diff --git "a/app.py" "b/app.py"
--- "a/app.py"
+++ "b/app.py"
@@ -1,1871 +1,1010 @@
-import json
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
 import os
-import logging
-import threading
-import time
-from datetime import datetime
-from flask import Flask, render_template_string, request, redirect, url_for, session, flash, send_file, jsonify, Response
-from flask_caching import Cache
-from huggingface_hub import HfApi, hf_hub_download, utils as hf_utils
-from werkzeug.utils import secure_filename
-import requests
-from io import BytesIO
-import uuid
+from flask import Flask, request, Response, render_template_string, jsonify, redirect, url_for, make_response
 import hmac
 import hashlib
-from urllib.parse import unquote, parse_qs
+import json
+from urllib.parse import unquote, parse_qs, quote
+import time
+from datetime import datetime
+import logging
+import threading
+from huggingface_hub import HfApi, hf_hub_download, list_repo_files
+from huggingface_hub.utils import RepositoryNotFoundError, EntryNotFoundError
+import io
 
 # --- Configuration ---
-app = Flask(__name__)
-app.secret_key = os.getenv("FLASK_SECRET_KEY", "supersecretkey_folders_unique_tma")
-BOT_TOKEN = "6750208873:AAE2hvPlJ99dBdhGa_Brre0IIpUdOvXxHt4" # Your Telegram Bot Token
-DATA_FILE = 'cloudeng_data_tma.json'
-REPO_ID = "Eluza133/Z1e1u" # Your Hugging Face Repo ID
-HF_TOKEN_WRITE = os.getenv("HF_TOKEN")
-HF_TOKEN_READ = os.getenv("HF_TOKEN_READ") or HF_TOKEN_WRITE
-ADMIN_TELEGRAM_IDS_STR = os.getenv("ADMIN_TELEGRAM_IDS", "") # Comma-separated list of admin Telegram IDs
-ADMIN_TELEGRAM_IDS = set(int(tid.strip()) for tid in ADMIN_TELEGRAM_IDS_STR.split(',') if tid.strip().isdigit())
-UPLOAD_FOLDER = 'uploads_tma'
-os.makedirs(UPLOAD_FOLDER, exist_ok=True)
-
-cache = Cache(app, config={'CACHE_TYPE': 'simple'})
-logging.basicConfig(level=logging.INFO)
+BOT_TOKEN = os.getenv("BOT_TOKEN", "6750208873:AAE2hvPlJ99dBdhGa_Brre0IIpUdOvXxHt4")
+HOST = '0.0.0.0'
+PORT = 7860
 
-# --- Helper Functions ---
-
-def find_node_by_id(filesystem, node_id):
-    if not filesystem or not isinstance(filesystem, dict):
-        return None, None
-    if filesystem.get('id') == node_id:
-        return filesystem, None
-
-    queue = [(filesystem, None)]
-    while queue:
-        current_node, parent = queue.pop(0)
-        if current_node.get('type') == 'folder' and 'children' in current_node:
-            for i, child in enumerate(current_node.get('children', [])):
-                if not isinstance(child, dict): continue # Skip invalid children
-                if child.get('id') == node_id:
-                    return child, current_node
-                if child.get('type') == 'folder':
-                    queue.append((child, current_node))
-    return None, None
-
-def add_node(filesystem, parent_id, node_data):
-    parent_node, _ = find_node_by_id(filesystem, parent_id)
-    if parent_node and parent_node.get('type') == 'folder':
-        if 'children' not in parent_node or not isinstance(parent_node['children'], list):
-            parent_node['children'] = []
-        parent_node['children'].append(node_data)
-        return True
-    return False
-
-def remove_node(filesystem, node_id):
-    node_to_remove, parent_node = find_node_by_id(filesystem, node_id)
-    if node_to_remove and parent_node and 'children' in parent_node and isinstance(parent_node['children'], list):
-        parent_node['children'] = [child for child in parent_node['children'] if isinstance(child, dict) and child.get('id') != node_id]
-        return True
-    return False
-
-def get_node_path_string(filesystem, node_id):
-    path_list = []
-    current_id = node_id
-
-    while current_id:
-        node, parent = find_node_by_id(filesystem, current_id)
-        if not node:
-            break
-        if node.get('id') != 'root':
-             path_list.append(node.get('name', node.get('original_filename', '')))
-        if not parent:
-             break
-        current_id = parent.get('id') if parent else None
-
-    return " / ".join(reversed(path_list)) or "Root"
-
-
-def initialize_user_filesystem(user_data):
-    # user_data is already specific to one user
-    if 'filesystem' not in user_data or not isinstance(user_data.get('filesystem'), dict):
-        user_data['filesystem'] = {
-            "type": "folder",
-            "id": "root",
-            "name": "root",
-            "children": []
-        }
-        # Migration logic (optional, based on old structure if needed)
-        if 'files' in user_data and isinstance(user_data['files'], list):
-            telegram_id = user_data.get('telegram_id') # Assuming telegram_id is stored here
-            if telegram_id:
-                for old_file in user_data['files']:
-                     file_id = old_file.get('id', uuid.uuid4().hex)
-                     original_filename = old_file.get('filename', 'unknown_file')
-                     name_part, ext_part = os.path.splitext(original_filename)
-                     unique_suffix = uuid.uuid4().hex[:8]
-                     unique_filename = f"{name_part}_{unique_suffix}{ext_part}"
-                     hf_path = f"cloud_files/{str(telegram_id)}/root/{unique_filename}" # Use telegram_id
-
-                     file_node = {
-                         'type': 'file',
-                         'id': file_id,
-                         'original_filename': original_filename,
-                         'unique_filename': unique_filename,
-                         'path': hf_path,
-                         'file_type': get_file_type(original_filename),
-                         'upload_date': old_file.get('upload_date', datetime.now().strftime('%Y-%m-%d %H:%M:%S'))
-                     }
-                     add_node(user_data['filesystem'], 'root', file_node)
-            del user_data['files'] # Remove old structure
-
-@cache.memoize(timeout=300)
-def load_data():
-    try:
-        download_db_from_hf()
-        with open(DATA_FILE, 'r', encoding='utf-8') as file:
-            try:
-                data = json.load(file)
-            except json.JSONDecodeError:
-                logging.error(f"Error decoding JSON from {DATA_FILE}. Initializing empty database.")
-                return {'users': {}}
-
-            if not isinstance(data, dict):
-                logging.warning("Data is not in dict format, initializing empty database")
-                return {'users': {}}
-
-            # Ensure 'users' key exists and is a dictionary
-            if 'users' not in data or not isinstance(data['users'], dict):
-                 logging.warning("Corrupted or missing 'users' structure, re-initializing.")
-                 data['users'] = {}
-
-            # Convert keys to integers (Telegram IDs) and initialize filesystem
-            converted_users = {}
-            for user_id_str, user_data in data['users'].items():
-                try:
-                    user_id_int = int(user_id_str)
-                    if isinstance(user_data, dict):
-                        initialize_user_filesystem(user_data) # Ensure filesystem exists
-                        converted_users[user_id_int] = user_data
-                    else:
-                         logging.warning(f"Skipping invalid user data for key {user_id_str}")
-                except ValueError:
-                     logging.warning(f"Skipping non-integer user ID key: {user_id_str}")
-
-            data['users'] = converted_users
-            logging.info("Data successfully loaded and initialized")
-            return data
-    except FileNotFoundError:
-        logging.warning(f"{DATA_FILE} not found. Initializing empty database.")
-        return {'users': {}}
-    except Exception as e:
-        logging.error(f"Error loading data: {e}")
-        return {'users': {}}
+# Hugging Face Settings
+REPO_ID = "Eluza133/Z1e1u"
+HF_UPLOAD_FOLDER = "uploads" # Base folder for user uploads within the HF repo
+HF_TOKEN_WRITE = os.getenv("HF_TOKEN_WRITE") # Token with write access
+HF_TOKEN_READ = os.getenv("HF_TOKEN_READ") # Token with read access (can be same as write)
 
+app = Flask(__name__)
+logging.basicConfig(level=logging.INFO)
+app.secret_key = os.urandom(24)
+
+# --- Hugging Face API Initialization ---
+hf_api = None
+if HF_TOKEN_WRITE:
+    hf_api = HfApi(token=HF_TOKEN_WRITE)
+    logging.info("Hugging Face API initialized with WRITE token.")
+elif HF_TOKEN_READ:
+    hf_api = HfApi(token=HF_TOKEN_READ)
+    logging.info("Hugging Face API initialized with READ token (Uploads disabled).")
+else:
+    logging.warning("HF_TOKEN_WRITE and HF_TOKEN_READ not set. Hugging Face operations will fail.")
+
+
+# --- Telegram Verification ---
+def verify_telegram_data(init_data_str):
+    if not init_data_str:
+        logging.warning("Verification attempt with empty initData.")
+        return None, False, "Missing initData"
 
-def save_data(data):
-    try:
-        # Ensure all user keys are strings before saving to JSON
-        string_key_users = {str(k): v for k, v in data.get('users', {}).items()}
-        data_to_save = {'users': string_key_users}
-
-        with open(DATA_FILE, 'w', encoding='utf-8') as file:
-            json.dump(data_to_save, file, ensure_ascii=False, indent=4)
-        upload_db_to_hf()
-        cache.clear()
-        logging.info("Data saved and uploaded to HF")
-    except Exception as e:
-        logging.error(f"Error saving data: {e}")
-        raise
-
-def upload_db_to_hf():
-    if not HF_TOKEN_WRITE:
-        logging.warning("HF_TOKEN_WRITE not set, skipping database upload.")
-        return
-    try:
-        api = HfApi()
-        api.upload_file(
-            path_or_fileobj=DATA_FILE,
-            path_in_repo=DATA_FILE,
-            repo_id=REPO_ID,
-            repo_type="dataset",
-            token=HF_TOKEN_WRITE,
-            commit_message=f"Backup {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}"
-        )
-        logging.info("Database uploaded to Hugging Face")
-    except Exception as e:
-        logging.error(f"Error uploading database: {e}")
-
-def download_db_from_hf():
-    if not HF_TOKEN_READ:
-        logging.warning("HF_TOKEN_READ not set, skipping database download.")
-        if not os.path.exists(DATA_FILE):
-             with open(DATA_FILE, 'w', encoding='utf-8') as f:
-                 json.dump({'users': {}}, f)
-        return
-    try:
-        hf_hub_download(
-            repo_id=REPO_ID,
-            filename=DATA_FILE,
-            repo_type="dataset",
-            token=HF_TOKEN_READ,
-            local_dir=".",
-            local_dir_use_symlinks=False,
-            force_filename=DATA_FILE # Ensure correct filename
-        )
-        logging.info("Database downloaded from Hugging Face")
-    except hf_utils.RepositoryNotFoundError:
-         logging.error(f"Repository {REPO_ID} not found.")
-         if not os.path.exists(DATA_FILE):
-             with open(DATA_FILE, 'w', encoding='utf-8') as f:
-                 json.dump({'users': {}}, f)
-    except hf_utils.EntryNotFoundError:
-        logging.warning(f"{DATA_FILE} not found in repository {REPO_ID}. Initializing empty database.")
-        if not os.path.exists(DATA_FILE):
-            with open(DATA_FILE, 'w', encoding='utf-8') as f:
-                json.dump({'users': {}}, f)
-    except Exception as e:
-        logging.error(f"Error downloading database: {e}")
-        if not os.path.exists(DATA_FILE):
-            with open(DATA_FILE, 'w', encoding='utf-8') as f:
-                json.dump({'users': {}}, f)
-
-def periodic_backup():
-    while True:
-        time.sleep(1800) # Backup every 30 minutes
-        logging.info("Starting periodic backup...")
-        try:
-             # Ensure data is loaded before saving (important if app restarts)
-             current_data = load_data()
-             save_data(current_data)
-        except Exception as e:
-             logging.error(f"Error during periodic backup: {e}")
-
-
-def get_file_type(filename):
-    filename_lower = filename.lower()
-    if filename_lower.endswith(('.mp4', '.mov', '.avi', '.webm', '.mkv')):
-        return 'video'
-    elif filename_lower.endswith(('.jpg', '.jpeg', '.png', '.gif', '.bmp', '.webp', '.svg')):
-        return 'image'
-    elif filename_lower.endswith('.pdf'):
-        return 'pdf'
-    elif filename_lower.endswith('.txt'):
-        return 'text'
-    return 'other'
-
-def verify_telegram_auth(init_data_str, bot_token):
     try:
         parsed_data = parse_qs(init_data_str)
-        received_hash = parsed_data.get('hash', [None])[0]
+        received_hash = parsed_data.pop('hash', [None])[0]
 
         if not received_hash:
-            logging.warning("Hash missing in initData")
-            return None
+            logging.warning("Verification failed: Hash missing from initData.")
+            return None, False, "Hash missing"
 
-        data_check_string_parts = []
+        data_check_list = []
         for key, value in sorted(parsed_data.items()):
-            if key != 'hash':
-                # Values are lists from parse_qs, take the first element
-                data_check_string_parts.append(f"{key}={value[0]}")
-
-        data_check_string = "\n".join(data_check_string_parts)
+            # Make sure values are handled correctly, especially if multiple exist (though unlikely for standard fields)
+            data_check_list.append(f"{key}={value[0]}")
+        data_check_string = "\n".join(data_check_list)
 
-        secret_key = hmac.new("WebAppData".encode(), bot_token.encode(), hashlib.sha256).digest()
+        secret_key = hmac.new("WebAppData".encode(), BOT_TOKEN.encode(), hashlib.sha256).digest()
         calculated_hash = hmac.new(secret_key, data_check_string.encode(), hashlib.sha256).hexdigest()
 
         if calculated_hash == received_hash:
-            user_data_json = parsed_data.get('user', [None])[0]
-            if user_data_json:
+            auth_date = int(parsed_data.get('auth_date', [0])[0])
+            current_time = int(time.time())
+            # Check if data is reasonably fresh (e.g., within 24 hours)
+            if current_time - auth_date > 86400:
+                 logging.warning(f"Verification Warning: Telegram InitData is older than 24 hours (Auth Date: {auth_date}, Current: {current_time}). Allowing access.")
+                 # return parsed_data, False, "Data expired" # Uncomment to enforce expiry
+
+            user_data = None
+            if 'user' in parsed_data:
                 try:
-                    # Decode URL-encoded JSON string
-                    user_data = json.loads(unquote(user_data_json))
-                    if 'id' in user_data:
-                        logging.info(f"Telegram auth successful for user ID: {user_data['id']}")
-                        return user_data
-                    else:
-                         logging.error("User ID missing in user data")
-                         return None
-                except (json.JSONDecodeError, KeyError) as e:
-                     logging.error(f"Error parsing user data from initData: {e}")
-                     return None
+                    user_json_str = unquote(parsed_data['user'][0])
+                    user_data = json.loads(user_json_str)
+                except Exception as e:
+                    logging.error(f"Could not parse user JSON from initData: {e}")
+                    return None, False, "User data parsing failed"
             else:
-                logging.error("User data missing in initData")
-                return None
-        else:
-            logging.warning(f"Hash mismatch. Calculated: {calculated_hash}, Received: {received_hash}")
-            return None
+                logging.warning("User data missing in parsed initData.")
+                return None, False, "User data missing"
+
+            if not user_data or 'id' not in user_data:
+                logging.error("Verification failed: User ID missing after parsing.")
+                return None, False, "User ID missing"
 
