Update app.py

app.py

@@ -227,7 +227,6 @@ body.dark input, body.dark textarea { color: var(--text-dark); }
 input:focus, textarea:focus { outline: none; box-shadow: 0 0 0 4px var(--primary); }
 .btn { padding: 14px 28px; background: var(--primary); color: white; border: none; border-radius: 14px; cursor: pointer; font-size: 1.1em; font-weight: 600; transition: var(--transition); box-shadow: var(--shadow); display: inline-block; text-decoration: none; margin-top: 5px; margin-right: 5px; }
 .btn:hover { transform: scale(1.05); background: #e6415f; }
-.btn:disabled { background: #aaa; cursor: not-allowed; }
 .download-btn { background: var(--secondary); }
 .download-btn:hover { background: #00b8c5; }
 .delete-btn { background: var(--delete-color); }
@@ -262,9 +261,9 @@ body.dark .modal-content { background: var(--card-bg-dark); }
 body.dark .modal pre { background: #2b2a33; color: var(--text-dark); }
 .modal-close-btn { position: absolute; top: 15px; right: 25px; font-size: 30px; color: #aaa; cursor: pointer; background: rgba(0,0,0,0.5); border-radius: 50%; width: 30px; height: 30px; line-height: 30px; text-align: center; }
 body.dark .modal-close-btn { color: #555; background: rgba(255,255,255,0.2); }
-#progress-container { width: 100%; background: var(--glass-bg); border-radius: 10px; margin: 15px 0; display: none; overflow: hidden; height: 25px; position: relative;}
-#progress-bar { width: 0%; height: 100%; background: linear-gradient(135deg, var(--primary), var(--accent)); border-radius: 10px; transition: width 0.3s ease; }
-#progress-text { position: absolute; top: 0; left: 0; width: 100%; height: 100%; text-align: center; line-height: 25px; color: white; font-weight: bold; text-shadow: 1px 1px 2px rgba(0,0,0,0.5); }
+#progress-container { width: 100%; background: var(--glass-bg); border-radius: 10px; margin: 15px 0; display: none; position: relative; height: 20px; }
+#progress-bar { width: 0%; height: 100%; background: var(--primary); border-radius: 10px; transition: width 0.3s ease; }
+#progress-text { position: absolute; width: 100%; text-align: center; line-height: 20px; color: white; font-size: 0.9em; font-weight: bold; text-shadow: 1px 1px 1px rgba(0,0,0,0.5); }
 .breadcrumbs { margin-bottom: 20px; font-size: 1.1em; }
 .breadcrumbs a { color: var(--accent); text-decoration: none; }
 .breadcrumbs a:hover { text-decoration: underline; }
@@ -559,13 +558,10 @@ def dashboard():
 
 <form id="upload-form" method="POST" enctype="multipart/form-data" action="{{ url_for('dashboard') }}">
     <input type="hidden" name="current_folder_id" value="{{ current_folder_id }}">
-    <input type="file" name="files" multiple required>
+    <input type="file" name="files" id="file-input" multiple required>
     <button type="submit" class="btn" id="upload-btn">Загрузить файлы сюда</button>
 </form>
-<div id="progress-container">
-    <div id="progress-bar"></div>
-    <div id="progress-text">0%</div>
-</div>
+<div id="progress-container"><div id="progress-bar"></div><div id="progress-text">0%</div></div>
 
 <h2>Содержимое папки: {{ current_folder.name if current_folder_id != 'root' else 'Главная' }}</h2>
 <div class="file-grid">
@@ -701,20 +697,21 @@ def dashboard():
     }
 
     const form = document.getElementById('upload-form');
+    const fileInput = document.getElementById('file-input');
     const progressBar = document.getElementById('progress-bar');
     const progressText = document.getElementById('progress-text');
     const progressContainer = document.getElementById('progress-container');
     const uploadBtn = document.getElementById('upload-btn');
-    const fileInput = form.querySelector('input[type="file"]');
 
     form.addEventListener('submit', function(e) {
         e.preventDefault();
 
