diff --git "a/app.py" "b/app.py"
--- "a/app.py"
+++ "b/app.py"
@@ -1,58 +1,890 @@
-# --- START OF FILE app.py ---
 import os
 import hmac
 import hashlib
 import json
 from urllib.parse import unquote, parse_qsl
-from flask import Flask, request, jsonify, Response, session, send_file
+from flask import Flask, request, jsonify, Response, session, redirect, url_for, flash, render_template_string, send_file
+from flask_caching import Cache
 import time
-import logging
-import threading
 from datetime import datetime
 from huggingface_hub import HfApi, hf_hub_download, utils as hf_utils
 from werkzeug.utils import secure_filename
 import requests
 from io import BytesIO
 import uuid
+import threading
+import logging
 
-# --- Configuration ---
-BOT_TOKEN = os.environ.get('TELEGRAM_BOT_TOKEN', 'YOUR_BOT_TOKEN') # ВАЖНО: Замените или используйте env!
-HF_TOKEN_WRITE = os.environ.get("HF_TOKEN")
-HF_TOKEN_READ = os.environ.get("HF_TOKEN_READ") or HF_TOKEN_WRITE
-FLASK_SECRET_KEY = os.environ.get("FLASK_SECRET_KEY", "supersecretkey_mini_app_unique")
-REPO_ID = "Eluza133/Z1e1u" # Ваш репозиторий HF
-DATA_FILE = 'cloudeng_telegram_data.json' # Файл данных для TG версии
-UPLOAD_FOLDER = 'uploads_tg'
-os.makedirs(UPLOAD_FOLDER, exist_ok=True)
-AUTH_DATA_LIFETIME = 3600 # Время жизни initData (1 час)
+logging.basicConfig(level=logging.INFO)
 
-# --- Flask App Initialization ---
 app = Flask(__name__)
-app.secret_key = FLASK_SECRET_KEY
-logging.basicConfig(level=logging.INFO)
+app.secret_key = os.getenv("FLASK_SECRET_KEY", "supersecretkey_folders_unique_telegram")
+
+BOT_TOKEN = os.environ.get('TELEGRAM_BOT_TOKEN', 'YOUR_BOT_TOKEN')
+HOST = '0.0.0.0'
+PORT = 7860
+AUTH_DATA_LIFETIME = 3600
+DATA_FILE = 'cloudeng_data_telegram.json'
+REPO_ID = "Eluza133/Z1e1u"
+HF_TOKEN_WRITE = os.getenv("HF_TOKEN")
+HF_TOKEN_READ = os.getenv("HF_TOKEN_READ") or HF_TOKEN_WRITE
+UPLOAD_FOLDER = 'uploads'
+os.makedirs(UPLOAD_FOLDER, exist_ok=True)
+
+cache = Cache(app, config={'CACHE_TYPE': 'simple'})
+
+HTML_TEMPLATE = """
+<!DOCTYPE html>
+<html lang="ru">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
+    <title>Zeus Cloud TG</title>
+    <script src="https://telegram.org/js/telegram-web-app.js"></script>
+    <style>
+        :root {
+            --tg-theme-bg-color: var(--tg-bg-color, #ffffff);
+            --tg-theme-text-color: var(--tg-text-color, #000000);
+            --tg-theme-hint-color: var(--tg-hint-color, #999999);
+            --tg-theme-link-color: var(--tg-link-color, #2481cc);
+            --tg-theme-button-color: var(--tg-button-color, #5288c1);
+            --tg-theme-button-text-color: var(--tg-button-text-color, #ffffff);
+            --tg-theme-secondary-bg-color: var(--tg-secondary-bg-color, #f1f1f1);
+            --tg-viewport-height: var(--tg-viewport-stable-height, 100vh);
+        }
+
+        html { box-sizing: border-box; }
+        *, *:before, *:after { box-sizing: inherit; }
+
+        body {
+            font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif;
+            margin: 0;
+            padding: 15px;
+            background-color: var(--tg-theme-bg-color);
+            color: var(--tg-theme-text-color);
+            font-size: 16px;
+            line-height: 1.5;
+            display: flex;
+            flex-direction: column;
+            align-items: center;
+            min-height: var(--tg-viewport-height);
+            overflow-y: auto;
+            -webkit-font-smoothing: antialiased;
+            -moz-osx-font-smoothing: grayscale;
+        }
+        .container {
+            width: 100%;
+            max-width: 600px;
+            background-color: var(--tg-theme-secondary-bg-color);
+            padding: 20px;
+            border-radius: 10px;
+            margin-bottom: 20px;
+            box-shadow: 0 2px 5px rgba(0,0,0,0.1);