+            logging.info(f"Verification successful for user ID: {user_data.get('id')}")
+            return user_data, True, "Verified"
+        else:
+            logging.warning(f"Verification failed: Hash mismatch. User: {parsed_data.get('user')}")
+            return None, False, "Invalid hash"
     except Exception as e:
-        logging.error(f"Exception during Telegram auth verification: {e}")
-        return None
-
-def is_admin():
-     # Check if the logged-in user's Telegram ID is in the admin list
-     return 'telegram_id' in session and session['telegram_id'] in ADMIN_TELEGRAM_IDS
-
-
-# --- HTML / CSS / JS ---
-
-BASE_STYLE = '''
-:root {
-    --primary: #ff4d6d; --secondary: #00ddeb; --accent: #8b5cf6;
-    --background-light: #f5f6fa; --background-dark: #1a1625;
-    --card-bg: rgba(255, 255, 255, 0.95); --card-bg-dark: rgba(40, 35, 60, 0.95);
-    --text-light: #2a1e5a; --text-dark: #e8e1ff; --shadow: 0 10px 30px rgba(0, 0, 0, 0.2);
-    --glass-bg: rgba(255, 255, 255, 0.15); --transition: all 0.3s ease; --delete-color: #ff4444;
-    --folder-color: #ffc107;
-    /* Telegram Theme Integration */
-    --tg-theme-bg-color: var(--background-light);
-    --tg-theme-text-color: var(--text-light);
-    --tg-theme-hint-color: #aaa;
-    --tg-theme-link-color: var(--accent);
-    --tg-theme-button-color: var(--primary);
-    --tg-theme-button-text-color: #ffffff;
-    --tg-theme-secondary-bg-color: var(--card-bg);
-}
-html.dark {
-     --tg-theme-bg-color: var(--background-dark);
-     --tg-theme-text-color: var(--text-dark);
-     --tg-theme-hint-color: #777;
-     --tg-theme-link-color: var(--accent);
-     --tg-theme-button-color: var(--primary);
-     --tg-theme-button-text-color: #ffffff;
-     --tg-theme-secondary-bg-color: var(--card-bg-dark);
-}
-
-* { margin: 0; padding: 0; box-sizing: border-box; }
-body {
-    font-family: 'Inter', sans-serif;
-    background-color: var(--tg-theme-bg-color);
-    color: var(--tg-theme-text-color);
-    line-height: 1.6;
-    transition: background-color 0.3s ease, color 0.3s ease;
-}
-.container { margin: 10px auto; max-width: 1200px; padding: 15px; background: var(--tg-theme-secondary-bg-color); border-radius: 15px; box-shadow: var(--shadow); overflow-x: hidden; }
-h1 { font-size: 1.8em; font-weight: 800; text-align: center; margin-bottom: 20px; background: linear-gradient(135deg, var(--primary), var(--accent)); -webkit-background-clip: text; color: transparent; }
-h2 { font-size: 1.4em; margin-top: 25px; color: var(--tg-theme-text-color); }
-h4 { font-size: 1.1em; margin-top: 15px; margin-bottom: 5px; color: var(--accent); }
-ol, ul { margin-left: 20px; margin-bottom: 15px; }
-li { margin-bottom: 5px; }
-input, textarea { width: 100%; padding: 12px; margin: 10px 0; border: none; border-radius: 12px; background: var(--glass-bg); color: var(--tg-theme-text-color); font-size: 1em; box-shadow: inset 0 2px 8px rgba(0, 0, 0, 0.1); }
-input:focus, textarea:focus { outline: none; box-shadow: 0 0 0 3px var(--primary); }
-.btn { padding: 12px 24px; background: var(--tg-theme-button-color); color: var(--tg-theme-button-text-color); border: none; border-radius: 12px; cursor: pointer; font-size: 1em; font-weight: 600; transition: var(--transition); box-shadow: var(--shadow); display: inline-block; text-decoration: none; margin-top: 5px; margin-right: 5px; }
-.btn:hover { transform: scale(1.03); filter: brightness(1.1); }
-.download-btn { background: var(--secondary); color: white; }
-.download-btn:hover { background: #00b8c5; }
-.delete-btn { background: var(--delete-color); color: white; }
-.delete-btn:hover { background: #cc3333; }
-.folder-btn { background: var(--folder-color); color: white; }
-.folder-btn:hover { background: #e6a000; }
-.flash { color: var(--secondary); text-align: center; margin-bottom: 15px; padding: 10px; background: rgba(0, 221, 235, 0.1); border-radius: 10px; }
-.flash.error { color: var(--delete-color); background: rgba(255, 68, 68, 0.1); }
-.file-grid { display: grid; grid-template-columns: repeat(auto-fill, minmax(150px, 1fr)); gap: 15px; margin-top: 20px; }
-.user-list { margin-top: 20px; }
-.user-item { padding: 15px; background: var(--tg-theme-secondary-bg-color); border-radius: 16px; margin-bottom: 10px; box-shadow: var(--shadow); transition: var(--transition); }
-.user-item:hover { transform: translateY(-5px); }
-.user-item a { color: var(--tg-theme-link-color); text-decoration: none; font-weight: 600; }
-.user-item a:hover { filter: brightness(1.2); }
-.item { background: var(--tg-theme-secondary-bg-color); padding: 10px; border-radius: 12px; box-shadow: var(--shadow); text-align: center; transition: var(--transition); display: flex; flex-direction: column; justify-content: space-between; }
-.item:hover { transform: translateY(-3px); }
-.item-preview { max-width: 100%; height: 100px; object-fit: cover; border-radius: 8px; margin-bottom: 8px; cursor: pointer; display: block; margin-left: auto; margin-right: auto;}
-.item.folder .item-preview { object-fit: contain; font-size: 50px; color: var(--folder-color); line-height: 100px; }
-.item p { font-size: 0.85em; margin: 3px 0; word-break: break-all; }
-.item a { color: var(--tg-theme-link-color); text-decoration: none; }
-.item a:hover { filter: brightness(1.2); }
-.item-actions { margin-top: 8px; display: flex; flex-wrap: wrap; gap: 5px; justify-content: center; }
-.item-actions .btn { font-size: 0.8em; padding: 5px 8px; }
-.modal { display: none; position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: rgba(0, 0, 0, 0.85); z-index: 2000; justify-content: center; align-items: center; }
-.modal-content { max-width: 95%; max-height: 95%; background: var(--tg-theme-secondary-bg-color); padding: 10px; border-radius: 15px; overflow: auto; position: relative; }
-.modal img, .modal video, .modal iframe, .modal pre { max-width: 100%; max-height: 85vh; display: block; margin: auto; border-radius: 10px; }
-.modal iframe { width: 90vw; height: 85vh; border: none; }
-.modal pre { background: rgba(0,0,0,0.1); color: var(--tg-theme-text-color); padding: 15px; border-radius: 8px; white-space: pre-wrap; word-wrap: break-word; text-align: left; max-height: 85vh; overflow-y: auto;}
-.modal-close-btn { position: absolute; top: 10px; right: 15px; font-size: 24px; color: var(--tg-theme-hint-color); cursor: pointer; background: rgba(0,0,0,0.3); border-radius: 50%; width: 25px; height: 25px; line-height: 25px; text-align: center; }
-#progress-container { width: 100%; background: var(--glass-bg); border-radius: 10px; margin: 15px 0; display: none; position: relative; height: 20px; }
-#progress-bar { width: 0%; height: 100%; background: var(--tg-theme-button-color); border-radius: 10px; transition: width 0.3s ease; }
-#progress-text { position: absolute; width: 100%; text-align: center; line-height: 20px; color: var(--tg-theme-button-text-color); font-size: 0.9em; font-weight: bold; text-shadow: 1px 1px 1px rgba(0,0,0,0.5); }
-.breadcrumbs { margin-bottom: 15px; font-size: 1em; color: var(--tg-theme-hint-color); }
-.breadcrumbs a { color: var(--tg-theme-link-color); text-decoration: none; }
-.breadcrumbs a:hover { text-decoration: underline; }
-.breadcrumbs span { margin: 0 5px; }
-.folder-actions { margin-top: 15px; margin-bottom: 10px; display: flex; gap: 8px; align-items: center; flex-wrap: wrap; }
-.folder-actions input[type=text] { width: auto; flex-grow: 1; margin: 0; min-width: 150px; }
-.folder-actions .btn { margin: 0; flex-shrink: 0;}
-.auth-container { text-align: center; padding: 50px 20px; }
-.auth-container p { margin-bottom: 20px; font-size: 1.1em; }
-.spinner { border: 4px solid rgba(0, 0, 0, 0.1); width: 36px; height: 36px; border-radius: 50%; border-left-color: var(--tg-theme-button-color); animation: spin 1s ease infinite; margin: 20px auto; }
-@keyframes spin { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } }
-@media (max-width: 768px) {
-    .file-grid { grid-template-columns: repeat(auto-fill, minmax(120px, 1fr)); }
-    .folder-actions { flex-direction: column; align-items: stretch; }
-    .folder-actions input[type=text] { width: 100%; }
-    .item-preview { height: 80px; }
-    .item.folder .item-preview { font-size: 40px; line-height: 80px; }
-    h1 { font-size: 1.6em; }
-    .btn { padding: 10px 20px; font-size: 0.9em; }
-    .item-actions .btn { padding: 4px 8px; font-size: 0.75em;}
-}
-'''
-
-INITIAL_AUTH_HTML = '''
-<!DOCTYPE html><html lang="ru"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no">
-<title>Zeus Cloud</title><link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;800&display=swap" rel="stylesheet">
-<script src="https://telegram.org/js/telegram-web-app.js"></script>
-<style>''' + BASE_STYLE + '''</style>
-</head><body><div class="container auth-container" id="auth-container">
-<h1>Zeus Cloud</h1><p id="auth-status">Инициализация и проверка авторизации...</p>
-<div id="spinner" class="spinner"></div>
-<div id="auth-error" class="flash error" style="display: none;"></div>
-</div>
-<script>
-    const tg = window.Telegram.WebApp;
-
-    function applyTheme() {
-        document.documentElement.className = tg.colorScheme === 'dark' ? 'dark' : '';
-        // Optional: More granular theme adjustments if needed
-        // document.body.style.backgroundColor = tg.themeParams.bg_color || '';
-        // document.body.style.color = tg.themeParams.text_color || '';
-    }
-
-    function showError(message) {
-        const errorDiv = document.getElementById('auth-error');
-        const statusP = document.getElementById('auth-status');
-        const spinner = document.getElementById('spinner');
-        errorDiv.textContent = message;
-        errorDiv.style.display = 'block';
-        statusP.style.display = 'none';
-        spinner.style.display = 'none';
-        tg.HapticFeedback.notificationOccurred('error');
-    }
-
-    function authenticate() {
-        const initData = tg.initData;
-        const statusP = document.getElementById('auth-status');
-
-        if (!initData) {
-            showError('Не удалось получить данные авторизации от Telegram. Попробуйте перезапустить приложение.');
-            return;
+        logging.error(f"Error verifying Telegram data: {e}", exc_info=True)
+        return None, False, "Internal verification error"
+
+# --- HTML Template ---
+TEMPLATE = """
+<!DOCTYPE html>
+<html lang="ru">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0, shrink-to-fit=no, user-scalable=no, viewport-fit=cover">
+    <title>Zeus Cloud</title>
+    <script src="https://telegram.org/js/telegram-web-app.js"></script>
+    <link rel="preconnect" href="https://fonts.googleapis.com">
+    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
+    <link href="https://fonts.googleapis.com/css2?family=Inter:wght@300;400;500;600;700&display=swap" rel="stylesheet">
+    <style>
+        :root {
+            --tg-theme-bg-color: {{ theme.bg_color | default('#ffffff') }};
+            --tg-theme-text-color: {{ theme.text_color | default('#000000') }};
+            --tg-theme-hint-color: {{ theme.hint_color | default('#707579') }};
+            --tg-theme-link-color: {{ theme.link_color | default('#007aff') }};
+            --tg-theme-button-color: {{ theme.button_color | default('#007aff') }};
+            --tg-theme-button-text-color: {{ theme.button_text_color | default('#ffffff') }};
+            --tg-theme-secondary-bg-color: {{ theme.secondary_bg_color | default('#f2f2f7') }};
+            --border-radius: 12px;
+            --padding: 16px;
+            --gap: 12px;
+            --font-family: 'Inter', -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif;
         }
-
-        statusP.textContent = 'Проверка данных...';
-        console.log("Sending initData for verification...");
-
-        fetch('/verify_auth', {
-            method: 'POST',
-            headers: { 'Content-Type': 'application/json' },
-            body: JSON.stringify({ init_data: initData })
-        })
-        .then(response => response.json())
-        .then(data => {
-            if (data.status === 'success') {
-                console.log("Auth successful, redirecting to dashboard...");
-                statusP.textContent = 'Авторизация успешна! Загрузка панели управления...';
-                tg.HapticFeedback.notificationOccurred('success');
-                // Redirect to dashboard, which will now be served correctly
-                window.location.href = '{{ url_for("dashboard") }}';
-            } else {
-                console.error("Auth failed:", data.message);
-                showError('Ошибка авторизации: ' + data.message);
-            }
-        })
-        .catch(error => {
-            console.error('Network or server error during auth:', error);
-            showError('Ошибка сети или сервера при авторизации. Пожалуйста, проверьте ваше соединение и попробуйте снова.');
-        });
-    }
-
-    tg.ready();
-    tg.expand(); // Expand the Mini App window
-    applyTheme();
-    tg.onEvent('themeChanged', applyTheme); // Listen for theme changes
-
-    authenticate(); // Start authentication process
-
-</script>
-</body></html>
-'''
-
-DASHBOARD_HTML = '''
-<!DOCTYPE html><html lang="ru"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no">
-<title>Панель управления - Zeus Cloud</title><link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;800&display=swap" rel="stylesheet">
-<script src="https://telegram.org/js/telegram-web-app.js"></script>
-<style>''' + BASE_STYLE + '''</style></head><body><div class="container">
-<h1>Zeus Cloud</h1>
-<p>Пользователь: {{ user_info.get('first_name', 'Неизвестно') }} {{ user_info.get('last_name', '') }} (ID: {{ telegram_id }})</p>
-{% with messages = get_flashed_messages(with_categories=true) %}
-    {% if messages %}
-        {% for category, message in messages %}
-            <div class="flash {{ category }}">{{ message }}</div>
-        {% endfor %}
-    {% endif %}
-{% endwith %}
-
-<div class="breadcrumbs">
-    {% for crumb in breadcrumbs %}
-        {% if crumb.is_link %}
-            <a href="{{ url_for('dashboard', folder_id=crumb.id) }}">{{ crumb.name if crumb.id != 'root' else 'Главная' }}</a>
-        {% else %}
-            <span>{{ crumb.name if crumb.id != 'root' else 'Главная' }}</span>
-        {% endif %}
-        {% if not loop.last %}<span>/</span>{% endif %}
-    {% endfor %}
-</div>
-
-<div class="folder-actions">
-    <form method="POST" action="{{ url_for('create_folder') }}" style="display: contents;">
-        <input type="hidden" name="parent_folder_id" value="{{ current_folder_id }}">
-        <input type="text" name="folder_name" placeholder="Имя новой папки" required pattern="^[a-zA-Z0-9 _.-]+$">
-        <button type="submit" class="btn folder-btn">Создать папку</button>
-    </form>
-</div>
-
-<form id="upload-form" method="POST" enctype="multipart/form-data" action="{{ url_for('upload_files') }}">
-    <input type="hidden" name="current_folder_id" value="{{ current_folder_id }}">
-    <input type="file" name="files" id="file-input" multiple required style="display: block; margin-bottom: 10px;">
-    <button type="submit" class="btn" id="upload-btn">Загрузить файлы сюда</button>
-</form>
-<div id="progress-container"><div id="progress-bar"></div><div id="progress-text">0%</div></div>
-
-<h2>Содержимое папки: {{ current_folder.name if current_folder_id != 'root' else 'Главная' }}</h2>
-<div class="file-grid">
-    {% for item in items %}
-        <div class="item {{ item.type }}">
-            {% if item.type == 'folder' %}
-                <a href="{{ url_for('dashboard', folder_id=item.id) }}" class="item-preview" title="Перейти в папку {{ item.name }}">📁</a>
-                <p><b>{{ item.name }}</b></p>
-                <div class="item-actions">
-                    <a href="{{ url_for('dashboard', folder_id=item.id) }}" class="btn folder-btn">Открыть</a>
-                     <form method="POST" action="{{ url_for('delete_folder', folder_id=item.id) }}" style="display: inline;" onsubmit="return confirmDeleteFolder('{{ item.name }}');">
-                         <input type="hidden" name="current_view_folder_id" value="{{ current_folder_id }}">
-                         <button type="submit" class="btn delete-btn">Удалить</button>
-                     </form>
-                </div>
-            {% elif item.type == 'file' %}
-                {% set previewable = item.file_type in ['image', 'video', 'pdf', 'text'] %}
-                 {% if item.file_type == 'image' %}
-                    <img class="item-preview" src="{{ hf_file_url(item.path) }}" alt="{{ item.original_filename }}" loading="lazy"
-                         onclick="openModal('{{ hf_file_url(item.path) }}', '{{ item.file_type }}', '{{ item.id }}')">
-                 {% elif item.file_type == 'video' %}
-                    <video class="item-preview" preload="metadata" muted loading="lazy"
-                           onclick="openModal('{{ hf_file_url(item.path) }}', '{{ item.file_type }}', '{{ item.id }}')">
-                           <source src="{{ hf_file_url(item.path, True) }}#t=0.5" type="video/mp4"> Your browser does not support the video tag. </video>
-                 {% elif item.file_type == 'pdf' %}
-                     <div class="item-preview" style="font-size: 50px; line-height: 100px; color: var(--accent); cursor: pointer;"
-                          onclick="openModal('{{ hf_file_url(item.path, True) }}', '{{ item.file_type }}', '{{ item.id }}')">📄</div>
-                 {% elif item.file_type == 'text' %}
-                      <div class="item-preview" style="font-size: 50px; line-height: 100px; color: var(--secondary); cursor: pointer;"
-                           onclick="openModal('{{ url_for('get_text_content', file_id=item.id) }}', '{{ item.file_type }}', '{{ item.id }}')">📝</div>
-                 {% else %}
-                     <div class="item-preview" style="font-size: 50px; line-height: 100px; color: var(--tg-theme-hint-color);">❓</div>
-                 {% endif %}
-                 <p title="{{ item.original_filename }}">{{ item.original_filename | truncate(25, True) }}</p>
-                 <p style="font-size: 0.8em; color: var(--tg-theme-hint-color);">{{ item.upload_date }}</p>
-                <div class="item-actions">
-                    <a href="{{ url_for('download_file', file_id=item.id) }}" class="btn download-btn">Скачать</a>
-                    {% if previewable %}
-                    <button class="btn" style="background: var(--accent);"
-                            onclick="openModal('{{ hf_file_url(item.path) if item.file_type != 'text' else url_for('get_text_content', file_id=item.id) }}', '{{ item.file_type }}', '{{ item.id }}')">Просмотр</button>
-                    {% endif %}
-                    <form method="POST" action="{{ url_for('delete_file', file_id=item.id) }}" style="display: inline;" onsubmit="return confirmDeleteFile('{{ item.original_filename }}');">
-                        <input type="hidden" name="current_view_folder_id" value="{{ current_folder_id }}">
-                        <button type="submit" class="btn delete-btn">Удалить</button>
-                    </form>
-                </div>
-            {% endif %}
-        </div>
-    {% endfor %}
-    {% if not items %} <p style="color: var(--tg-theme-hint-color);">Эта папка пуста.</p> {% endif %}
-</div>
-
-</div>
-
-<div class="modal" id="mediaModal" onclick="closeModalOnClickOutside(event)">
-    <div class="modal-content" id="modalContentContainer">
-        <span onclick="closeModalManual()" class="modal-close-btn">×</span>
-        <div id="modalContent"></div>
-    </div>
-</div>
-
-<script>
-    const tg = window.Telegram.WebApp;
-    const repoId = "{{ repo_id }}";
-    const hfTokenRead = "{{ HF_TOKEN_READ or '' }}"; // This likely won't work directly in JS, keep URL structure simple
-
-    function applyTheme() {
-        document.documentElement.className = tg.colorScheme === 'dark' ? 'dark' : '';
-    }
-
-    tg.ready();
-    applyTheme();
-    tg.onEvent('themeChanged', applyTheme);
-
-    function hfFileUrl(path, download = false) {
-        // Ensure path doesn't start with a slash if REPO_ID already includes one potentially
-        path = path.startsWith('/') ? path.substring(1) : path;
-        let url = `https://huggingface.co/datasets/${repoId}/resolve/main/${path}`;
-        if (download) url += '?download=true';
-        return url;
-    }
-
-    async function openModal(srcOrUrl, type, itemId) {
-        const modal = document.getElementById('mediaModal');
-        const modalContent = document.getElementById('modalContent');
-        modalContent.innerHTML = '<p style=\\"color: var(--tg-theme-text-color);\\">Загрузка...</p>'; // Escaped quote needed here
-        modal.style.display = 'flex';
-        tg.HapticFeedback.impactOccurred('light');
-
-        try {
-            if (type === 'image') {
-                modalContent.innerHTML = `<img src="${srcOrUrl}" alt="Просмотр изображения">`;
-            } else if (type === 'video') {
-                modalContent.innerHTML = `<video controls autoplay style='max-width: 95%; max-height: 85vh;'><source src="${srcOrUrl}" type="video/mp4">Ваш браузер не поддерживает видео.</video>`;
-            } else if (type === 'pdf') {
-                // PDF viewing might be tricky in TMA, iframe might work
-                modalContent.innerHTML = `<iframe src="${srcOrUrl}" title="Просмотр PDF"></iframe>`;
-                // Alternative: Button to open in external browser
-                // modalContent.innerHTML = \`<p>PDF файл. <a href="${srcOrUrl}" target="_blank" class="btn">Открыть в браузере</a></p>\`;
-            } else if (type === 'text') {
-                const response = await fetch(srcOrUrl); // Uses relative URL '/get_text_content/...'
-                if (!response.ok) throw new Error(`Ошибка загрузки текста: ${response.status} ${response.statusText}`);
-                const text = await response.text();
-                // Basic escaping for safety
-                const escapedText = text.replace(/</g, "<").replace(/>/g, ">");
-                modalContent.innerHTML = `<pre>${escapedText}</pre>`;
-            } else {
-                 modalContent.innerHTML = '<p style=\\"color: var(--tg-theme-text-color);\\">Предпросмотр для этого типа файла не поддерживается.</p>';
-            }
-        } catch (error) {
-             console.error("Error loading modal content:", error);
-             modalContent.innerHTML = `<p style=\\"color: var(--tg-theme-text-color);\\">Не удалось загрузить содержимое для предпросмотра. ${error.message}</p>`;
-             tg.HapticFeedback.notificationOccurred('error');
+        * { box-sizing: border-box; margin: 0; padding: 0; }
+        html {
+            background-color: var(--tg-theme-bg-color);
+            color-scheme: {{ 'dark' if theme.bg_color and theme.bg_color|lower != '#ffffff' and theme.bg_color|lower != '#fff' else 'light' }};
+        }
+        body {
+            font-family: var(--font-family);
+            background-color: var(--tg-theme-bg-color);
+            color: var(--tg-theme-text-color);
+            padding: var(--padding);
+            overscroll-behavior-y: none;
+            -webkit-font-smoothing: antialiased;
+            -moz-osx-font-smoothing: grayscale;
+            visibility: hidden;
+            min-height: 100vh;
+            display: flex;
+            flex-direction: column;
+        }
+        .container {
+            max-width: 700px;
+            width: 100%;
+            margin: 0 auto;
+            flex-grow: 1;
+            display: flex;
+            flex-direction: column;
+        }
+        .header {
+            display: flex;
+            justify-content: space-between;
+            align-items: center;
+            margin-bottom: calc(var(--padding) * 1.5);
+            padding-bottom: var(--padding);
+            border-bottom: 1px solid var(--tg-theme-secondary-bg-color);
+        }
+        .header h1 {
+            font-size: 1.8em;
+            font-weight: 700;
+            color: var(--tg-theme-text-color);
+        }
+        .user-info {
+            font-size: 0.9em;
+            color: var(--tg-theme-hint-color);
+            text-align: right;
+        }
+        .upload-section {
+            margin-bottom: var(--padding);
+            padding: var(--padding);
+            background-color: var(--tg-theme-secondary-bg-color);
+            border-radius: var(--border-radius);
+        }
+        .upload-section label {
+            display: flex;
+            align-items: center;
+            justify-content: center;
+            padding: 12px 20px;
+            background-color: var(--tg-theme-button-color);
+            color: var(--tg-theme-button-text-color);
+            border-radius: var(--border-radius);
+            cursor: pointer;
+            font-weight: 500;
+            transition: background-color 0.2s ease;
+            text-align: center;
+        }
+        .upload-section label:hover {
+            filter: brightness(1.1);
+        }
+        .upload-section input[type="file"] { display: none; }
+        .upload-section .progress-area {
+            margin-top: var(--gap);
+            display: none; /* Hidden initially */
+        }
+        .upload-section .progress-bar {
+            width: 100%;
+            height: 10px;
+            background-color: #e0e0e0;
+            border-radius: 5px;
+            overflow: hidden;
+        }
+        .upload-section .progress-bar-inner {
+            height: 100%;
+            width: 0%;
+            background-color: var(--tg-theme-link-color);
+            transition: width 0.3s ease;
+        }
+        .upload-section .progress-text {
+            font-size: 0.9em;
+            color: var(--tg-theme-hint-color);
+            text-align: center;
+            margin-top: 5px;
         }
-    }
 
