            ignore_patterns=None # Ensure all files are targeted
+        )
+        logging.info(f"Successfully deleted folder '{user_folder_path}' from HF Hub for user {username}.")
+
+    except Exception as e:
+        # Log error if folder deletion fails, but proceed to delete user from DB
+        # This handles cases where the folder might be empty or already partially deleted
+        logging.error(f"Error deleting folder '{user_folder_path}' from HF Hub for user {username}: {e}. Proceeding to delete user from database.")
+        # Optionally, could iterate and delete files individually here as a fallback
 
+    try:
+        # Delete the user from the local data structure
         del data['users'][username]
         save_data(data)
-        flash(f'Пользователь {username} и его файлы успешно удалены!')
-        logging.info(f"Admin deleted user {username} and their files.")
+        flash(f'Пользователь {username} и его файлы (попытка удаления с сервера) успешно удалены из базы данных!')
+        logging.info(f"Admin successfully deleted user {username} from the database.")
 
     except Exception as e:
-        logging.error(f"Error deleting user {username}: {e}")
-        flash(f'Ошибка при удалении пользователя {username}!')
+        logging.error(f"Error deleting user {username} from database after attempting HF deletion: {e}")
+        flash(f'Ошибка при удалении пользователя {username} из базы данных!')
 
     return redirect(url_for('admin_panel'))
 
+
 @app.route('/admhosto/delete_file/<username>/<path:file_path>', methods=['POST'])
 def admin_delete_file(username, file_path):
+     # Add proper admin authentication here
+     if not HF_TOKEN_WRITE:
+        flash('Удаление невозможно: отсутствует токен Hugging Face для записи.')
+        return redirect(url_for('admin_user_files', username=username))
+
      data = load_data()
-     if username not in data['users']:
+     if username not in data.get('users', {}):
          flash('Пользователь не найден!')
          return redirect(url_for('admin_panel'))
 
      user_files = data['users'][username].get('files', [])
-     file_exists_in_db = any(f['path'] == file_path for f in user_files)
+     file_to_delete = next((f for f in user_files if f['path'] == file_path), None)
+     original_name = file_to_delete.get('original_name', file_path) if file_to_delete else file_path
 
-     if not file_exists_in_db:
-         flash('Файл не найден в базе данных пользователя!')
+     logging.info(f"Admin attempting to delete file '{file_path}' for user '{username}'")
 
      try:
          api = HfApi()
@@ -1011,27 +1197,43 @@ def admin_delete_file(username, file_path):
              token=HF_TOKEN_WRITE,
              commit_message=f"Admin deleted file {file_path} for user {username}"
          )
+         logging.info(f"Successfully deleted file {file_path} from HF Hub.")
+
+         # Update the database only if the file was found there
+         if file_to_delete:
+             data['users'][username]['files'] = [f for f in user_files if f['path'] != file_path]
+             save_data(data)
+             logging.info(f"Removed file {file_path} from database for user {username}.")
+         else:
+              logging.warning(f"File {file_path} deleted from HF Hub by admin, but was not found in user {username}'s database list.")
 
-         data['users'][username]['files'] = [f for f in user_files if f['path'] != file_path]
-         save_data(data)
-         flash('Файл успешно удален!')
-         logging.info(f"Admin deleted file {file_path} for user {username}")
+         flash(f'Файл "{original_name}" успешно удален!')
 
      except Exception as e:
-         logging.error(f"Error deleting file {file_path} by admin: {e}")
-         flash('Ошибка удаления файла!')
+         logging.error(f"Error deleting file {file_path} from HF Hub by admin: {e}")
+         # Check if error is 'not found' - maybe already deleted?
+         flash(f'Ошибка удаления файла "{original_name}"!')
 
      return redirect(url_for('admin_user_files', username=username))
 
+
 if __name__ == '__main__':
     if not HF_TOKEN_WRITE:
-        logging.warning("HF_TOKEN (write access) is not set. File uploads and deletions will fail.")
+        logging.warning("!!! HF_TOKEN (write access) is NOT set. File uploads, deletions, and backups WILL FAIL.")
     if not HF_TOKEN_READ:
-        logging.warning("HF_TOKEN_READ is not set. Falling back to HF_TOKEN. File downloads might fail for private repos if HF_TOKEN is not set.")
+        logging.warning("!!! HF_TOKEN_READ is NOT set. Falling back to HF_TOKEN if available. File downloads/previews might fail for private repos if no read token is present.")
+
+    if not os.path.exists(DATA_FILE):
+         logging.info(f"{DATA_FILE} not found, attempting initial download...")
+         download_db_from_hf() # Try to download on startup if missing
 
     if HF_TOKEN_WRITE:
-        threading.Thread(target=periodic_backup, daemon=True).start()
+        backup_thread = threading.Thread(target=periodic_backup, daemon=True)
+        backup_thread.start()
+        logging.info("Periodic backup thread started.")
     else:
-        logging.warning("Periodic backup disabled because HF_TOKEN (write access) is not set.")
+        logging.warning("Periodic backup thread NOT started because HF_TOKEN_WRITE is not set.")
+
+    app.run(debug=False, host='0.0.0.0', port=7860)
 
-    app.run(debug=False, host='0.0.0.0', port=7860)
+# --- END OF FILE app (8).py ---