+            text-align: center;
+            flex-shrink: 0;
+        }
+        #loading, #error {
+            padding: 20px;
+            text-align: center;
+        }
+        #content {
+            display: none;
+            width: 100%;
+            flex-direction: column;
+            align-items: center;
+        }
+        #user-info, #profile {
+            margin-bottom: 20px;
+            padding: 15px;
+            background-color: var(--tg-theme-bg-color);
+            border-radius: 8px;
+            text-align: left;
+            width: 100%;
+        }
+        h2 {
+            color: var(--tg-theme-link-color);
+            margin-top: 0;
+            text-align: center;
+            border-bottom: 1px solid var(--tg-theme-hint-color);
+            padding-bottom: 10px;
+            margin-bottom: 15px;
+            font-size: 1.2em;
+        }
+        p { margin: 8px 0; }
+        strong { color: var(--tg-theme-text-color); }
+        .user-value {
+            color: var(--tg-theme-hint-color);
+            word-break: break-all;
+        }
+         .flash {
+            padding: 10px;
+            border-radius: 5px;
+            margin-bottom: 15px;
+            font-weight: bold;
+            text-align: center;
+            width: 100%;
+         }
+        .flash.success {
+            background-color: var(--tg-theme-secondary-bg-color);
+            color: var(--tg-theme-link-color);
+         }
+        .flash.error {
+            background-color: #f8d7da;
+            color: #721c24;
+            border: 1px solid #f5c6cb;
+         }
+
+        .profile-pic {
+            width: 80px;
+            height: 80px;
+            border-radius: 50%;
+            margin: 0 auto 15px auto;
+            display: block;
+            border: 2px solid var(--tg-theme-button-color);
+            background-color: var(--tg-theme-secondary-bg-color);
+            object-fit: cover;
+        }
+        button {
+            background-color: var(--tg-theme-button-color);
+            color: var(--tg-theme-button-text-color);
+            border: none;
+            padding: 12px 20px;
+            border-radius: 8px;
+            cursor: pointer;
+            font-size: 16px;
+            font-weight: 600;
+            transition: opacity 0.2s ease;
+            margin-top: 15px;
+            width: 100%;
+            display: block;
+        }
+        button:hover { opacity: 0.85; }
+        button:active { opacity: 0.7; }
+        pre {
+            background-color: var(--tg-theme-bg-color);
+            padding: 10px;
+            border-radius: 5px;
+            overflow-x: auto;
+            font-size: 12px;
+            color: var(--tg-theme-hint-color);
+            border: 1px solid var(--tg-theme-secondary-bg-color);
+            max-height: 200px;
+            width: 100%;
+        }
+
+        .file-grid { display: grid; grid-template-columns: repeat(auto-fill, minmax(150px, 1fr)); gap: 15px; margin-top: 20px; }
+        .item { background: var(--tg-theme-bg-color); padding: 10px; border-radius: 8px; box-shadow: 0 1px 3px rgba(0,0,0,0.1); text-align: center; transition: transform 0.2s ease; display: flex; flex-direction: column; justify-content: space-between; }
+        .item:active { transform: scale(0.98); }
+        .item-preview { max-width: 100%; height: 90px; object-fit: cover; border-radius: 6px; margin-bottom: 8px; cursor: pointer; display: block; margin-left: auto; margin-right: auto;}
+        .item.folder .item-preview { object-fit: contain; font-size: 50px; color: var(--tg-theme-link-color); line-height: 90px; }
+        .item p { font-size: 0.9em; margin: 4px 0; word-break: break-all; text-align: center;}
+        .item a { color: var(--tg-theme-link-color); text-decoration: none; }
+        .item-actions { margin-top: 8px; display: flex; flex-wrap: wrap; gap: 4px; justify-content: center; }