-    function closeModalOnClickOutside(event) {
-        const modal = document.getElementById('mediaModal');
-        if (event.target === modal) {
-            closeModalManual();
+        .file-list-section {
+            margin-top: var(--padding);
+            flex-grow: 1;
         }
-    }
-
-    function closeModalManual() {
-         const modal = document.getElementById('mediaModal');
-         if (modal.style.display === 'none') return; // Prevent multiple triggers
-         modal.style.display = 'none';
-         const video = modal.querySelector('video');
-         if (video) { video.pause(); video.src = ''; } // Stop playback and clear source
-         const iframe = modal.querySelector('iframe');
-         if (iframe) iframe.src = 'about:blank'; // Clear iframe
-         document.getElementById('modalContent').innerHTML = ''; // Clear content
-         tg.HapticFeedback.impactOccurred('light');
-    }
-
-    function confirmDeleteFile(filename) {
-        tg.showConfirm(`Вы уверены, что хотите удалить файл "${filename}"?`, (confirmed) => {
-            if (confirmed) {
-                // Find the form and submit it programmatically
-                const forms = document.querySelectorAll('form[action*="/delete_file/"]');
-                forms.forEach(form => {
-                    // Find the form associated with this filename (might need better targeting if filenames aren't unique visually)
-                    // This basic check assumes the button's form is the correct one nearby.
-                     if (form.outerHTML.includes(filename)) { // Simple check, improve if needed
-                        form.submit();
-                    }
-                });
-            }
-        });
-        return false; // Prevent default form submission
-    }
-     function confirmDeleteFolder(foldername) {
-        tg.showConfirm(`Удалить папку "${foldername}"? Папку можно удалить только если она пуста.`, (confirmed) => {
-             if (confirmed) {
-                 const forms = document.querySelectorAll('form[action*="/delete_folder/"]');
-                 forms.forEach(form => {
-                      if (form.outerHTML.includes(foldername)) {
-                         form.submit();
-                     }
-                 });
-             }
-        });
-        return false; // Prevent default form submission
-    }
-
-
-    const form = document.getElementById('upload-form');
-    const fileInput = document.getElementById('file-input');
-    const progressBar = document.getElementById('progress-bar');
-    const progressText = document.getElementById('progress-text');
-    const progressContainer = document.getElementById('progress-container');
-    const uploadBtn = document.getElementById('upload-btn');
-
-    form.addEventListener('submit', function(e) {
-        e.preventDefault();
-        tg.HapticFeedback.impactOccurred('medium');
-
-        const files = fileInput.files;
-        if (files.length === 0) {
-             tg.showAlert('Пожалуйста, выберите файлы для загрузки.');
-             return;
+        .file-list-section h2 {
+            font-size: 1.3em;
+            font-weight: 600;
+            margin-bottom: var(--gap);
+            color: var(--tg-theme-text-color);
+        }
+        #file-list {
+            list-style: none;
+            padding: 0;
+            display: flex;
+            flex-direction: column;
+            gap: var(--gap);
+        }
+        #file-list li {
+            display: flex;
+            align-items: center;
+            padding: var(--padding);
+            background-color: var(--tg-theme-secondary-bg-color);
+            border-radius: var(--border-radius);
+            justify-content: space-between;
+            word-break: break-all;
+        }
+         #file-list li .file-info {
+            display: flex;
+            align-items: center;
+            gap: 10px;
+            flex-grow: 1;
+            min-width: 0; /* Prevent overflow */
+        }
+        #file-list li .file-icon {
+            font-size: 1.4em;
+            color: var(--tg-theme-hint-color);
+            min-width: 25px;
+            text-align: center;
+        }
+        #file-list li .file-name {
+            font-weight: 500;
+            color: var(--tg-theme-text-color);
+            text-decoration: none;
+            white-space: nowrap;
+            overflow: hidden;
+            text-overflow: ellipsis;
         }
-         if (files.length > 20) {
-             tg.showAlert('Максимум 20 файлов за раз!');
-             return;
+         #file-list li .file-name:hover {
+             color: var(--tg-theme-link-color);
+             text-decoration: underline;
          }
-
-        progressContainer.style.display = 'block';
-        progressBar.style.width = '0%';
-        progressText.textContent = '0%';
-        uploadBtn.disabled = true;
-        uploadBtn.textContent = 'Загрузка...';
-        tg.MainButton.showProgress();
-        tg.MainButton.setText('Загрузка...');
-        tg.MainButton.disable();
-
-        const formData = new FormData(form);
-        const xhr = new XMLHttpRequest();
-
-        xhr.upload.addEventListener('progress', function(event) {
-            if (event.lengthComputable) {
-                const percentComplete = Math.round((event.loaded / event.total) * 100);
-                progressBar.style.width = percentComplete + '%';
-                progressText.textContent = percentComplete + '%';
-                 // Optional: Update main button progress if desired, though it might conflict with overall page state
-            }
-        });
-
-        xhr.addEventListener('load', function() {
-            // Request finished. Reload the page to show updated file list and messages.
-            // Flashing messages should be handled by the backend on the reloaded page.
-             tg.HapticFeedback.notificationOccurred('success');
-             window.location.reload(); // Simplest way to refresh state
-        });
-
-         xhr.addEventListener('error', function() {
-            tg.showAlert('Произошла ошибка во время загрузки.');
-             resetUploadUI();
-             tg.HapticFeedback.notificationOccurred('error');
-        });
-
-        xhr.addEventListener('abort', function() {
-            tg.showAlert('Загрузка отменена.');
-            resetUploadUI();
-            tg.HapticFeedback.notificationOccurred('warning');
-        });
-
-        xhr.open('POST', form.action, true);
-        xhr.send(formData);
-    });
-
-    function resetUploadUI() {
-        uploadBtn.disabled = false;
-        uploadBtn.textContent = 'Загрузить файлы сюда';
-        progressContainer.style.display = 'none';
-        fileInput.value = ''; // Clear selected files
-        tg.MainButton.hideProgress();
-        tg.MainButton.setText('Загрузить'); // Or hide it if not needed globally
-        tg.MainButton.enable();
-    }
-
-    // Example of using MainButton - could be adapted for upload trigger
-    // tg.MainButton.setText("Upload Selected");
-    // tg.MainButton.onClick(() => {
-    //     if (fileInput.files.length > 0) {
-    //         form.requestSubmit(); // Programmatically submit the form
-    //     } else {
-    //         tg.showAlert("Please select files first.");
-    //     }
-    // });
-    // if (fileInput.files.length > 0) tg.MainButton.show(); else tg.MainButton.hide();
-    // fileInput.addEventListener('change', () => {
-    //     if (fileInput.files.length > 0) tg.MainButton.show(); else tg.MainButton.hide();
-    // });
-
-
-</script>
-</body></html>
-'''
-
-
-ADMIN_BASE_HTML = '''
-<!DOCTYPE html><html lang="ru"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>{% block title %}Админ-панель{% endblock %}</title>
-<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;800&display=swap" rel="stylesheet">
-<style>''' + BASE_STYLE + '''
-body { background: var(--background-dark); color: var(--text-dark); } /* Force dark theme for admin */
-.container { background: var(--card-bg-dark); }
-.user-item { background: rgba(255, 255, 255, 0.1); }
-.file-item { background: rgba(255, 255, 255, 0.1); padding: 15px; border-radius: 16px; box-shadow: var(--shadow); transition: var(--transition); display: flex; flex-direction: column; justify-content: space-between; }
-.file-item:hover { transform: translateY(-5px); }
-.file-preview { max-width: 100%; height: 100px; object-fit: contain; border-radius: 10px; margin-bottom: 10px; display: block; margin-left: auto; margin-right: auto; }
-.admin-file-actions { margin-top: 10px; display: flex; flex-wrap: wrap; gap: 5px; justify-content: center; }
-.admin-file-actions .btn { font-size: 0.8em; padding: 4px 8px; margin: 0; }
-</style></head><body><div class="container"><h1>{% block header %}Админ-панель{% endblock %}</h1>
-{% with messages = get_flashed_messages(with_categories=true) %}{% if messages %}<div style="margin-bottom: 15px;">{% for category, message in messages %}<div class="flash {{ category }}">{{ message }}</div>{% endfor %}</div>{% endif %}{% endwith %}
-{% block content %}{% endblock %}
-</div>
-
-<div class="modal" id="mediaModal" onclick="closeModalOnClickOutside(event)">
-    <div class="modal-content" id="modalContentContainer" style="background: var(--card-bg-dark);">
-        <span onclick="closeModalManual()" class="modal-close-btn" style="color: #ccc; background: rgba(0,0,0,0.6);">×</span>
-        <div id="modalContent"></div>
-    </div>
-</div>
-
-<script>
- // Minimal JS for admin modal - assumes tg object is not available here
- const repoId = "{{ repo_id }}"; // Pass repo_id to admin templates too
-
- function hfFileUrl(path, download = false) {
-     path = path.startsWith('/') ? path.substring(1) : path;
-     let url = `https://huggingface.co/datasets/${repoId}/resolve/main/${path}`;
-     if (download) url += '?download=true';
-     return url;
- }
-
- async function openModal(srcOrUrl, type, itemId) {
-     const modal = document.getElementById('mediaModal');
-     const modalContent = document.getElementById('modalContent');
-     modalContent.innerHTML = '<p style=\\"color: var(--text-dark);\\">Загрузка...</p>';
-     modal.style.display = 'flex';
-
-     try {
-         if (type === 'image') {
-             modalContent.innerHTML = `<img src="${srcOrUrl}" alt="Просмотр изображения">`;
-         } else if (type === 'video') {
-             modalContent.innerHTML = `<video controls autoplay style='max-width: 95%; max-height: 85vh;'><source src="${srcOrUrl}" type="video/mp4">Ваш браузер не поддерживает видео.</video>`;
-         } else if (type === 'pdf') {
-             modalContent.innerHTML = `<iframe src="${srcOrUrl}" title="Просмотр PDF"></iframe>`;
-         } else if (type === 'text') {
-             // Admin might need explicit URL for text content as relative path might differ
-             const textUrl = "{{ url_for('get_text_content', file_id='FILEID') }}".replace('FILEID', itemId);
-             const response = await fetch(textUrl); // Use the generated URL
-             if (!response.ok) throw new Error(`Ошибка загрузки текста: ${response.status} ${response.statusText}`);
-             const text = await response.text();
-             const escapedText = text.replace(/</g, "<").replace(/>/g, ">");
-             modalContent.innerHTML = `<pre style="background: #2b2a33; color: var(--text-dark);">${escapedText}</pre>`;
-         } else {
-              modalContent.innerHTML = '<p style=\\"color: var(--text-dark);\\">Предпросмотр для этого типа файла не поддерживается.</p>';
+         #file-list li .file-actions button {
+             background: none;
+             border: none;
+             color: var(--tg-theme-link-color);
+             cursor: pointer;
+             font-size: 1.1em;
+             margin-left: 10px;
+             padding: 5px;
+         }
+         #file-list li .file-actions button:hover {
+             opacity: 0.7;
          }
-     } catch (error) {
-          console.error("Error loading modal content:", error);
-          modalContent.innerHTML = `<p style=\\"color: var(--text-dark);\\">Не удалось загрузить содержимое для предпросмотра. ${error.message}</p>`;
-     }
- }
-
- function closeModalOnClickOutside(event) {
-     const modal = document.getElementById('mediaModal');
-     if (event.target === modal) {
-         closeModalManual();
-     }
- }
-
- function closeModalManual() {
-      const modal = document.getElementById('mediaModal');
-      if (modal.style.display === 'none') return;
-      modal.style.display = 'none';
-      const video = modal.querySelector('video');
-      if (video) { video.pause(); video.src = ''; }
-      const iframe = modal.querySelector('iframe');
-      if (iframe) iframe.src = 'about:blank';
-      document.getElementById('modalContent').innerHTML = '';
- }
-
- function confirmAdminDeleteUser(username, telegramId) {
-      return confirm(`ВНИМАНИЕ!\\nВы уверены, что хотите БЕЗВОЗВРАТНО удалить пользователя ${username} (ID: ${telegramId}) и ВСЕ его файлы с сервера и из базы данных?`);
- }
-  function confirmAdminDeleteFile(filename) {
-      return confirm(`Удалить файл ${filename} с сервера и из базы данных?`);
- }
-
-</script>
-{% block extra_js %}{% endblock %}
-</body></html>
-'''
-
-ADMIN_USERS_HTML = ADMIN_BASE_HTML.replace(
-    '{% block title %}Админ-панель{% endblock %}', 'Админ-панель - Пользователи'
-).replace(
-    '{% block header %}Админ-панель{% endblock %}', 'Админ-панель - Пользователи'
-).replace(
-    '{% block content %}{% endblock %}',
-    '''
-<h2>Пользователи</h2><div class="user-list">
-{% for user in user_details %}
-<div class="user-item">
-    <a href="{{ url_for('admin_user_files', telegram_id=user.telegram_id) }}">{{ user.username }} (ID: {{ user.telegram_id }})</a>
-    <p style="font-size: 0.9em; color: #ccc;">Зарегистрирован: {{ user.created_at }}</p>
-    <p style="font-size: 0.9em; color: #ccc;">Файлов: {{ user.file_count }}</p>
-    <form method="POST" action="{{ url_for('admin_delete_user', telegram_id=user.telegram_id) }}" style="display: inline; margin-left: 10px;"
-          onsubmit="return confirmAdminDeleteUser('{{ user.username }}', {{ user.telegram_id }});">
-        <button type="submit" class="btn delete-btn" style="padding: 5px 10px; font-size: 0.9em;">Удалить Пользователя</button>
-    </form>
-</div>
-{% else %}<p>Пользователей нет.</p>{% endfor %}</div>
-'''
-)
-
-ADMIN_USER_FILES_HTML = ADMIN_BASE_HTML.replace(
-    '{% block title %}Админ-панель{% endblock %}', 'Файлы {{ user_info.username }}'
-).replace(
-    '{% block header %}Админ-панель{% endblock %}', 'Файлы пользователя: {{ user_info.username }} (ID: {{ user_info.telegram_id }})'
-).replace(
-    '{% block content %}{% endblock %}',
-    '''
-<a href="{{ url_for('admin_panel') }}" class="btn" style="margin-bottom: 20px;">Назад к пользователям</a>
-<div style="display: grid; grid-template-columns: repeat(auto-fill, minmax(220px, 1fr)); gap: 20px;">
-{% for file in files %}
-<div class="file-item">
-    <div>
-    {% if file.file_type == 'image' %} <img class="file-preview" src="{{ hf_file_url(file.path) }}" loading="lazy" onclick="openModal('{{ hf_file_url(file.path) }}', '{{ file.file_type }}', '{{ file.id }}')" style="cursor: pointer;">
-    {% elif file.file_type == 'video' %} <video class="file-preview" preload="metadata" muted onclick="openModal('{{ hf_file_url(file.path) }}', '{{ file.file_type }}', '{{ file.id }}')" style="cursor: pointer;"><source src="{{ hf_file_url(file.path, True) }}#t=0.5"></video>
-    {% elif file.file_type == 'pdf' %} <div class="file-preview" style="font-size: 40px; line-height: 100px; text-align: center; color: var(--accent); cursor: pointer;" onclick="openModal('{{ hf_file_url(file.path, True) }}', '{{ file.file_type }}', '{{ file.id }}')">📄</div>
-    {% elif file.file_type == 'text' %} <div class="file-preview" style="font-size: 40px; line-height: 100px; text-align: center; color: var(--secondary); cursor: pointer;" onclick="openModal('{{ url_for('get_text_content', file_id=file.id) }}', '{{ file.file_type }}', '{{ file.id }}')">📝</div>
-    {% else %} <div class="file-preview" style="font-size: 40px; line-height: 100px; text-align: center; color: #aaa;">❓</div> {% endif %}
-    <p title="{{ file.original_filename }}" style="font-weight: bold;">{{ file.original_filename | truncate(30) }}</p>
-    <p style="font-size: 0.8em; color: #ccc;">В папке: {{ file.parent_path_str }}</p>
-    <p style="font-size: 0.8em; color: #ccc;">Загружен: {{ file.upload_date }}</p>
-    <p style="font-size: 0.7em; color: #999;">ID: {{ file.id }}</p>
-    <p style="font-size: 0.7em; color: #999; word-break: break-all;">Path: {{ file.path }}</p>
-    </div>
-    <div class="admin-file-actions">
-        <a href="{{ url_for('download_file', file_id=file.id) }}" class="btn download-btn">Скачать</a>
-        {% set previewable = file.file_type in ['image', 'video', 'pdf', 'text'] %}
-        {% if previewable %}
-        <button class="btn" style="background: var(--accent);"
-                onclick="openModal('{{ hf_file_url(file.path) if file.file_type != 'text' else url_for('get_text_content', file_id=file.id) }}', '{{ file.file_type }}', '{{ file.id }}')">Просмотр</button>
-        {% endif %}
-        <form method="POST" action="{{ url_for('admin_delete_file', telegram_id=user_info.telegram_id, file_id=file.id) }}" style="display: inline-block;" onsubmit="return confirmAdminDeleteFile('{{ file.original_filename }}');">
-             <button type="submit" class="btn delete-btn">Удалить Файл</button>
-        </form>
-    </div>
-</div>
-{% else %} <p>У п��льзователя нет файлов.</p> {% endfor %}
-</div>
-'''
-)
-
 