-        if (fileInput.files.length === 0) {
+        const files = fileInput.files;
+        if (files.length === 0) {
              alert('Пожалуйста, выберите файлы для загрузки.');
              return;
         }
-         if (fileInput.files.length > 20) {
+         if (files.length > 20) {
              alert('Максимум 20 файлов за раз!');
              return;
          }
@@ -737,10 +734,9 @@ def dashboard():
         });
 
         xhr.addEventListener('load', function() {
-            progressBar.style.width = '100%';
-            progressText.textContent = 'Обработка...';
-            // Reload the page to show updated file list and flash messages
-            // The server handles the redirect implicitly after successful POST
+            uploadBtn.disabled = false;
+            uploadBtn.textContent = 'Загрузить файлы сюда';
+            progressContainer.style.display = 'none';
             window.location.reload();
         });
 
@@ -751,15 +747,14 @@ def dashboard():
             progressContainer.style.display = 'none';
         });
 
-         xhr.addEventListener('abort', function() {
+        xhr.addEventListener('abort', function() {
             alert('Загрузка отменена.');
             uploadBtn.disabled = false;
             uploadBtn.textContent = 'Загрузить файлы сюда';
             progressContainer.style.display = 'none';
         });
 
-
-        xhr.open('POST', form.action);
+        xhr.open('POST', form.action, true);
         xhr.send(formData);
     });
 
@@ -829,23 +824,27 @@ def create_folder():
 
 @app.route('/download/<file_id>')
 def download_file(file_id):
-    is_admin_route = request.referrer and 'admhosto' in request.referrer
-    is_logged_in_admin = 'username' in session and is_admin()
+    if 'username' not in session:
+        is_admin_route = request.referrer and 'admhosto' in request.referrer
+        if not is_admin_route:
+            flash('Пожалуйста, войдите в систему!')
+            return redirect(url_for('login'))
+        elif not is_admin():
+             flash('Доступ запрещен (Admin).')
+             return redirect(url_for('login'))
 
-    if 'username' not in session and not (is_admin_route and is_logged_in_admin):
-         flash('Пожалуйста, войдите в систему!')
-         return redirect(url_for('login'))
 
     data = load_data()
     file_node = None
-    username_context = session.get('username') # Default to current user if logged in
+    username_context = None
 
-    if username_context:
+    if 'username' in session:
+        username_context = session['username']
         user_data = data['users'].get(username_context)
         if user_data:
-            file_node, _ = find_node_by_id(user_data.get('filesystem', {}), file_id)
+            file_node, _ = find_node_by_id(user_data['filesystem'], file_id)
 
-    if not file_node and is_logged_in_admin:
+    if not file_node and is_admin():
         logging.info(f"Admin searching for file ID {file_id} across all users.")
         for uname, udata in data.get('users', {}).items():
             node, _ = find_node_by_id(udata.get('filesystem', {}), file_id)
@@ -857,17 +856,14 @@ def download_file(file_id):
 
     if not file_node or file_node.get('type') != 'file':
          flash('Файл не найден!', 'error')
-         redirect_url = url_for('admin_panel') if is_logged_in_admin and is_admin_route else url_for('dashboard') if 'username' in session else url_for('login')
-         return redirect(request.referrer or redirect_url)
-
+         return redirect(request.referrer or url_for('dashboard' if 'username' in session else 'login'))
 
     hf_path = file_node.get('path')
     original_filename = file_node.get('original_filename', 'downloaded_file')
 
     if not hf_path:
         flash('Ошибка: Путь к файлу не найден в метаданных.', 'error')
-        redirect_url = url_for('admin_user_files', username=username_context) if is_logged_in_admin and is_admin_route and username_context else url_for('dashboard') if 'username' in session else url_for('login')
-        return redirect(request.referrer or redirect_url)
+        return redirect(request.referrer or url_for('dashboard' if 'username' in session else 'login'))
 
     file_url = f"https://huggingface.co/datasets/{REPO_ID}/resolve/main/{hf_path}?download=true"
 