+        .item-actions .btn { font-size: 0.8em; padding: 6px 10px; margin: 0; border-radius: 6px; }
+        .download-btn { background-color: var(--tg-theme-button-color); }
+        .delete-btn { background-color: #e53935; color: white; }
+        .delete-btn:hover { background-color: #c62828; }
+        .view-btn { background-color: var(--tg-theme-link-color); }
+
+        .modal { display: none; position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: rgba(0, 0, 0, 0.85); z-index: 2000; justify-content: center; align-items: center; }
+        .modal-content { max-width: 95%; max-height: 95%; background: var(--tg-theme-bg-color); padding: 10px; border-radius: 10px; overflow: auto; position: relative; }
+        .modal img, .modal video, .modal iframe, .modal pre { max-width: 100%; max-height: 85vh; display: block; margin: auto; border-radius: 8px; }
+        .modal iframe { width: 80vw; height: 85vh; border: none; }
+        .modal pre { background: var(--tg-theme-secondary-bg-color); color: var(--tg-theme-text-color); padding: 15px; border-radius: 8px; white-space: pre-wrap; word-wrap: break-word; text-align: left; max-height: 85vh; overflow-y: auto;}
+        .modal-close-btn { position: absolute; top: 10px; right: 15px; font-size: 24px; color: #aaa; cursor: pointer; background: rgba(0,0,0,0.3); border-radius: 50%; width: 30px; height: 30px; line-height: 30px; text-align: center; }
+        .modal-close-btn:hover { color: #fff; background: rgba(0,0,0,0.5); }
+
+        #progress-container { width: 100%; background: var(--tg-theme-secondary-bg-color); border-radius: 10px; margin: 15px 0; display: none; position: relative; height: 20px; overflow: hidden;}
+        #progress-bar { width: 0%; height: 100%; background: var(--tg-theme-button-color); border-radius: 10px; transition: width 0.3s ease; }
+        #progress-text { position: absolute; width: 100%; text-align: center; line-height: 20px; color: var(--tg-theme-button-text-color); font-size: 0.9em; font-weight: bold;}
+
+        .breadcrumbs { margin-bottom: 20px; font-size: 1em; text-align: left; width: 100%; }
+        .breadcrumbs a { color: var(--tg-theme-link-color); text-decoration: none; }
+        .breadcrumbs a:hover { text-decoration: underline; }
+        .breadcrumbs span { margin: 0 5px; color: var(--tg-theme-hint-color); }
+
+        .folder-actions { margin-top: 10px; margin-bottom: 10px; display: flex; gap: 8px; align-items: center; flex-wrap: wrap; width: 100%;}
+        .folder-actions input[type=text] { flex-grow: 1; margin: 0; min-width: 120px; padding: 8px; border-radius: 6px; background: var(--tg-theme-bg-color); color: var(--tg-theme-text-color); border: 1px solid var(--tg-theme-secondary-bg-color);}
+        .folder-actions input[type=text]:focus { outline: none; border-color: var(--tg-theme-link-color); }
+        .folder-actions .btn { margin: 0; flex-shrink: 0; width: auto; padding: 8px 12px; font-size: 0.9em;}
+        .folder-btn { background-color: var(--tg-theme-link-color); }
+
+         input[type="file"] {
+             display: block;
+             width: 100%;
+             padding: 10px 0;
+             color: var(--tg-theme-text-color);
+             background: var(--tg-theme-secondary-bg-color);
+             border: 1px solid var(--tg-theme-hint-color);
+             border-radius: 8px;
+             margin: 15px 0;
+             cursor: pointer;
+         }
+         input[type="file"]::file-selector-button {
+              background-color: var(--tg-theme-button-color);
+              color: var(--tg-theme-button-text-color);
+              border: none;
+              padding: 8px 12px;
+              border-radius: 6px;
+              cursor: pointer;
+              margin-right: 10px;
+              transition: opacity 0.2s ease;