-# --- Flask Routes ---
+        #loading-indicator, #error-message, #no-files-message {
+            text-align: center;
+            padding: var(--padding);
+            color: var(--tg-theme-hint-color);
+            font-size: 1.1em;
+            display: none; /* Hidden initially */
+        }
+         #error-message {
+            color: #dc3545; /* Standard error color */
+            background-color: rgba(220, 53, 69, 0.1);
+            border: 1px solid rgba(220, 53, 69, 0.2);
+            border-radius: var(--border-radius);
+         }
+         /* Modal for media */
+        .media-modal {
+            display: none; position: fixed; z-index: 1001;
+            left: 0; top: 0; width: 100%; height: 100%;
+            overflow: auto; background-color: rgba(0,0,0,0.8);
+            backdrop-filter: blur(5px); -webkit-backdrop-filter: blur(5px);
+            animation: fadeIn 0.3s ease-out;
+        }
+        @keyframes fadeIn { from { opacity: 0; } to { opacity: 1; } }
+        .media-modal-content {
+            margin: auto; display: block;
+            max-width: 90%; max-height: 85%;
+            position: absolute; top: 50%; left: 50%;
+            transform: translate(-50%, -50%);
+        }
+         .media-modal img, .media-modal video {
+            display: block; width: auto; height: auto;
+            max-width: 100%; max-height: 100%;
+            margin: 0 auto;
+            border-radius: var(--border-radius);
+         }
+        .media-modal-close {
+            position: absolute; top: 15px; right: 35px;
+            color: #f1f1f1; font-size: 40px; font-weight: bold;
+            transition: 0.3s; cursor: pointer;
+        }
+        .media-modal-close:hover, .media-modal-close:focus { color: #bbb; text-decoration: none; }
+
+         /* Footer */
+         .footer {
+             text-align: center;
+             margin-top: calc(var(--padding) * 2);
+             padding-top: var(--padding);
+             border-top: 1px solid var(--tg-theme-secondary-bg-color);
+             font-size: 0.85em;
+             color: var(--tg-theme-hint-color);
+         }
 
-@app.route('/')
-def index():
-    # This route serves the initial HTML that will perform Telegram auth
-    return render_template_string(INITIAL_AUTH_HTML)
+    </style>
+</head>
+<body>
+    <div class="container">
+        <div class="header">
+            <h1>☁️ Zeus Cloud</h1>
+            <div class="user-info" id="user-info-greeting">Загрузка...</div>
+        </div>
 
-@app.route('/verify_auth', methods=['POST'])
-def verify_auth_route():
-    try:
-        payload = request.get_json()
-        init_data_str = payload.get('init_data')
+        <div class="upload-section">
+            <label for="file-upload">
+                📤 Выбрать файлы (до 20 шт.)
+            </label>
+            <input type="file" id="file-upload" multiple accept="*/*">
+            <div class="progress-area" id="progress-area">
+                <div class="progress-bar">
+                    <div class="progress-bar-inner" id="progress-bar-inner"></div>
+                </div>
+                <div class="progress-text" id="progress-text"></div>
+            </div>
+        </div>
 
-        if not init_data_str:
-            return jsonify({'status': 'error', 'message': 'Missing init_data'}), 400
+        <div class="file-list-section">
+            <h2>Мои файлы</h2>
+            <div id="loading-indicator">Загрузка списка файлов...</div>
+            <div id="error-message"></div>
+            <ul id="file-list"></ul>
+            <div id="no-files-message">У вас пока нет загруженных файлов.</div>
+        </div>
 
-        user_info = verify_telegram_auth(init_data_str, BOT_TOKEN)
+         <div class="footer">
+            Powered by Hugging Face & Telegram
+         </div>
 
-        if user_info and 'id' in user_info:
-            telegram_id = int(user_info['id']) # Ensure it's an integer
+    </div>
 
-            # Add user to database if they don't exist
-            data = load_data()
-            if telegram_id not in data['users']:
-                data['users'][telegram_id] = {
-                    'telegram_id': telegram_id,
-                    'user_info': user_info, # Store basic info
-                    'created_at': datetime.now().strftime('%Y-%m-%d %H:%M:%S'),
-                    'filesystem': {"type": "folder", "id": "root", "name": "root", "children": []}
-                }
-                try:
-                    save_data(data)
-                    logging.info(f"New user created: {telegram_id}")
-                except Exception as e:
-                    logging.error(f"Failed to save new user data for {telegram_id}: {e}")
-                    return jsonify({'status': 'error', 'message': 'Failed to initialize user data'}), 500
+    <!-- The Modal -->
+    <div id="mediaModal" class="media-modal">
+      <span class="media-modal-close" id="media-modal-close-btn">×</span>
+      <div id="media-modal-content-container">
+           </div>
+    </div>
 
-            # Store ID and info in session
-            session['telegram_id'] = telegram_id
-            session['user_info'] = user_info
-            session.permanent = True # Make session persistent
 
-            return jsonify({'status': 'success'})
-        else:
-            return jsonify({'status': 'error', 'message': 'Invalid Telegram credentials'}), 401
+    <script>
+        const tg = window.Telegram.WebApp;
+        const fileInput = document.getElementById('file-upload');
+        const fileList = document.getElementById('file-list');
+        const loadingIndicator = document.getElementById('loading-indicator');
+        const errorMessage = document.getElementById('error-message');
+        const noFilesMessage = document.getElementById('no-files-message');
+        const progressArea = document.getElementById('progress-area');
+        const progressBarInner = document.getElementById('progress-bar-inner');
+        const progressText = document.getElementById('progress-text');
+        const userInfoGreeting = document.getElementById('user-info-greeting');
+        const mediaModal = document.getElementById('mediaModal');
+        const mediaModalContentContainer = document.getElementById('media-modal-content-container');
+        const mediaModalCloseBtn = document.getElementById('media-modal-close-btn');
+
+
+        let currentUserId = null;
+        let currentInitData = null;
+        const HF_REPO_ID = "{{ repo_id }}";
+        const HF_UPLOAD_FOLDER_JS = "{{ upload_folder }}";
+        const MAX_FILES_UPLOAD = 20;
+
+        function applyTheme(themeParams) {
+            const root = document.documentElement;
+            const isDark = themeParams.bg_color && themeParams.bg_color.toLowerCase() !== '#ffffff' && themeParams.bg_color.toLowerCase() !== '#fff';
+            root.style.setProperty('--tg-theme-bg-color', themeParams.bg_color || (isDark ? '#1c1c1d' : '#ffffff'));
+            root.style.setProperty('--tg-theme-text-color', themeParams.text_color || (isDark ? '#ffffff' : '#000000'));
+            root.style.setProperty('--tg-theme-hint-color', themeParams.hint_color || (isDark ? '#999999' : '#707579'));
+            root.style.setProperty('--tg-theme-link-color', themeParams.link_color || '#007aff');
+            root.style.setProperty('--tg-theme-button-color', themeParams.button_color || '#007aff');
+            root.style.setProperty('--tg-theme-button-text-color', themeParams.button_text_color || '#ffffff');
+            root.style.setProperty('--tg-theme-secondary-bg-color', themeParams.secondary_bg_color || (isDark ? '#2c2c2e' : '#f2f2f7'));
+            root.style.setProperty('color-scheme', isDark ? 'dark' : 'light');
+        }
 