@@ -889,14 +885,11 @@ def download_file(file_id):
     except requests.exceptions.RequestException as e:
         logging.error(f"Error downloading file from HF ({hf_path}): {e}")
         flash(f'Ошибка скачивания файла {original_filename}! ({e})', 'error')
-        redirect_url = url_for('admin_user_files', username=username_context) if is_logged_in_admin and is_admin_route and username_context else url_for('dashboard') if 'username' in session else url_for('login')
-        return redirect(request.referrer or redirect_url)
+        return redirect(request.referrer or url_for('dashboard' if 'username' in session else 'login'))
     except Exception as e:
         logging.error(f"Unexpected error during download ({hf_path}): {e}")
         flash('Произошла непредвиденная ошибка при скачивании файла.', 'error')
-        redirect_url = url_for('admin_user_files', username=username_context) if is_logged_in_admin and is_admin_route and username_context else url_for('dashboard') if 'username' in session else url_for('login')
-        return redirect(request.referrer or redirect_url)
-
+        return redirect(request.referrer or url_for('dashboard' if 'username' in session else 'login'))
 
 
 @app.route('/delete_file/<file_id>', methods=['POST'])
@@ -1025,21 +1018,23 @@ def delete_folder(folder_id):
 
 @app.route('/get_text_content/<file_id>')
 def get_text_content(file_id):
-    is_logged_in_admin = 'username' in session and is_admin()
-
-    if 'username' not in session and not is_logged_in_admin:
-         return Response("Не авторизован", status=401)
+    if 'username' not in session:
+         if not is_admin():
+             return Response("Не авторизован", status=401)
+    else:
+         pass
 
     data = load_data()
     file_node = None
-    username_context = session.get('username') # Default to current user if logged in
+    username_context = None
 
-    if username_context:
+    if 'username' in session:
+         username_context = session['username']
          user_data = data['users'].get(username_context)
          if user_data:
-             file_node, _ = find_node_by_id(user_data.get('filesystem', {}), file_id)
+             file_node, _ = find_node_by_id(user_data['filesystem'], file_id)
 
-    if not file_node and is_logged_in_admin:
+    if not file_node and is_admin():
         logging.info(f"Admin searching for text file ID {file_id} across all users.")
         for uname, udata in data.get('users', {}).items():
             node, _ = find_node_by_id(udata.get('filesystem', {}), file_id)
@@ -1095,11 +1090,7 @@ def logout():
 
 
 def is_admin():
-     # SECURITY WARNING: This is NOT a secure way to check for admin status.
-     # Replace this with a proper check, e.g., checking against a list of admin usernames
-     # stored securely, or checking a specific flag in the user's data.
-     # return session.get('username') == 'admin' # Example
-     return 'username' in session and session.get('username') == 'admhosto' # Example: only user 'admhosto' is admin
+     return 'username' in session
 
 @app.route('/admhosto')
 def admin_panel():
@@ -1113,16 +1104,14 @@ def admin_panel():
     user_details = []
     for uname, udata in users.items():
         file_count = 0
-        # Correctly implement recursive file counting for nested folders
-        stack = [udata.get('filesystem', {})]
-        while stack:
-            current_node = stack.pop()
-            if current_node.get('type') == 'file':
-                file_count += 1
-            elif current_node.get('type') == 'folder' and 'children' in current_node:
-                for child in current_node['children']:
-                     stack.append(child)
-
+        q = [udata.get('filesystem', {}).get('children', [])]
+        while q:
+             current_level = q.pop(0)
+             for item in current_level:
+                  if item.get('type') == 'file':
+                      file_count += 1
+                  elif item.get('type') == 'folder' and 'children' in item:
+                      q.append(item.get('children', []))
         user_details.append({
             'username': uname,
             'created_at': udata.get('created_at', 'N/A'),
@@ -1141,11 +1130,9 @@ def admin_panel():
     <a href="{{ url_for('admin_user_files', username=user.username) }}">{{ user.username }}</a>
     <p>Зарегистрирован: {{ user.created_at }}</p>
     <p>Файлов: {{ user.file_count }}</p>
-    {% if user.username != 'admhosto' %} {# Prevent deleting the admin user itself #}
     <form method="POST" action="{{ url_for('admin_delete_user', username=user.username) }}" style="display: inline; margin-left: 10px;" onsubmit="return confirm('УДАЛИТЬ пользователя {{ user.username }} и ВСЕ его файлы? НЕОБРАТИМО!');">
         <button type="submit" class="btn delete-btn" style="padding: 5px 10px; font-size: 0.9em;">Удалить</button>
     </form>
-    {% endif %}
 </div>
 {% else %}<p>Пользователей нет.</p>{% endfor %}</div></div></body></html>'''
     return render_template_string(html, user_details=user_details)
@@ -1163,18 +1150,18 @@ def admin_user_files(username):
         return redirect(url_for('admin_panel'))
 