+         }
+         input[type="file"]::file-selector-button:hover { opacity: 0.9; }
+         input[type="file"]:focus { outline: none; }
+
+        @media (max-width: 480px) {
+            body { padding: 10px; }
+            .container { padding: 15px; }
+            .file-grid { grid-template-columns: repeat(auto-fill, minmax(100px, 1fr)); gap: 10px; }
+            .item-preview { height: 70px; }
+            .item.folder .item-preview { font-size: 40px; line-height: 70px; }
+            .item p { font-size: 0.8em;}
+            h2 { font-size: 1.1em; }
+             .item-actions .btn { padding: 5px 8px; font-size: 0.75em; }
+             .modal-close-btn { top: 5px; right: 10px; font-size: 20px; width: 25px; height: 25px; line-height: 25px;}
+        }
+    </style>
+</head>
+<body>
+
+    <div id="loading" class="container">Загрузка данных Telegram...</div>
+    <div id="error" class="container" style="display: none;"></div>
+
+    <div id="content" class="container">
+        <div id="flash-messages" style="width: 100%;">
+            {% with messages = get_flashed_messages(with_categories=true) %}
+                {% if messages %}
+                    {% for category, message in messages %}
+                        <div class="flash {{ category }}">{{ message }}</div>
+                    {% endfor %}
+                {% endif %}
+            {% endwith %}
+        </div>
+
+        <div id="user-info" style="width: 100%;">
+            <h2>Ваш профиль</h2>
+            <p>Загрузка...</p>
+        </div>
+
+        <div class="breadcrumbs"></div>
+
+        <div class="folder-actions">
+            <form id="create-folder-form" style="display: contents;">
+                <input type="hidden" name="parent_folder_id" value="{{ current_folder_id }}">
+                <input type="text" name="folder_name" placeholder="Имя новой папки" required>
+                <button type="submit" class="btn folder-btn">Создать</button>
+            </form>
+        </div>
+
+        <form id="upload-form" method="POST" enctype="multipart/form-data" action="{{ url_for('dashboard') }}">
+            <input type="hidden" name="current_folder_id" value="{{ current_folder_id }}">
+            <input type="file" name="files" id="file-input" multiple required>
+            <button type="submit" class="btn" id="upload-btn">Загрузить файлы сюда</button>
+        </form>
+        <div id="progress-container"><div id="progress-bar"></div><div id="progress-text">0%</div></div>
+
+
+        <h2>Содержимое папки: <span id="current-folder-name">Загрузка...</span></h2>
+        <div id="file-grid" class="file-grid">
+             <p>Загрузка...</p>
+        </div>
+
+    </div>
+
+<div class="modal" id="mediaModal" onclick="closeModal(event)">
+    <div class="modal-content" id="modalContentContainer">
+        <span onclick="closeModalManual()" class="modal-close-btn">×</span>
+        <div id="modalContent"></div>
+    </div>
+</div>
+
+<script>
+    const tg = window.Telegram.WebApp;
+    const repoId = "{{ REPO_ID }}"; // Передаем REPO_ID из Flask
+    const hfTokenRead = "{{ HF_TOKEN_READ or '' }}"; // Передаем токен для чтения
+
+    const loadingEl = document.getElementById('loading');
+    const errorEl = document.getElementById('error');
+    const contentEl = document.getElementById('content');
+    const userInfoEl = document.getElementById('user-info').querySelector('p');
+    const currentFolderNameEl = document.getElementById('current-folder-name');
+    const fileGridEl = document.getElementById('file-grid');
+    const breadcrumbsEl = document.querySelector('.breadcrumbs');
+    const createFolderForm = document.getElementById('create-folder-form');
+    const folderNameInput = createFolderForm.querySelector('input[name="folder_name"]');