-    except Exception as e:
-        logging.error(f"Error in /verify_auth: {e}")
-        return jsonify({'status': 'error', 'message': 'Internal server error during authentication'}), 500
-
-
-@app.route('/dashboard')
-def dashboard():
-    if 'telegram_id' not in session or 'user_info' not in session:
-        # If not authenticated, redirect to the initial page which handles auth
-        return redirect(url_for('index'))
-
-    telegram_id = session['telegram_id']
-    user_info = session['user_info']
-    data = load_data()
-
-    if telegram_id not in data['users']:
-        # If user somehow disappeared from DB after login, clear session and redirect
-        session.clear()
-        flash('Ошибка: данные пользователя не найдены. Пожалуйста, авторизуйтесь снова.', 'error')
-        return redirect(url_for('index'))
-
-    user_data = data['users'][telegram_id]
-    # Ensure filesystem exists (might be redundant if load_data handles it well)
-    initialize_user_filesystem(user_data)
-
-    current_folder_id = request.args.get('folder_id', 'root')
-    current_folder, parent_folder = find_node_by_id(user_data.get('filesystem', {}), current_folder_id)
-
-    if not current_folder or current_folder.get('type') != 'folder':
-        flash('Запрошенная папка не найдена!', 'error')
-        current_folder_id = 'root'
-        current_folder, parent_folder = find_node_by_id(user_data.get('filesystem', {}), current_folder_id)
-        if not current_folder:
-             logging.error(f"CRITICAL: Root folder not found for user {telegram_id}")
-             flash('Критическая ошибка: корневая папка не найдена.', 'error')
-             session.clear()
-             return redirect(url_for('index'))
-
-    items_in_folder = sorted(current_folder.get('children', []), key=lambda x: (x.get('type', 'file') != 'folder', x.get('name', x.get('original_filename', '')).lower()))
-
-    # Calculate breadcrumbs
-    breadcrumbs = []
-    temp_id = current_folder_id
-    fs = user_data.get('filesystem', {})
-    while temp_id:
-        node, parent = find_node_by_id(fs, temp_id)
-        if not node: break
-        is_link = (node.get('id') != current_folder_id)
-        breadcrumbs.append({'id': node.get('id'), 'name': node.get('name', 'Root'), 'is_link': is_link})
-        if not parent: break
-        temp_id = parent.get('id')
-    breadcrumbs.reverse()
-
-    template_context = {
-        'telegram_id': telegram_id,
-        'user_info': user_info,
-        'items': items_in_folder,
-        'current_folder_id': current_folder_id,
-        'current_folder': current_folder,
-        'breadcrumbs': breadcrumbs,
-        'repo_id': REPO_ID,
-        'HF_TOKEN_READ': HF_TOKEN_READ, # Note: Passing tokens to JS isn't secure practice
-        'hf_file_url': lambda path, download=False: f"https://huggingface.co/datasets/{REPO_ID}/resolve/main/{path}{'?download=true' if download else ''}",
-        'os': os # os module likely not needed in template directly
-    }
-    return render_template_string(DASHBOARD_HTML, **template_context)
+        function showMessage(element, message) {
+            element.textContent = message;
+            element.style.display = 'block';
+        }
 
+        function hideMessage(element) {
+            element.style.display = 'none';
+        }
 
-@app.route('/upload', methods=['POST'])
-def upload_files():
-    if 'telegram_id' not in session:
-         # Use 401 Unauthorized or 403 Forbidden
-         return jsonify({"status": "error", "message": "Не авторизован"}), 401
+        function getFileIcon(filename) {
+            const extension = filename.split('.').pop().toLowerCase();
+            if (['jpg', 'jpeg', 'png', 'gif', 'bmp', 'webp', 'svg'].includes(extension)) return '🖼️';
+            if (['mp4', 'avi', 'mov', 'wmv', 'mkv', 'webm'].includes(extension)) return '🎬';
+            if (['mp3', 'wav', 'ogg', 'aac', 'flac'].includes(extension)) return '🎵';
+            if (['pdf'].includes(extension)) return '📄';
+            if (['doc', 'docx', 'odt'].includes(extension)) return '📝';
+            if (['xls', 'xlsx', 'ods'].includes(extension)) return '📊';
+            if (['ppt', 'pptx', 'odp'].includes(extension)) return '📽️';
+            if (['zip', 'rar', '7z', 'tar', 'gz'].includes(extension)) return '📦';
+            if (['txt', 'md', 'log'].includes(extension)) return '📜';
+            if (['html', 'css', 'js', 'py', 'java', 'c', 'cpp'].includes(extension)) return '💻';
+            return '📁'; // Default icon
+        }
 
-    telegram_id = session['telegram_id']
-    data = load_data()
-    user_data = data['users'].get(telegram_id)
+         function isViewableMedia(filename) {
+            const extension = filename.split('.').pop().toLowerCase();
+            return ['jpg', 'jpeg', 'png', 'gif', 'bmp', 'webp', 'svg', 'mp4', 'webm', 'ogg'].includes(extension); // Add video/audio types TWA can reasonably play
+        }
 
-    if not user_data:
-        return jsonify({"status": "error", "message": "Пользователь не найден"}), 404
+         function getMediaType(filename) {
+             const extension = filename.split('.').pop().toLowerCase();
+             if (['jpg', 'jpeg', 'png', 'gif', 'bmp', 'webp', 'svg'].includes(extension)) return 'image';
+             if (['mp4', 'webm', 'ogg'].includes(extension)) return 'video';
+             // Add audio later if needed
+             return null;
+         }
 
-    if not HF_TOKEN_WRITE:
-         flash('Загрузка невозможна: токен для записи не настроен.', 'error')
-         # Redirect back to the folder they were in
-         return redirect(url_for('dashboard', folder_id=request.form.get('current_folder_id', 'root')))
-
-    files = request.files.getlist('files')
-    target_folder_id = request.form.get('current_folder_id', 'root')
-
-    if not files or all(not f.filename for f in files):
-         flash('Файлы для загрузки не выбраны.', 'error')
-         return redirect(url_for('dashboard', folder_id=target_folder_id))
-
-    if len(files) > 20:
-        flash('Максимум 20 файлов за раз!', 'error')
-        return redirect(url_for('dashboard', folder_id=target_folder_id))
-
-    target_folder_node, _ = find_node_by_id(user_data.get('filesystem',{}), target_folder_id)
-    if not target_folder_node or target_folder_node.get('type') != 'folder':
-         flash('Целевая папка для загрузки не найдена!', 'error')
-         # Redirect to root if target folder is invalid
-         return redirect(url_for('dashboard'))
-
-    api = HfApi()
-    uploaded_count = 0
-    errors = []
-
-    for file in files:
-        if file and file.filename:
-            original_filename = secure_filename(file.filename)
-            name_part, ext_part = os.path.splitext(original_filename)
-            unique_suffix = uuid.uuid4().hex[:8]
-            unique_filename = f"{name_part}_{unique_suffix}{ext_part}"
-            file_id = uuid.uuid4().hex
-
-            # Use telegram_id (as string) in path
-            hf_path = f"cloud_files/{str(telegram_id)}/{target_folder_id}/{unique_filename}"
-            temp_path = os.path.join(UPLOAD_FOLDER, f"{file_id}_{unique_filename}")
-
-            try:
-                file.save(temp_path)
-
-                api.upload_file(
-                    path_or_fileobj=temp_path,
-                    path_in_repo=hf_path,
-                    repo_id=REPO_ID,
-                    repo_type="dataset",
-                    token=HF_TOKEN_WRITE,
-                    commit_message=f"User {telegram_id} uploaded {original_filename} to folder {target_folder_id}"
-                )
-
-                file_info = {
-                    'type': 'file',
-                    'id': file_id,
-                    'original_filename': original_filename,
-                    'unique_filename': unique_filename,
-                    'path': hf_path,
-                    'file_type': get_file_type(original_filename),
-                    'upload_date': datetime.now().strftime('%Y-%m-%d %H:%M:%S')
-                }
 
-                if add_node(user_data['filesystem'], target_folder_id, file_info):
-                    uploaded_count += 1
-                else:
-                    errors.append(f"Ошибка добавления метаданных для {original_filename}.")
-                    logging.error(f"Failed to add node metadata for file {file_id} to folder {target_folder_id} for user {telegram_id}")
-                    # Attempt to clean up orphaned HF file
-                    try:
-                        api.delete_file(path_in_repo=hf_path, repo_id=REPO_ID, repo_type="dataset", token=HF_TOKEN_WRITE)
-                    except Exception as del_err:
-                        logging.error(f"Failed to delete orphaned file {hf_path} from HF Hub: {del_err}")
-
-            except Exception as e:
-                logging.error(f"Error uploading file {original_filename} for {telegram_id}: {e}")
-                errors.append(f"Ошибка загрузки файла {original_filename}: {e}")
-            finally:
-                if os.path.exists(temp_path):
-                    os.remove(temp_path)
-
-    if uploaded_count > 0:
-        try:
-            save_data(data)
-            flash(f'{uploaded_count} файл(ов) успешно загружено!')
-        except Exception as e:
-             flash('Файлы загружены на сервер, но произошла ошибка сохранения метаданных.', 'error')
-             logging.error(f"Error saving data after upload for {telegram_id}: {e}")
-
-    if errors:
-        for error_msg in errors:
-            flash(error_msg, 'error')
-
-    # Redirect back to the folder where files were uploaded
-    return redirect(url_for('dashboard', folder_id=target_folder_id))
-
-
-@app.route('/create_folder', methods=['POST'])
-def create_folder():
-    if 'telegram_id' not in session:
-        flash('Пожалуйста, авторизуйтесь.', 'error')
-        return redirect(url_for('index'))
-
-    telegram_id = session['telegram_id']
-    data = load_data()
-    user_data = data['users'].get(telegram_id)
-    if not user_data:
-         flash('Пользователь не найден!', 'error')
-         session.clear()
-         return redirect(url_for('index'))
-
-    parent_folder_id = request.form.get('parent_folder_id', 'root')
-    folder_name = request.form.get('folder_name', '').strip()
-
-    if not folder_name:
-        flash('Имя папки не может быть пустым!', 'error')
-        return redirect(url_for('dashboard', folder_id=parent_folder_id))
-
-    # Allow more characters, restrict later if needed, basic validation
-    import re
-    if not re.match(r"^[a-zA-Z0-9 _.-]+$", folder_name):
-         flash('Имя папки содержит недопустимые символы.', 'error')
-         return redirect(url_for('dashboard', folder_id=parent_folder_id))
-
-    folder_id = uuid.uuid4().hex
-    folder_data = {
-        'type': 'folder',
-        'id': folder_id,
-        'name': folder_name,
-        'children': []
-    }
-
-    if add_node(user_data.get('filesystem',{}), parent_folder_id, folder_data):
-        try:
-            save_data(data)
-            flash(f'Папка "{folder_name}" успешно создана.')
-        except Exception as e:
-            flash('Ошибка сохранения данных при создании папки.', 'error')
-            logging.error(f"Create folder save error for {telegram_id}: {e}")
-    else:
-        flash('Не удалось найти родительскую папку.', 'error')
-
-    return redirect(url_for('dashboard', folder_id=parent_folder_id))
-
-
-@app.route('/download/<file_id>')
-def download_file(file_id):
-    current_user_id = session.get('telegram_id')
-    admin_access = is_admin() # Check if current session holder is admin
-
-    if not current_user_id and not admin_access:
-        flash('Пожалуйста, авторизуйтесь для скачивания.')
-        return redirect(url_for('index')) # Redirect to auth page
-
-    data = load_data()
-    file_node = None
-    owner_id = None
-
-    # 1. Try finding the file for the current user (if logged in)
-    if current_user_id:
-        user_data = data['users'].get(current_user_id)
-        if user_data and 'filesystem' in user_data:
-            file_node, _ = find_node_by_id(user_data['filesystem'], file_id)
-            if file_node:
-                owner_id = current_user_id
-
-    # 2. If not found for current user OR if current user is admin and wants to search all
-    if not file_node and admin_access:
-        logging.info(f"Admin {current_user_id} searching for file ID {file_id} across all users.")
-        for user_id, udata in data.get('users', {}).items():
-            if 'filesystem' in udata:
-                node, _ = find_node_by_id(udata['filesystem'], file_id)
-                if node and node.get('type') == 'file':
-                    file_node = node
-                    owner_id = user_id # Found the owner
-                    logging.info(f"Admin {current_user_id} found file ID {file_id} belonging to user {owner_id}")
-                    break
-
-    if not file_node or file_node.get('type') != 'file':
-         flash('Файл не найден!', 'error')
-         # Redirect back to dashboard if logged in, or index if not
-         referer = request.referrer
-         if current_user_id and referer and ('dashboard' in referer or 'admhosto' in referer):
-              return redirect(referer)
-         elif current_user_id:
-              return redirect(url_for('dashboard'))
-         else: # Admin accessing directly without session? Should not happen ideally.
-             return redirect(url_for('admin_panel' if admin_access else 'index'))
-
-
-    hf_path = file_node.get('path')
-    original_filename = file_node.get('original_filename', 'downloaded_file')
-
-    if not hf_path:
-        flash('Ошибка: Путь к файлу не найден в метаданных.', 'error')
-        referer = request.referrer
-        if current_user_id and referer and ('dashboard' in referer or 'admhosto' in referer):
-             return redirect(referer)
-        elif current_user_id:
-             return redirect(url_for('dashboard'))
-        else:
-            return redirect(url_for('admin_panel' if admin_access else 'index'))
+        function displayFiles(files) {
+            fileList.innerHTML = ''; // Clear existing list
+            hideMessage(loadingIndicator);
+            hideMessage(errorMessage);
 
+            if (!files || files.length === 0) {
+                showMessage(noFilesMessage, 'У вас пока нет загруженных файлов.');
+                return;
+            }
 
-    file_url = f"https://huggingface.co/datasets/{REPO_ID}/resolve/main/{hf_path}?download=true"
+            hideMessage(noFilesMessage);
+
+            files.sort().forEach(filePath => {
+                // filePath is like "uploads/USER_ID/filename.ext"
+                const filename = filePath.split('/').pop();
+                const li = document.createElement('li');
+
+                const fileInfoDiv = document.createElement('div');
+                fileInfoDiv.className = 'file-info';
+
+                const iconSpan = document.createElement('span');
+                iconSpan.className = 'file-icon';
+                iconSpan.textContent = getFileIcon(filename);
+
+                const link = document.createElement('a');
+                link.className = 'file-name';
+                // Construct the direct download URL
+                const downloadUrl = `https://huggingface.co/datasets/${HF_REPO_ID}/resolve/main/${filePath}`;
+                link.href = downloadUrl;
+                link.textContent = filename;
+                link.target = '_blank'; // Open in new tab by default
+
+                fileInfoDiv.appendChild(iconSpan);
+                fileInfoDiv.appendChild(link);
+                li.appendChild(fileInfoDiv);
+
+                const actionsDiv = document.createElement('div');
+                actionsDiv.className = 'file-actions';
+
+                if (isViewableMedia(filename)) {
+                    const viewButton = document.createElement('button');
+                    viewButton.innerHTML = '👁️'; // Eye icon
+                    viewButton.title = 'Предпросмотр';
+                    viewButton.onclick = (e) => {
+                        e.preventDefault(); // Prevent default link navigation
+                        openMediaModal(downloadUrl, getMediaType(filename));
+                    };
+                    actionsDiv.appendChild(viewButton);
+                }
 