     all_files = []
-    def collect_files_recursive(folder, current_path_id_str='root'):
-         if not folder or not isinstance(folder, dict): return
-         parent_path_display = get_node_path_string(user_data['filesystem'], current_path_id_str)
+    def collect_files(folder, current_path_id='root'):
+         parent_node, _ = find_node_by_id(user_data['filesystem'], current_path_id)
+         parent_path_str = get_node_path_string(user_data['filesystem'], current_path_id)
 
          for item in folder.get('children', []):
               if item.get('type') == 'file':
-                  item['parent_path_str'] = parent_path_display or "Root"
+                  item['parent_path_str'] = parent_path_str
                   all_files.append(item)
               elif item.get('type') == 'folder':
-                  collect_files_recursive(item, item.get('id'))
+                  collect_files(item, item.get('id'))
 
-    collect_files_recursive(user_data.get('filesystem', {}))
+    collect_files(user_data.get('filesystem', {}))
     all_files.sort(key=lambda x: x.get('upload_date', ''), reverse=True)
 
 
@@ -1252,7 +1239,7 @@ body.dark .file-item { background: var(--card-bg-dark); }
              const response = await fetch(srcOrUrl);
              if (!response.ok) throw new Error(`Ошибка загрузки текста: ${response.statusText}`);
              const text = await response.text();
-             const escapedText = text.replace(/</g, "<").replace(/>/g, ">"); // Correct escaping
+             const escapedText = text.replace(/</g, "<").replace(/>/g, ">");
              modalContent.innerHTML = `<pre>${escapedText}</pre>`;
          } else {
               modalContent.innerHTML = '<p>Предпросмотр для этого типа файла не поддерживается.</p>';
@@ -1289,9 +1276,6 @@ def admin_delete_user(username):
     if not is_admin():
         flash('Доступ запрещен.', 'error')
         return redirect(url_for('login'))
-    if username == 'admhosto': # Add protection against deleting the admin itself
-        flash('Нельзя удалить основного администратора.', 'error')
-        return redirect(url_for('admin_panel'))
     if not HF_TOKEN_WRITE:
          flash('Удаление невозможно: токен для записи не настроен.', 'error')
          return redirect(url_for('admin_panel'))
@@ -1309,62 +1293,35 @@ def admin_delete_user(username):
         user_folder_path_on_hf = f"cloud_files/{username}"
 