+    const createFolderParentIdInput = createFolderForm.querySelector('input[name="parent_folder_id"]');
+    const uploadForm = document.getElementById('upload-form');
+    const fileInput = document.getElementById('file-input');
+    const uploadBtn = document.getElementById('upload-btn');
+    const progressContainer = document.getElementById('progress-container');
+    const progressBar = document.getElementById('progress-bar');
+    const progressText = document.getElementById('progress-text');
+
+    let currentFolderId = 'root'; // Default to root
+
+    function showLoading() {
+        loadingEl.style.display = 'block';
+        errorEl.style.display = 'none';
+        contentEl.style.display = 'none';
+    }
+
+    function showError(message) {
+        loadingEl.style.display = 'none';
+        errorEl.innerHTML = `<h2>Ошибка</h2><p>${message}</p>`;
+        errorEl.style.display = 'block';
+        contentEl.style.display = 'none';
+        if (tg.HapticFeedback) {
+            tg.HapticFeedback.notificationOccurred('error');
+        }
+    }
+
+    function showContent() {
+        loadingEl.style.display = 'none';
+        errorEl.style.display = 'none';
+        contentEl.style.display = 'flex';
+    }
+
+    function displayUserInfo(userData) {
+        if (!userData) {
+            userInfoEl.innerHTML = `Данные пользователя отсутствуют.`;
+            return;
+        }
+        let content = '';
+        if(userData.photo_url) {
+             content += `<img src="${userData.photo_url}" alt="Фото профиля" class="profile-pic" onerror="this.style.display='none'">`;
+        } else {
+             content += `<div class="profile-pic" style="display: flex; align-items: center; justify-content: center; background-color: var(--tg-theme-button-color); color: var(--tg-theme-button-text-color); font-size: 32px; font-weight: bold;">${(userData.first_name || '?')[0]}</div>`;
+        }
+        content += `<p><strong>Имя:</strong> <span class="user-value">${userData.first_name || ''} ${userData.last_name || ''}</span></p>`;
+        content += `<p><strong>Username:</strong> <span class="user-value">${userData.username ? '@' + userData.username : 'N/A'}</span></p>`;
+        content += `<p><strong>Язык:</strong> <span class="user-value">${userData.language_code || 'N/A'}</span></p>`;
+        content += `<p><strong>Премиум:</strong> <span class="user-value">${userData.is_premium ? 'Да 👍' : 'Нет'}</span></p>`;
+        userInfoEl.innerHTML = content;
+    }
+
+    function updateBreadcrumbs(path) {
+        let html = '';
+        for (let i = 0; i < path.length; i++) {
+            const crumb = path[i];
+            if (i < path.length - 1) {
+                html += `<a href="#" onclick="loadFolder('${crumb.id}'); return false;">${crumb.name === 'root' ? 'Главная' : crumb.name}</a>`;
+            } else {
+                html += `<span>${crumb.name === 'root' ? 'Главная' : crumb.name}</span>`;
+            }
+            if (i < path.length - 1) {
+                html += `<span>/</span>`;
+            }
+        }
+        breadcrumbsEl.innerHTML = html;
+    }
+
+    function displayItems(items) {
+        fileGridEl.innerHTML = ''; // Clear current items
+        if (items.length === 0) {
+            fileGridEl.innerHTML = '<p style="width: 100%; text-align: center; color: var(--tg-theme-hint-color);">Эта папка пуста.</p>';
+            return;
+        }
+
+        items.forEach(item => {
+            let itemHtml = `<div class="item ${item.type}">`;
+            if (item.type === 'folder') {
+                 itemHtml += `<a href="#" onclick="loadFolder('${item.id}'); return false;" class="item-preview" title="Перейти в папку ${item.name}">📁</a>`;
+                 itemHtml += `<p title="${item.name}"><b>${item.name.length > 15 ? item.name.substring(0, 15) + '...' : item.name}</b></p>`;