-    try:
-        headers = {}
-        if HF_TOKEN_READ:
-            headers["authorization"] = f"Bearer {HF_TOKEN_READ}"
-
-        response = requests.get(file_url, headers=headers, stream=True, timeout=60) # Added timeout
-        response.raise_for_status()
-
-        # Stream download for potentially large files
-        # file_content = BytesIO(response.content) # This loads whole file in memory
-        # return send_file(
-        #     file_content,
-        #     as_attachment=True,
-        #     download_name=original_filename,
-        #     mimetype='application/octet-stream'
-        # )
-
-        # Use Response streaming
-        return Response(
-            response.iter_content(chunk_size=8192),
-            mimetype='application/octet-stream',
-            headers={'Content-Disposition': f'attachment; filename="{original_filename}"'}
-        )
+                // Add download button explicitly if needed, though the link itself works
+                // const downloadButton = document.createElement('button');
+                // downloadButton.innerHTML = '💾'; // Save icon
+                // downloadButton.title = 'Скачать';
+                // downloadButton.onclick = () => window.open(downloadUrl, '_blank');
+                // actionsDiv.appendChild(downloadButton);
 
-    except requests.exceptions.RequestException as e:
-        logging.error(f"Error downloading file from HF ({hf_path}) for user {current_user_id or 'Admin'} (owner: {owner_id}): {e}")
-        flash(f'Ошибка скачивания файла {original_filename}! ({e})', 'error')
-        referer = request.referrer
-        if current_user_id and referer and ('dashboard' in referer or 'admhosto' in referer):
-             return redirect(referer)
-        elif current_user_id:
-             return redirect(url_for('dashboard'))
-        else:
-            return redirect(url_for('admin_panel' if admin_access else 'index'))
-    except Exception as e:
-        logging.error(f"Unexpected error during download ({hf_path}) for user {current_user_id or 'Admin'} (owner: {owner_id}): {e}")
-        flash('Произошла непредвиденная ошибка при скачивании файла.', 'error')
-        referer = request.referrer
-        if current_user_id and referer and ('dashboard' in referer or 'admhosto' in referer):
-             return redirect(referer)
-        elif current_user_id:
-             return redirect(url_for('dashboard'))
-        else:
-            return redirect(url_for('admin_panel' if admin_access else 'index'))
-
-
-@app.route('/delete_file/<file_id>', methods=['POST'])
-def delete_file(file_id):
-    if 'telegram_id' not in session:
-        flash('Пожалуйста, авторизуйтесь.', 'error')
-        return redirect(url_for('index'))
-
-    telegram_id = session['telegram_id']
-    data = load_data()
-    user_data = data['users'].get(telegram_id)
-    if not user_data:
-        flash('Пользователь не найден!', 'error')
-        session.clear()
-        return redirect(url_for('index'))
-
-    file_node, parent_node = find_node_by_id(user_data.get('filesystem',{}), file_id)
-    # Get the folder ID we should redirect back to
-    current_view_folder_id = request.form.get('current_view_folder_id', parent_node.get('id', 'root') if parent_node else 'root')
-
-
-    if not file_node or file_node.get('type') != 'file' or not parent_node:
-        flash('Файл не найден или не может быть удален.', 'error')
-        return redirect(url_for('dashboard', folder_id=current_view_folder_id))
-
-    hf_path = file_node.get('path')
-    original_filename = file_node.get('original_filename', 'файл')
-
-    # Handle deletion even if HF path is missing (clean up DB)
-    if not hf_path:
-        logging.warning(f'HF path missing for file {file_id} ({original_filename}) user {telegram_id}. Removing from DB only.')
-        flash(f'Ошибка: Путь к файлу {original_filename} не найден. Удаление только из базы.', 'warning')
-        if remove_node(user_data['filesystem'], file_id):
-            try:
-                save_data(data)
-                flash(f'Метаданные файла {original_filename} удалены (путь отсутствовал).')
-            except Exception as e:
-                flash('Ошибка сохранения данных после удаления метаданных.', 'error')
-                logging.error(f"Delete file metadata save error (no path) for {telegram_id}: {e}")
-        return redirect(url_for('dashboard', folder_id=current_view_folder_id))
-
-    # Check for write token before attempting HF deletion
-    if not HF_TOKEN_WRITE:
-         flash('Удаление невозможно: токен для записи не настроен.', 'error')
-         return redirect(url_for('dashboard', folder_id=current_view_folder_id))
+                 // Add delete button
+                const deleteButton = document.createElement('button');
+                deleteButton.innerHTML = '🗑️'; // Trash icon
+                deleteButton.title = 'Удалить';
+                deleteButton.onclick = () => confirmDeleteFile(filePath, filename, li);
+                actionsDiv.appendChild(deleteButton);
 
-    try:
-        api = HfApi()
-        api.delete_file(
-            path_in_repo=hf_path,
-            repo_id=REPO_ID,
-            repo_type="dataset",
-            token=HF_TOKEN_WRITE,
-            commit_message=f"User {telegram_id} deleted file {original_filename} (ID: {file_id})"
-        )
-        logging.info(f"Deleted file {hf_path} from HF Hub for user {telegram_id}")
-
-        if remove_node(user_data['filesystem'], file_id):
-            try:
-                save_data(data)
-                flash(f'Файл {original_filename} успешно удален!')
-            except Exception as e:
-                # Data saving failed after successful HF deletion - critical inconsistency
-                flash('Файл удален с сервера, но произошла КРИТИЧЕСКАЯ ошибка обновления базы данных. Свяжитесь с администратором.', 'error')
-                logging.error(f"CRITICAL: Delete file DB update error after HF deletion for {telegram_id}, file {file_id}: {e}")
-        else:
-             # Should not happen if file_node was found earlier
-             flash('Файл удален с сервера, но не найден в локальной базе данных для удаления метаданных.', 'error')
-             logging.error(f"Inconsistency: File {file_id} deleted from HF but not found in DB for user {telegram_id}")
-
-    except hf_utils.EntryNotFoundError:
-        logging.warning(f"File {hf_path} not found on HF Hub during delete attempt for user {telegram_id}. Removing from DB.")
-        if remove_node(user_data['filesystem'], file_id):
-            try:
-                save_data(data)
-                flash(f'Файл {original_filename} не найден на сервере, удален из базы.')
-            except Exception as e:
-                 flash('Ошибка сохранения данных после удаления метаданных (файл не найден на сервере).', 'error')
-                 logging.error(f"Delete file metadata save error (HF not found) for {telegram_id}: {e}")
-        else:
-             flash('Файл не найден ни на сервере, ни в базе данных.', 'error')
-    except Exception as e:
-        logging.error(f"Error deleting file {hf_path} for {telegram_id}: {e}")
-        flash(f'Ошибка удаления файла {original_filename}: {e}', 'error')
 
-    return redirect(url_for('dashboard', folder_id=current_view_folder_id))
+                li.appendChild(actionsDiv);
+                fileList.appendChild(li);
+            });
+        }
 
-@app.route('/delete_folder/<folder_id>', methods=['POST'])
-def delete_folder(folder_id):
-    if 'telegram_id' not in session:
-        flash('Пожалуйста, авторизуйтесь.', 'error')
-        return redirect(url_for('index'))
+        function fetchFiles() {
+            if (!currentInitData || !currentUserId) {
+                showMessage(errorMessage, 'Ошибка: Не удалось получить данные пользователя.');
+                return;
+            }
+            showMessage(loadingIndicator, 'Загрузка списка файлов...');
+            hideMessage(errorMessage);
+            hideMessage(noFilesMessage);
+            fileList.innerHTML = '';
+
+            fetch('/list_files', {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify({ initData: currentInitData })
+            })
+            .then(response => {
+                if (!response.ok) {
+                    return response.json().then(err => { throw new Error(err.message || `HTTP error ${response.status}`) });
+                }
+                return response.json();
+            })
+            .then(data => {
+                if (data.status === 'ok') {
+                    displayFiles(data.files);
+                } else {
+                    throw new Error(data.message || 'Не удалось загрузить файлы.');
+                }
+            })
+            .catch(error => {
+                console.error('Error fetching files:', error);
+                hideMessage(loadingIndicator);
+                showMessage(errorMessage, `Ошибка загрузки списка: ${error.message}`);
+            });
+        }
 
-    if folder_id == 'root':
-         flash('Нельзя удалить корневую папку!', 'error')
-         # Determine current view folder to redirect back correctly
-         current_view_folder_id = request.form.get('current_view_folder_id', 'root')
-         return redirect(url_for('dashboard', folder_id=current_view_folder_id))
+        function uploadFiles(files) {
+            if (!HF_TOKEN_WRITE) {
+                 showMessage(errorMessage, "Загрузка невозможна: отсутствует токен записи на сервере.");
+                 tg.showAlert("Загрузка временно недоступна.");
+                 return;
+            }
+            if (!currentInitData) {
+                showMessage(errorMessage, 'Ошибка: Не удалось получить данные для аутентификации.');
+                return;
+            }
+            if (files.length === 0) return;
+            if (files.length > MAX_FILES_UPLOAD) {
+                tg.showAlert(`Можно загрузить не более ${MAX_FILES_UPLOAD} файлов за раз.`);
+                return;
+            }
 
+            const formData = new FormData();
+            for (let i = 0; i < files.length; i++) {
+                formData.append('files', files[i]);
+            }
+            formData.append('initData', currentInitData);
 
-    telegram_id = session['telegram_id']
-    data = load_data()
-    user_data = data['users'].get(telegram_id)
-    if not user_data:
-        flash('Пользователь не найден!', 'error')
-        session.clear()
-        return redirect(url_for('index'))
+            progressArea.style.display = 'block';
+            progressBarInner.style.width = '0%';
+            progressText.textContent = `Загрузка ${files.length} файла(ов)... 0%`;
 
-    folder_node, parent_node = find_node_by_id(user_data.get('filesystem',{}), folder_id)
-    # Get the folder ID we should redirect back to (parent of the deleted folder)
-    redirect_to_folder_id = parent_node.get('id', 'root') if parent_node else 'root'
+            const xhr = new XMLHttpRequest();
+            xhr.open('POST', '/upload', true);
 
-    if not folder_node or folder_node.get('type') != 'folder' or not parent_node:
-        flash('Папка не найдена или не может быть удалена.', 'error')
-        return redirect(url_for('dashboard', folder_id=redirect_to_folder_id)) # Redirect to parent
+            xhr.upload.onprogress = function(event) {
+                if (event.lengthComputable) {
+                    const percentComplete = Math.round((event.loaded / event.total) * 100);
+                    progressBarInner.style.width = percentComplete + '%';
+                    progressText.textContent = `Загрузка ${files.length} файла(ов)... ${percentComplete}%`;
+                }
+            };
+
+            xhr.onload = function() {
+                progressText.textContent = 'Обработка...';
+                setTimeout(() => { // Give a small delay for visual feedback
+                    progressArea.style.display = 'none';
+                     try {
+                         const response = JSON.parse(xhr.responseText);
+                         if (xhr.status === 200 && response.status === 'ok') {
+                             tg.showAlert(response.message || `${files.length} файл(ов) успешно загружено!`);
+                             fetchFiles(); // Refresh the list
+                         } else {
+                             const errorMsg = response.message || `Ошибка сервера (${xhr.status})`;
+                             showMessage(errorMessage, `Ошибка загрузки: ${errorMsg}`);
+                             tg.showAlert(`Ошибка загрузки: ${errorMsg}`);
+                         }
+                     } catch (e) {
+                         showMessage(errorMessage, `Ошибка обработки ответа сервера: ${xhr.responseText}`);
+                         tg.showAlert('Произошла ошибка при загрузке.');
+                     }
+                }, 300);
+            };
 
+            xhr.onerror = function() {
+                progressArea.style.display = 'none';
+                const errorMsg = 'Ошибка сети или сервер недоступен.';
+                showMessage(errorMessage, errorMsg);
+                tg.showAlert(errorMsg);
+            };
 
-    folder_name = folder_node.get('name', 'папка')
+            xhr.send(formData);
+        }
 
-    # Check if folder is empty
-    if folder_node.get('children'):
-        flash(f'Папку "{folder_name}" можно удалить только если она пуста.', 'error')
-        # Redirect back to the folder containing the one attempted to delete
-        return redirect(url_for('dashboard', folder_id=parent_node.get('id', 'root')))
+        function openMediaModal(url, type) {
+             mediaModalContentContainer.innerHTML = ''; // Clear previous content
+             let mediaElement;
+             if (type === 'image') {
+                 mediaElement = document.createElement('img');
+                 mediaElement.src = url;
+                 mediaElement.alt = 'Предпросмотр изображения';
+             } else if (type === 'video') {
+                 mediaElement = document.createElement('video');
+                 mediaElement.src = url;
+                 mediaElement.controls = true;
+                 mediaElement.autoplay = false; // Consider autoplay settings
+                 mediaElement.alt = 'Предпросмотр видео';
+             } else {
+                 console.error("Unsupported media type for modal:", type);
+                 return;
+             }
+             mediaElement.className = 'media-modal-content';
+             mediaModalContentContainer.appendChild(mediaElement);
+             mediaModal.style.display = "block";
+             if (tg.HapticFeedback) tg.HapticFeedback.impactOccurred('light');
+         }
 
-    # Remove the empty folder node from the parent's children list
-    if remove_node(user_data['filesystem'], folder_id):
-        try:
-            save_data(data)
-            flash(f'Пустая папка "{folder_name}" успешно удалена.')
-        except Exception as e:
-            flash('Ошибка сохранения данных после удаления папки.', 'error')
-            logging.error(f"Delete empty folder save error for {telegram_id}: {e}")
-            # Attempt to revert deletion in memory? Maybe too complex, log error is primary
-    else:
-        # This case should ideally not happen if folder_node was found
-        flash('Не удалось удалить папку из структуры данных.', 'error')
-        logging.error(f"Failed to remove folder node {folder_id} for user {telegram_id} despite finding it.")
+         function closeMediaModal() {
+             mediaModal.style.display = "none";
+             // Important: Stop video/audio playback if any
+             const video = mediaModalContentContainer.querySelector('video');
+             if (video) {
+                 video.pause();
+                 video.src = ''; // Release resources
+             }
+             mediaModalContentContainer.innerHTML = ''; // Clear content
+         }
 
+        function confirmDeleteFile(filePath, filename, listItemElement) {
+             tg.showConfirm(`Вы уверены, что хотите удалить файл "${filename}"? Это действие необратимо.`, (confirmed) => {
+                if (confirmed) {
+                     deleteFile(filePath, listItemElement);
+                 }
+             });
+        }
 
-    # Redirect to the parent folder after deletion
-    return redirect(url_for('dashboard', folder_id=redirect_to_folder_id))
+        function deleteFile(filePath, listItemElement) {
+             if (!currentInitData) {
+                 tg.showAlert('Ошибка: Не удалось выполнить аутентификацию для удаления.');
+                 return;
+             }
+            if (!HF_TOKEN_WRITE) {
+                 tg.showAlert('Ошибка: Удаление файлов недоступно (требуется разрешение на запись).');
+                 return;
+            }
 
+             // Show visual indication of deletion in progress
+             listItemElement.style.opacity = '0.5';
+             const deleteButton = listItemElement.querySelector('.file-actions button[title="Удалить"]');
+             if (deleteButton) deleteButton.disabled = true;
+
+
+             fetch('/delete_file', {
+                 method: 'POST',
+                 headers: { 'Content-Type': 'application/json' },
+                 body: JSON.stringify({ initData: currentInitData, filePath: filePath })
+             })
+             .then(response => {
+                 if (!response.ok) {
+                     return response.json().then(err => { throw new Error(err.message || `HTTP error ${response.status}`) });
+                 }
+                 return response.json();
+             })
+             .then(data => {
+                 if (data.status === 'ok') {
+                     tg.showAlert(data.message || `Файл "${filePath.split('/').pop()}" удален.`);
+                      listItemElement.remove(); // Remove from list immediately
+                       // Check if the list is now empty
+                       if (fileList.children.length === 0) {
+                           showMessage(noFilesMessage, 'У вас пока нет загруженных файлов.');
+                       }
+                 } else {
+                     throw new Error(data.message || 'Не удалось удалить файл.');
+                 }
+             })
+             .catch(error => {
+                 console.error('Error deleting file:', error);
+                 tg.showAlert(`Ошибка удаления: ${error.message}`);
+                 // Restore visual state on error
+                 listItemElement.style.opacity = '1';
+                 if (deleteButton) deleteButton.disabled = false;
+             });
+         }
 