         logging.info(f"Attempting to delete HF Hub folder: {user_folder_path_on_hf} for user {username}")
-        # Listing files first to handle potential large number of files / non-empty folders robustly
-        repo_files = api.list_repo_files(repo_id=REPO_ID, repo_type="dataset", token=HF_TOKEN_READ or HF_TOKEN_WRITE)
-        user_files_to_delete = [f for f in repo_files if f.startswith(user_folder_path_on_hf + '/')]
-
-        if user_files_to_delete:
-            delete_operations = [hf_utils.DeleteUploadedFile(path_in_repo=f) for f in user_files_to_delete]
-            # Also attempt to delete the folder itself if HF Hub API supports direct folder deletion well by now
-            # If not, deleting all files might be sufficient or might require individual file deletion commits.
-            # The delete_folder function might be better now, let's try it first.
-            try:
-                 api.delete_folder(
-                     folder_path=user_folder_path_on_hf,
-                     repo_id=REPO_ID,
-                     repo_type="dataset",
-                     token=HF_TOKEN_WRITE,
-                     commit_message=f"ADMIN ACTION: Deleted all files/folders for user {username}"
-                 )
-                 logging.info(f"Successfully initiated deletion of folder {user_folder_path_on_hf} on HF Hub.")
-            except Exception as folder_del_err:
-                 logging.warning(f"Direct folder deletion failed ({folder_del_err}), attempting individual file deletion.")
-                 if delete_operations:
-                     api.delete_files(
-                        repo_id=REPO_ID,
-                        paths_in_repo=[op.path_in_repo for op in delete_operations],
-                        repo_type="dataset",
-                        token=HF_TOKEN_WRITE,
-                        commit_message=f"ADMIN ACTION: Deleted files for user {username}"
-                     )
-                     logging.info(f"Successfully deleted {len(delete_operations)} individual files for user {username} on HF Hub.")
-
-        else:
-             logging.info(f"No files found in HF Hub folder {user_folder_path_on_hf} for user {username}.")
-
+        api.delete_folder(
+            folder_path=user_folder_path_on_hf,
+            repo_id=REPO_ID,
+            repo_type="dataset",
+            token=HF_TOKEN_WRITE,
+            commit_message=f"ADMIN ACTION: Deleted all files/folders for user {username}"
+        )
+        logging.info(f"Successfully initiated deletion of folder {user_folder_path_on_hf} on HF Hub.")
 
     except hf_utils.HfHubHTTPError as e:
-         # Handle case where the folder might not exist (already deleted or never created)
-         if e.response.status_code == 404 or "EntryNotFoundError" in str(e) or "not found" in str(e).lower():
-             logging.warning(f"User folder {user_folder_path_on_hf} or files not found on HF Hub for user {username}. Skipping HF deletion.")
+         if e.response.status_code == 404:
+             logging.warning(f"User folder {user_folder_path_on_hf} not found on HF Hub for user {username}. Skipping HF deletion.")
          else:
-             logging.error(f"Error deleting user folder/files {user_folder_path_on_hf} from HF Hub for {username}: {e}")
+             logging.error(f"Error deleting user folder {user_folder_path_on_hf} from HF Hub for {username}: {e}")
              flash(f'Ошибка при удалении файлов пользователя {username} с сервера: {e}. Пользователь НЕ удален из базы.', 'error')
              return redirect(url_for('admin_panel'))
     except Exception as e:
-        logging.error(f"Unexpected error during HF Hub folder/file deletion for {username}: {e}")
+        logging.error(f"Unexpected error during HF Hub folder deletion for {username}: {e}")
         flash(f'Неожиданная ошибка при удалении файлов {username} с сервера: {e}. Пользователь НЕ удален из базы.', 'error')
         return redirect(url_for('admin_panel'))
 
-    # Proceed with deleting user from database only if HF deletion was successful or skipped reasonably
     try:
         del data['users'][username]
         save_data(data)
-        flash(f'Пользователь {username} и его файлы (запрос на удаление с сервера отправлен/пропущен) успешно удалены из базы данных!')
+        flash(f'Пользователь {username} и его файлы (запрос на удаление отправлен) успешно удалены из базы данных!')
         logging.info(f"ADMIN ACTION: Successfully deleted user {username} from database.")
     except Exception as e:
         logging.error(f"Error saving data after deleting user {username}: {e}")
-        flash(f'Файлы пользователя {username} удалены с сервера (или не найдены), но произошла ошибка при удалении пользователя из базы данных: {e}', 'error')
+        flash(f'Файлы пользователя {username} удалены с сервера, но произошла ошибка при удалении пользователя из базы данных: {e}', 'error')
 
     return redirect(url_for('admin_panel'))