+                 itemHtml += `<div class="item-actions">`;
+                 itemHtml += `<a href="#" onclick="loadFolder('${item.id}'); return false;" class="btn folder-btn">Открыть</a>`;
+                 if (item.id !== 'root') { // Cannot delete root
+                      itemHtml += `<button class="btn delete-btn" onclick="deleteFolder('${item.id}', '${item.name}');">Удалить</button>`;
+                 }
+                 itemHtml += `</div>`;
+            } else if (item.type === 'file') {
+                 const previewable = ['image', 'video', 'pdf', 'text'].includes(item.file_type);
+                 let previewContent = '';
+                 let clickAction = '';
+                 let hfUrl = hfFileUrl(item.path);
+                 let downloadUrl = hfFileUrl(item.path, true);
+
+                 if (item.file_type === 'image') {
+                    previewContent = `<img class="item-preview" src="${hfUrl}" alt="${item.original_filename}" loading="lazy">`;
+                    clickAction = `openModal('${hfUrl}', '${item.file_type}', '${item.id}')`;
+                 } else if (item.file_type === 'video') {
+                     previewContent = `<video class="item-preview" preload="metadata" muted loading="lazy"><source src="${downloadUrl}#t=0.5"></video>`;
+                     clickAction = `openModal('${downloadUrl}', '${item.file_type}', '${item.id}')`;
+                 } else if (item.file_type === 'pdf') {
+                      previewContent = `<div class="item-preview" style="font-size: 50px; line-height: 90px; color: var(--tg-theme-link-color); text-align: center;">📄</div>`;
+                     clickAction = `openModal('${downloadUrl}', '${item.file_type}', '${item.id}')`;
+                 } else if (item.file_type === 'text') {
+                      previewContent = `<div class="item-preview" style="font-size: 50px; line-height: 90px; color: var(--tg-theme-link-color); text-align: center;">📝</div>`;
+                     clickAction = `openModal('{{ url_for('get_text_content', file_id='ITEM_ID_PLACEHOLDER') }}'.replace('ITEM_ID_PLACEHOLDER', '${item.id}'), '${item.file_type}', '${item.id}')`;
+                 } else {
+                      previewContent = `<div class="item-preview" style="font-size: 50px; line-height: 90px; color: var(--tg-theme-hint-color); text-align: center;">❓</div>`;
+                 }
+
+                 if (previewable) {
+                     itemHtml += `<div style="cursor: pointer;" onclick="${clickAction}">${previewContent}</div>`;
+                 } else {
+                     itemHtml += previewContent; // No click for non-previewable
+                 }
+
+
+                 itemHtml += `<p title="${item.original_filename}">${item.original_filename.length > 15 ? item.original_filename.substring(0, 15) + '...' : item.original_filename}</p>`;
+                 itemHtml += `<p style="font-size: 0.7em; color: var(--tg-theme-hint-color);">${item.upload_date}</p>`;
+                 itemHtml += `<div class="item-actions">`;
+                 itemHtml += `<a href="${downloadUrl}" class="btn download-btn" download>Скачать</a>`;
+                 if (previewable) {
+                     itemHtml += `<button class="btn view-btn" onclick="${clickAction}">Просмотр</button>`;
+                 }
+                 itemHtml += `<button class="btn delete-btn" onclick="deleteFile('${item.id}', '${item.original_filename}');">Удалить</button>`;
+                 itemHtml += `</div>`;
+            }
+            itemHtml += `</div>`;
+            fileGridEl.innerHTML += itemHtml;
+        });
+    }
+
+    function hfFileUrl(path, download = false) {
+        let url = `https://huggingface.co/datasets/${repoId}/resolve/main/${path}`;
+        // Note: token needed for private repos only. This example assumes public or read-access by URL.