-@app.route('/get_text_content/<file_id>')
-def get_text_content(file_id):
-    current_user_id = session.get('telegram_id')
-    admin_access = is_admin()
+        // --- Initialization ---
+        function setupTelegram() {
+             if (!tg || !tg.initData) {
+                 console.error("Telegram WebApp script not loaded or initData is missing.");
+                 document.body.style.backgroundColor = '#f8d7da'; // Error background
+                 document.body.innerHTML = '<div style="padding: 20px; color: #721c24;">Ошибка: Не удалось инициализировать приложение Telegram. Попробуйте перезапустить.</div>';
+                 document.body.style.visibility = 'visible';
+                 return;
+             }
 
-    if not current_user_id and not admin_access:
-         return Response("Не авторизован", status=401, mimetype='text/plain')
+            tg.ready();
+            tg.expand();
+
+            currentInitData = tg.initData; // Store for later use in requests
+
+            applyTheme(tg.themeParams);
+            tg.onEvent('themeChanged', () => applyTheme(tg.themeParams));
+
+            // Get user info for greeting and ID
+            const user = tg.initDataUnsafe?.user;
+            if (user && user.id) {
+                currentUserId = user.id;
+                const name = user.first_name || user.username || 'Пользователь';
+                userInfoGreeting.textContent = `Привет, ${name}! 👋`;
+                 // Enable upload button only if write token is potentially present
+                 if (!HF_TOKEN_WRITE) {
+                     const uploadLabel = document.querySelector('.upload-section label');
+                     uploadLabel.style.backgroundColor = 'var(--tg-theme-hint-color)';
+                     uploadLabel.style.cursor = 'not-allowed';
+                     uploadLabel.title = 'Загрузка недоступна (нет прав на запись)';
+                     fileInput.disabled = true;
+                 }
+            } else {
+                showMessage(errorMessage, 'Ошибка: Не удалось определить пользователя Telegram.');
+                userInfoGreeting.textContent = 'Ошибка ID';
+                // Disable functionality if no user ID
+                fileInput.disabled = true;
+                return; // Stop further execution like fetching files
+            }
 
-    data = load_data()
-    file_node = None
-    owner_id = None
+            // Fetch initial file list
+            fetchFiles();
 
-    # Find file (similar logic to download)
-    if current_user_id:
-        user_data = data['users'].get(current_user_id)
-        if user_data and 'filesystem' in user_data:
-            file_node, _ = find_node_by_id(user_data['filesystem'], file_id)
-            if file_node: owner_id = current_user_id
+            // Event listeners
+            fileInput.addEventListener('change', (event) => {
+                uploadFiles(event.target.files);
+                // Clear the input after selection to allow re-uploading the same file
+                event.target.value = null;
+            });
 
-    if not file_node and admin_access:
-        for user_id, udata in data.get('users', {}).items():
-             if 'filesystem' in udata:
-                node, _ = find_node_by_id(udata['filesystem'], file_id)
-                if node and node.get('type') == 'file' and node.get('file_type') == 'text':
-                    file_node = node
-                    owner_id = user_id
-                    break
+             // Modal listeners
+            mediaModalCloseBtn.addEventListener('click', closeMediaModal);
+            mediaModal.addEventListener('click', (event) => {
+                 // Close if clicked outside the content area
+                 if (event.target === mediaModal) {
+                     closeMediaModal();
+                 }
+             });
 
-    if not file_node or file_node.get('type') != 'file' or file_node.get('file_type') != 'text':
-        return Response("Текстовый файл не найден", status=404, mimetype='text/plain')
 
-    hf_path = file_node.get('path')
-    if not hf_path:
-         logging.error(f"Path missing for text file {file_id} (owner {owner_id})")
-         return Response("Ошибка: путь к файлу отсутствует", status=500, mimetype='text/plain')
+            document.body.style.visibility = 'visible';
+        }
 
-    # Construct URL carefully
-    file_url = f"https://huggingface.co/datasets/{REPO_ID}/resolve/main/{hf_path}?download=true"
+        // --- Run ---
+        if (window.Telegram && window.Telegram.WebApp) {
+            setupTelegram();
+        } else {
+            console.warn("Telegram WebApp script not immediately available, waiting for window.onload");
+            window.addEventListener('load', setupTelegram);
+             // Fallback timeout
+             setTimeout(() => {
+                 if (document.body.style.visibility !== 'visible' && (!window.Telegram || !window.Telegram.WebApp)) {
+                      console.error("Telegram WebApp script fallback timeout triggered.");
+                      document.body.style.backgroundColor = '#f8d7da';
+                      document.body.innerHTML = '<div style="padding: 20px; color: #721c24;">Ошибка загрузки интерфейса Telegram. Проверьте соединение или попробуйте позже.</div>';
+                      document.body.style.visibility = 'visible';
+                  }
+             }, 3500);
+        }
 
-    try:
-        headers = {}
-        if HF_TOKEN_READ:
-            headers["authorization"] = f"Bearer {HF_TOKEN_READ}"
-
-        # Use a timeout for the request
-        response = requests.get(file_url, headers=headers, timeout=15)
-        response.raise_for_status() # Check for HTTP errors
-
-        # Limit preview size
-        MAX_PREVIEW_SIZE = 1 * 1024 * 1024 # 1 MB
-        if 'content-length' in response.headers:
-             try:
-                 if int(response.headers['content-length']) > MAX_PREVIEW_SIZE:
-                      return Response("Файл слишком большой для предпросмотра (> 1MB).", status=413, mimetype='text/plain')
-             except ValueError:
-                 pass # Ignore if content-length is not a valid number
-
-        file_content = response.content
-        if len(file_content) > MAX_PREVIEW_SIZE:
-             # Check size again in case Content-Length was missing/wrong
-             return Response("Файл слишком большой для предпросмотра (> 1MB).", status=413, mimetype='text/plain')
-
-
-        # Try decoding with UTF-8 first, then fallback
-        try:
-            text_content = file_content.decode('utf-8')
-        except UnicodeDecodeError:
-            try:
-                # Try common fallback encodings
-                text_content = file_content.decode('cp1251') # Windows Cyrillic
-            except UnicodeDecodeError:
-                 try:
-                     text_content = file_content.decode('latin-1') # ISO-8859-1
-                 except Exception:
-                     logging.warning(f"Could not decode text file {file_id} (owner {owner_id}, path {hf_path}) with known encodings.")
-                     return Response("Не удалось определить кодировку файла для предпросмотра.", status=500, mimetype='text/plain')
-
-        # Return plain text content
-        return Response(text_content, mimetype='text/plain; charset=utf-8') # Specify charset
-
-    except requests.exceptions.Timeout:
-        logging.error(f"Timeout fetching text content from HF ({hf_path}) for file {file_id} (owner {owner_id})")
-        return Response("Ошибка загрузки содержимого: время ожидания истекло.", status=504, mimetype='text/plain')
-    except requests.exceptions.RequestException as e:
-        logging.error(f"Error fetching text content from HF ({hf_path}) for file {file_id} (owner {owner_id}): {e}")
-        # Provide specific error if possible, e.g., 404
-        status_code = e.response.status_code if e.response is not None else 502
-        return Response(f"Ошибка загрузки содержимого: {e}", status=status_code, mimetype='text/plain')
-    except Exception as e:
-        logging.error(f"Unexpected error fetching text content ({hf_path}) for file {file_id} (owner {owner_id}): {e}")
-        return Response("Внутренняя ошибка сервера при получении содержимого файла.", status=500, mimetype='text/plain')
-
-# --- Admin Routes ---
-
-@app.route('/admhosto')
-def admin_panel():
-    if not is_admin():
-        # Maybe redirect to index or show a specific error page
-        flash('Доступ запрещен (Только для администраторов).', 'error')
-        return redirect(url_for('index'))
-
-    data = load_data()
-    users = data.get('users', {}) # Users keyed by integer telegram_id
-
-    user_details = []
-    for tid, udata in users.items():
-        if not isinstance(udata, dict): continue # Skip malformed user data
-        file_count = 0
-        fs = udata.get('filesystem', {})
-        if fs and 'children' in fs:
-            q = [fs.get('children', [])]
-            while q:
-                 current_level = q.pop(0)
-                 for item in current_level:
-                     if not isinstance(item, dict): continue # Skip invalid children
-                     if item.get('type') == 'file':
-                         file_count += 1
-                     elif item.get('type') == 'folder' and 'children' in item:
-                         q.append(item.get('children', []))
-
-        user_info = udata.get('user_info', {})
-        username = user_info.get('username', f"user_{tid}") # Fallback username
-        full_name = f"{user_info.get('first_name','')} {user_info.get('last_name','')}".strip()
-        display_name = full_name if full_name else username
-
-        user_details.append({
-            'telegram_id': tid,
-            'username': display_name, # Use combined name or username
-            'created_at': udata.get('created_at', 'N/A'),
-            'file_count': file_count
-        })
-
-    # Sort users, e.g., by creation date or ID
-    user_details.sort(key=lambda x: x.get('telegram_id'))
-
-    return render_template_string(ADMIN_USERS_HTML, user_details=user_details)
-
-
-@app.route('/admhosto/user/<int:telegram_id>')
-def admin_user_files(telegram_id):
-    if not is_admin():
-        flash('Доступ запрещен.', 'error')
-        return redirect(url_for('index'))
-
-    data = load_data()
-    user_data = data.get('users', {}).get(telegram_id) # Get user by integer ID
-
-    if not user_data or not isinstance(user_data, dict):
-        flash(f'Пользователь с ID {telegram_id} не найден.', 'error')
-        return redirect(url_for('admin_panel'))
-
-    user_info_dict = user_data.get('user_info', {})
-    username = user_info_dict.get('username', f"user_{telegram_id}")
-    full_name = f"{user_info_dict.get('first_name','')} {user_info_dict.get('last_name','')}".strip()
-    display_name = full_name if full_name else username
-
-    user_info_for_template = {
-        'telegram_id': telegram_id,
-        'username': display_name
-    }
-
-    all_files = []
-    fs = user_data.get('filesystem', {})
-
-    def collect_files(folder_node, current_path_id='root'):
-         if not folder_node or not isinstance(folder_node, dict) or folder_node.get('type') != 'folder':
-              return
-
-         # Calculate path string for the parent folder
-         parent_path_str = get_node_path_string(fs, current_path_id) if current_path_id != 'root' else "Root"
-
-         for item in folder_node.get('children', []):
-              if not isinstance(item, dict): continue # Skip malformed
-              if item.get('type') == 'file':
-                  # Add the calculated parent path string to the file item
-                  item['parent_path_str'] = parent_path_str
-                  all_files.append(item)
-              elif item.get('type') == 'folder':
-                  # Recursive call for subfolder, passing its ID
-                  collect_files(item, item.get('id'))
-
-    # Start collection from the root filesystem node
-    collect_files(fs, 'root')
-
-    all_files.sort(key=lambda x: x.get('upload_date', ''), reverse=True)
+    </script>
+</body>
+</html>
+"""
 
+# --- Flask Routes ---
+@app.route('/')
+def index():
+    theme_params = {} # Let JS handle theme application after tg.ready()
+    # Pass essential config to JS template
     return render_template_string(
-        ADMIN_USER_FILES_HTML,
-        user_info=user_info_for_template,
-        files=all_files,
+        TEMPLATE,
+        theme=theme_params,
         repo_id=REPO_ID,
-        hf_file_url=lambda path, download=False: f"https://huggingface.co/datasets/{REPO_ID}/resolve/main/{path}{'?download=true' if download else ''}",
-        url_for=url_for # Pass url_for to template if needed inside complex logic not handled by Jinja directly
+        upload_folder=HF_UPLOAD_FOLDER
     )
 
+@app.route('/list_files', methods=['POST'])
+def list_files_route():
+    req_data = request.get_json()
+    init_data_str = req_data.get('initData')
 
-@app.route('/admhosto/delete_user/<int:telegram_id>', methods=['POST'])
-def admin_delete_user(telegram_id):
-    if not is_admin():
-        flash('Доступ запрещен.', 'error')
-        return redirect(url_for('index')) # Redirect non-admins away
-
-    if not HF_TOKEN_WRITE:
-         flash('Удаление невозможно: токен Hugging Face для записи не настроен.', 'error')
-         return redirect(url_for('admin_panel'))
+    user_data, is_valid, message = verify_telegram_data(init_data_str)
 
-    data = load_data()
-    if telegram_id not in data.get('users', {}):
-        flash(f'Пользователь с ID {telegram_id} не найден!', 'error')
-        return redirect(url_for('admin_panel'))
+    if not is_valid or not user_data:
+        return jsonify({"status": "error", "message": f"Аутентификация не удалась: {message}"}), 403
 
-    user_data = data['users'][telegram_id]
-    user_info = user_data.get('user_info', {})
-    username_display = f"{user_info.get('first_name','')} {user_info.get('last_name','')}".strip() or f"user_{telegram_id}"
+    user_id = user_data.get('id')
+    if not user_id:
+         return jsonify({"status": "error", "message": "Не удалось определить ID пользователя."}), 403
 
-    logging.warning(f"ADMIN ACTION (User: {session.get('telegram_id')}): Attempting to delete user {username_display} (ID: {telegram_id}) and all their data.")
+    if not hf_api:
+         return jsonify({"status": "error", "message": "Hugging Face API не настроен на сервере."}), 500
 
-    # --- Step 1: Delete files from Hugging Face ---
-    hf_deletion_successful = False
+    user_folder_path = f"{HF_UPLOAD_FOLDER}/{user_id}"
     try:
-        api = HfApi()
-        # Use telegram_id (as string) in the path
-        user_folder_path_on_hf = f"cloud_files/{str(telegram_id)}"
-
-        logging.info(f"Attempting to delete HF Hub folder: {user_folder_path_on_hf} for user {telegram_id}")
-        # Use delete_folder, assuming it handles non-empty folders
-        api.delete_folder(
-            folder_path=user_folder_path_on_hf,
+        logging.info(f"Listing files for user {user_id} in repo {REPO_ID} path {user_folder_path}/")
+        # Use allow_patterns to list only files directly within the user's folder
+        repo_files = list_repo_files(
             repo_id=REPO_ID,
             repo_type="dataset",
-            token=HF_TOKEN_WRITE,
-            commit_message=f"ADMIN ACTION: Deleted all files/folders for user {telegram_id}"
+            token=HF_TOKEN_READ or HF_TOKEN_WRITE, # Use read or write token
+            paths=[user_folder_path], # Specify the directory
+            recursive=False # List only top-level files in the user dir
         )
-        logging.info(f"Successfully initiated deletion of folder {user_folder_path_on_hf} on HF Hub.")
-        hf_deletion_successful = True # Mark HF deletion as successful (or at least attempted without fatal error)
-
-    except hf_utils.HfHubHTTPError as e:
-         # Specifically check for 404 Not Found - means the folder doesn't exist, which is fine for deletion purpose
-         if e.response is not None and e.response.status_code == 404:
-             logging.warning(f"User folder {user_folder_path_on_hf} not found on HF Hub for user {telegram_id}. Skipping HF deletion, proceeding with DB removal.")
-             hf_deletion_successful = True # Consider it successful as there's nothing to delete
-         else:
-             # Other HTTP errors are problematic
-             logging.error(f"Error deleting user folder {user_folder_path_on_hf} from HF Hub for {telegram_id}: {e}")
-             flash(f'Ошибка при удалении файлов пользователя {username_display} с сервера: {e}. Пользователь НЕ удален из базы.', 'error')
-             return redirect(url_for('admin_panel')) # Stop the process if HF deletion fails unexpectedly
+        # The result includes the full path, which is what we want
+        user_files = [f for f in repo_files if f.startswith(user_folder_path + '/')]
+
+        logging.info(f"Found {len(user_files)} files for user {user_id}.")
+        return jsonify({"status": "ok", "files": user_files})
+
+    except EntryNotFoundError:
+         logging.info(f"User folder '{user_folder_path}' not found for user {user_id}. Returning empty list.")
+         return jsonify({"status": "ok", "files": []}) # Folder doesn't exist yet = no files
+    except RepositoryNotFoundError:
+         logging.error(f"Hugging Face repository '{REPO_ID}' not found.")
+         return jsonify({"status": "error", "message": f"Ошибка сервера: Репозиторий '{REPO_ID}' не найден."}), 500
     except Exception as e:
-        # Catch any other unexpected errors during HF deletion
-        logging.error(f"Unexpected error during HF Hub folder deletion for {telegram_id}: {e}")
-        flash(f'Неожиданная ошибка при удалении файлов {username_display} с сервера: {e}. Пользователь НЕ удален из базы.', 'error')
-        return redirect(url_for('admin_panel')) # Stop the process
+        logging.exception(f"Error listing files for user {user_id} from Hugging Face:")
+        return jsonify({"status": "error", "message": f"Ошибка сервера при получении списка файлов: {str(e)}"}), 500
 
-    # --- Step 2: Delete user from database (only if HF deletion was successful or skipped due to 404) ---
-    if hf_deletion_successful:
-        try:
-            del data['users'][telegram_id] # Remove user by integer key
-            save_data(data) # Save the updated data
-            flash(f'Пользователь {username_display} (ID: {telegram_id}) и его файлы (запрос на удаление с сервера отправлен/папка не найдена) успешно удалены из базы данных!')
-            logging.info(f"ADMIN ACTION: Successfully deleted user {telegram_id} from database.")
-        except KeyError:
-            # Should not happen if check at the beginning passed, but handle defensively
-            flash(f'Ошибка: Пользователь {username_display} (ID: {telegram_id}) не найден в базе данных во время попытки удаления (возможно, удален параллельно?).', 'error')
-            logging.error(f"KeyError while trying to delete user {telegram_id} from DB, possibly already removed.")
-        except Exception as e:
-            # Critical error: HF files might be deleted, but DB entry remains
-            logging.error(f"CRITICAL: Error saving data after deleting user {telegram_id} from DB: {e}. HF folder deletion was likely attempted.")
-            flash(f'Файлы пользователя {username_display} удалены (или не найдены) с сервера, но произошла КРИТИЧЕСКАЯ ошибка при удалении пользователя из базы данных: {e}. Срочно проверьте консистентность!', 'error')
-            # Do NOT redirect immediately, admin needs to see this critical error message
 
-    # Redirect back to the admin panel after operations
-    return redirect(url_for('admin_panel'))
+@app.route('/upload', methods=['POST'])
+def upload_file_route():
+    if not HF_TOKEN_WRITE:
+        return jsonify({"status": "error", "message": "Загрузка не разрешена: отсутствует токен записи."}), 403
+    if not hf_api:
+        return jsonify({"status": "error", "message": "Hugging Face API не настроен для записи."}), 500
+
+    init_data_str = request.form.get('initData')
+    user_data, is_valid, message = verify_telegram_data(init_data_str)
 
+    if not is_valid or not user_data:
+        return jsonify({"status": "error", "message": f"Аутентификация не удалась: {message}"}), 403
 
-@app.route('/admhosto/delete_file/<int:telegram_id>/<file_id>', methods=['POST'])
-def admin_delete_file(telegram_id, file_id):
-    # Ensure the action is performed by an admin
-    if not is_admin():
-        flash('Доступ запрещен.', 'error')
-        return redirect(url_for('index'))
+    user_id = user_data.get('id')
+    if not user_id:
+         return jsonify({"status": "error", "message": "Не удалось определить ID пользователя."}), 403
 
-    # Check if write token is available
-    if not HF_TOKEN_WRITE:
-         flash('Удаление файла невозможно: токен Hugging Face для записи не настроен.', 'error')
-         return redirect(url_for('admin_user_files', telegram_id=telegram_id)) # Redirect back to user's file list
+    uploaded_files = request.files.getlist('files')
+    if not uploaded_files:
+        return jsonify({"status": "error", "message": "Файлы не найдены в запросе."}), 400
+
+    if len(uploaded_files) > 20:
+         return jsonify({"status": "error", "message": "Слишком много файлов. Максимум: 20."}), 400
 
-    data = load_data()
-    # Get the specific user's data using the provided telegram_id
-    user_data = data.get('users', {}).get(telegram_id)
+    user_folder_path = f"{HF_UPLOAD_FOLDER}/{user_id}"
+    upload_success_count = 0
+    upload_errors = []
+
+    for file in uploaded_files:
+        if file.filename == '':
+            logging.warning(f"Skipping empty filename upload for user {user_id}.")
+            continue
+
+        # Sanitize filename potentially? For now, use original.
+        filename = file.filename
+        path_in_repo = f"{user_folder_path}/{filename}"
+
+        try:
+            # Check if file already exists to prevent accidental overwrite?
+            # Or just let upload_file handle it (it overwrites by default)
+            logging.info(f"Uploading '{filename}' for user {user_id} to {REPO_ID}/{path_in_repo}")
+
+            # Use a file-like object directly
+            file_content = file.read() # Read content into memory
+            file_obj = io.BytesIO(file_content)
+
+            hf_api.upload_file(
+                path_or_fileobj=file_obj,
+                path_in_repo=path_in_repo,
+                repo_id=REPO_ID,
+                repo_type="dataset",
+                token=HF_TOKEN_WRITE, # Explicitly use write token
+                commit_message=f"User {user_id} uploaded {filename}"
+                # create_pr=False # Direct commit is usually desired here
+            )
+            upload_success_count += 1
+            logging.info(f"Successfully uploaded '{filename}' for user {user_id}.")
+
+        except Exception as e:
+            logging.exception(f"Error uploading file '{filename}' for user {user_id} to Hugging Face:")
+            upload_errors.append(f"{filename}: {str(e)}")
+
+    if not upload_errors and upload_success_count > 0:
+        return jsonify({"status": "ok", "message": f"{upload_success_count} файл(ов) успешно загружено."})
+    elif upload_success_count > 0:
+         return jsonify({
+            "status": "partial_error",
+            "message": f"{upload_success_count} файл(ов) загружено. Ошибки: {'; '.join(upload_errors)}",
+            "errors": upload_errors
+         }), 207 # Multi-Status
+    else:
+         return jsonify({
+             "status": "error",
+             "message": f"Не удалось загрузить файлы. Ошибки: {'; '.join(upload_errors)}",
+             "errors": upload_errors
+         }), 500
 
-    if not user_data or not isinstance(user_data, dict):
-        flash(f'Пользователь с ID {telegram_id} не найден.', 'error')
-        return redirect(url_for('admin_panel')) # Redirect to main admin panel if user not found
 
-    # Find the file within this specific user's filesystem
-    file_node, parent_node = find_node_by_id(user_data.get('filesystem',{}), file_id)
+@app.route('/delete_file', methods=['POST'])
+def delete_file_route():
+    if not HF_TOKEN_WRITE:
+        return jsonify({"status": "error", "message": "Удаление не разрешено: отсутствует токен записи."}), 403
+    if not hf_api:
+        return jsonify({"status": "error", "message": "Hugging Face API не настроен для записи."}), 500
 
-    if not file_node or file_node.get('type') != 'file' or not parent_node:
-        flash(f'Файл с ID {file_id} не найден в структуре пользователя {telegram_id}.', 'error')
-        return redirect(url_for('admin_user_files', telegram_id=telegram_id)) # Redirect back to the user's file list
+    req_data = request.get_json()
+    init_data_str = req_data.get('initData')
+    file_path_to_delete = req_data.get('filePath') # e.g., "uploads/USER_ID/filename.ext"
 
-    hf_path = file_node.get('path')
-    original_filename = file_node.get('original_filename', 'файл')
+    if not file_path_to_delete:
+        return jsonify({"status": "error", "message": "Не указан путь к файлу для удаления."}), 400
 
-    user_info = user_data.get('user_info', {})
-    username_display = f"{user_info.get('first_name','')} {user_info.get('last_name','')}".strip() or f"user_{telegram_id}"
+    user_data, is_valid, message = verify_telegram_data(init_data_str)
 
+    if not is_valid or not user_data:
+        return jsonify({"status": "error", "message": f"Аутентификация не удалась: {message}"}), 403
 
-    # Handle deletion if HF path is missing in metadata
-    if not hf_path:
-        logging.warning(f"ADMIN ACTION (User: {session.get('telegram_id')}): HF path missing for file {file_id} ({original_filename}) user {telegram_id}. Removing from DB only.")
-        flash(f'Предупреждение: Путь к файлу {original_filename} отсутствует в метаданных. Удаление только из базы.', 'warning')
-        if remove_node(user_data['filesystem'], file_id):
-            try:
-                save_data(data)
-                flash(f'Метаданные файла {original_filename} (пользователь {username_display}) удалены (путь отсутствовал).')
-            except Exception as e:
-                 flash(f'Ошибка сохранения данных после удаления метаданных файла {original_filename} (путь отсутствовал).', 'error')
-                 logging.error(f"Admin delete file metadata save error (no path) for user {telegram_id}, file {file_id}: {e}")
-        return redirect(url_for('admin_user_files', telegram_id=telegram_id))
+    user_id = user_data.get('id')
+    if not user_id:
+         return jsonify({"status": "error", "message": "Не удалось определить ID пользователя."}), 403
 
+    # Security Check: Ensure the file path belongs to the authenticated user
+    expected_prefix = f"{HF_UPLOAD_FOLDER}/{user_id}/"
+    if not file_path_to_delete.startswith(expected_prefix):
+        logging.warning(f"User {user_id} attempted to delete unauthorized path: {file_path_to_delete}")
+        return jsonify({"status": "error", "message": "Ошибка доступа к файлу."}), 403
 
-    # --- Step 1: Delete file from Hugging Face ---
-    hf_deleted = False
     try:
-        api = HfApi()
-        api.delete_file(
-            path_in_repo=hf_path,
+        logging.info(f"Attempting to delete file '{file_path_to_delete}' for user {user_id} from repo {REPO_ID}")
+        hf_api.delete_file(
+            path_in_repo=file_path_to_delete,
             repo_id=REPO_ID,
             repo_type="dataset",
             token=HF_TOKEN_WRITE,
-            commit_message=f"ADMIN ACTION: Deleted file {original_filename} (ID: {file_id}) for user {telegram_id}"
+            commit_message=f"User {user_id} deleted {file_path_to_delete.split('/')[-1]}"
         )
-        logging.info(f"ADMIN ACTION (User: {session.get('telegram_id')}): Deleted file {hf_path} from HF Hub for user {telegram_id}")
-        hf_deleted = True # Mark HF deletion successful
-
-    except hf_utils.EntryNotFoundError:
-        logging.warning(f"ADMIN ACTION (User: {session.get('telegram_id')}): File {hf_path} not found on HF Hub during delete for user {telegram_id}. Removing from DB.")
-        flash(f'Файл {original_filename} (пользователь {username_display}) не найден на сервере Hugging Face. Удаляется из базы.', 'warning')
-        hf_deleted = True # Consider successful as the file is gone from HF
+        logging.info(f"Successfully deleted '{file_path_to_delete}' for user {user_id}.")
+        return jsonify({"status": "ok", "message": "Файл успешно удален."})
 
+    except EntryNotFoundError:
+        logging.warning(f"File '{file_path_to_delete}' not found for deletion by user {user_id}.")
+        # Could argue whether this is an error or success (file is gone)
+        return jsonify({"status": "error", "message": "Файл не найден на сервере."}), 404
     except Exception as e:
-        logging.error(f"ADMIN ACTION (User: {session.get('telegram_id')}): Error deleting file {hf_path} from HF for {telegram_id}: {e}")
-        flash(f'Ошибка удаления файла {original_filename} (пользователь {username_display}) с сервера: {e}. Файл НЕ удален из базы.', 'error')
-        # Do not proceed with DB deletion if HF deletion failed unexpectedly
-        return redirect(url_for('admin_user_files', telegram_id=telegram_id))
-
-    # --- Step 2: Delete file from database (if HF deletion was successful or skipped due to 404) ---
-    if hf_deleted:
-        if remove_node(user_data['filesystem'], file_id):
-            try:
-                save_data(data)
-                flash(f'Файл {original_filename} (пользователь {username_display}) успешно удален!')
-                logging.info(f"Successfully removed file {file_id} from DB for user {telegram_id}")
-            except Exception as e:
-                # Critical inconsistency
-                flash(f'Файл {original_filename} удален (или не найден) с сервера, но произошла КРИТИЧЕСКАЯ ошибка обновления базы данных для пользователя {username_display}.', 'error')
-                logging.error(f"CRITICAL: Admin delete file DB update error after HF action for user {telegram_id}, file {file_id}: {e}")
-        else:
-             # This indicates an inconsistency if file_node was found initially
-             flash(f'Файл {original_filename} удален (или не найден) с сервера, но НЕ НАЙДЕН в базе данных для удаления метаданных (пользователь {username_display}). Проверьте консистентность.', 'error')
-             logging.error(f"Inconsistency: File {file_id} deleted from HF (or not found) but failed to remove from DB structure for user {telegram_id}")
-
-    # Redirect back to the user's file list in the admin panel
-    return redirect(url_for('admin_user_files', telegram_id=telegram_id))
+        logging.exception(f"Error deleting file '{file_path_to_delete}' for user {user_id} from Hugging Face:")
+        return jsonify({"status": "error", "message": f"Ошибка сервера при удалении файла: {str(e)}"}), 500
 
 
 # --- App Initialization ---
-
 if __name__ == '__main__':
-    app.config['SESSION_PERMANENT'] = True
-    app.config['PERMANENT_SESSION_LIFETIME'] = timedelta(days=30) # Example: 30 days session lifetime
-
-    if not BOT_TOKEN:
-        logging.critical("BOT_TOKEN is not set. Telegram authentication will fail.")
-    if not HF_TOKEN_WRITE:
-        logging.warning("HF_TOKEN (write access) is not set. File uploads, deletions, and backups will fail.")
-    if not HF_TOKEN_READ:
-        logging.warning("HF_TOKEN_READ is not set. Falling back to HF_TOKEN. File downloads/previews might fail for private repos if HF_TOKEN is also not set.")
-    if not ADMIN_TELEGRAM_IDS:
-         logging.warning("ADMIN_TELEGRAM_IDS is not set. Admin panel access will be blocked.")
-    else:
-        logging.info(f"Admin Telegram IDs loaded: {ADMIN_TELEGRAM_IDS}")
-
-
-    # Perform initial DB download/check
-    if HF_TOKEN_READ or HF_TOKEN_WRITE:
-        logging.info("Performing initial database download/check...")
-        download_db_from_hf()
-    else:
-        logging.warning("No read or write token. Database operations with Hugging Face Hub are disabled.")
-        if not os.path.exists(DATA_FILE):
-            with open(DATA_FILE, 'w', encoding='utf-8') as f:
-                 json.dump({'users': {}}, f)
-            logging.info(f"Created empty local database file: {DATA_FILE}")
-
-    # Start periodic backup thread only if write token is available
-    if HF_TOKEN_WRITE:
-        backup_thread = threading.Thread(target=periodic_backup, daemon=True)
-        backup_thread.start()
-        logging.info("Periodic backup thread started.")
+    print("---")
+    print("--- ZEUS CLOUD MINI APP SERVER ---")
+    print("---")
+    print(f"Flask server starting on http://{HOST}:{PORT}")
+    print(f"Using Bot Token ID: {BOT_TOKEN.split(':')[0]}")
+    print(f"Hugging Face Repo: {REPO_ID}")
+    print(f"HF Upload Folder: {HF_UPLOAD_FOLDER}")
+    if not hf_api:
+         print("---")
+         print("--- WARNING: HUGGING FACE API NOT INITIALIZED ---")
+         print("--- Set HF_TOKEN_READ and/or HF_TOKEN_WRITE environment variables.")
+         print("--- File listing requires READ, Upload/Delete require WRITE.")
+         print("---")
+    elif not HF_TOKEN_WRITE:
+         print("---")
+         print("--- WARNING: HF_TOKEN_WRITE NOT SET ---")
+         print("--- File uploads and deletions will be disabled.")
+         print("---")
     else:
-        logging.warning("Periodic backup disabled because HF_TOKEN (write access) is not set.")
+         print("--- Hugging Face WRITE token found. Uploads/Deletes enabled.")
 
-    # Run the Flask app
-    # Use Gunicorn or another production server instead of app.run for deployment
-    # Example for local testing:
-    # from datetime import timedelta
-    app.run(debug=False, host='0.0.0.0', port=7861) # Use a different port, e.g., 7861
\ No newline at end of file
+    print("--- Server Ready ---")
+    # Use a production server like Waitress or Gunicorn instead of app.run() for deployment
+    # from waitress import serve
+    # serve(app, host=HOST, port=PORT)
+    app.run(host=HOST, port=PORT, debug=False) # debug=False recommended for production
\ No newline at end of file