+        // If repo is private AND token needed for resolve, this gets complex.
+        // For this example, we assume public or tokenless read resolve works.
+        // If not, you'd need a backend endpoint to proxy authenticated downloads/previews.
+        // if (hfTokenRead) url += `?token=${hfTokenRead}`; // Resolve usually doesn't use token in URL query param
+        if (download) url += '?download=true'; // download param is for browser hint
+        return url;
+    }
+
+    async function openModal(srcOrUrl, type, itemId) {
+        const modal = document.getElementById('mediaModal');
+        const modalContent = document.getElementById('modalContent');
+        modalContent.innerHTML = '<p style="color: var(--tg-theme-text-color);">Загрузка...</p>';
+        modal.style.display = 'flex';
+
+        try {
+            if (type === 'image') {
+                modalContent.innerHTML = `<img src="${srcOrUrl}" alt="Просмотр изображения">`;
+            } else if (type === 'video') {
+                modalContent.innerHTML = `<video controls autoplay style='max-width: 95%; max-height: 85vh;'><source src="${srcOrUrl}" type="video/mp4">Ваш браузер не поддерживает видео.</video>`;
+            } else if (type === 'pdf') {
+                // Using Google Docs Viewer or similar is often more reliable than iframe src directly
+                 modalContent.innerHTML = `<iframe src="https://docs.google.com/viewer?url=${encodeURIComponent(srcOrUrl)}&embedded=true" title="Просмотр PDF" style="width: 80vw; height: 85vh;"></iframe>`;
+                 // Alternative: Direct iframe might work for some servers/browsers
+                 // modalContent.innerHTML = `<iframe src="${srcOrUrl}" title="Просмотр PDF" style="width: 80vw; height: 85vh;"></iframe>`;
+            } else if (type === 'text') {
+                // For text, fetch via backend endpoint which handles authentication if needed
+                const response = await fetch(srcOrUrl); // srcOrUrl is already the backend endpoint URL
+                if (!response.ok) {
+                     const errorText = await response.text();
+                     throw new Error(`Ошибка загрузки текста (${response.status}): ${errorText}`);
+                }
+                const text = await response.text();
+                const escapedText = text.replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">"); // Basic HTML escaping
+                modalContent.innerHTML = `<pre>${escapedText}</pre>`;
+            } else {
+                 modalContent.innerHTML = '<p style="color: var(--tg-theme-text-color);">Предпросмотр для этого типа файла не поддерживается.</p>';
+            }
+             if (tg.HapticFeedback) { tg.HapticFeedback.impactOccurred('light'); }
+
+        } catch (error) {
+             console.error("Error loading modal content:", error);
+             modalContent.innerHTML = `<p style="color: red;">Не удалось загрузить содержимое для предпросмотра.<br>${error.message}</p>`;
+             if (tg.HapticFeedback) { tg.HapticFeedback.notificationOccurred('error'); }
+        }
+    }
+
+    function closeModal(event) {
+        const modal = document.getElementById('mediaModal');
+        if (event.target === modal) {
+            closeModalManual();
+        }
+    }
+
+    function closeModalManual() {
+         const modal = document.getElementById('mediaModal');
+         modal.style.display = 'none';
+         const video = modal.querySelector('video');
+         if (video) { video.pause(); video.removeAttribute('src'); video.load(); } // Stop video playback
+         const iframe = modal.querySelector('iframe');
+         if (iframe) iframe.src = 'about:blank'; // Clear iframe content
+         document.getElementById('modalContent').innerHTML = ''; // Clear other content
+         if (tg.HapticFeedback) { tg.HapticFeedback.impactOccurred('light'); }
+    }
+
+    async function loadFolder(folderId) {
+        currentFolderId = folderId;
+        history.pushState({ folder_id: folderId }, '', `?folder_id=${folderId}`); // Update URL and history
+        fileGridEl.innerHTML = '<p style="width: 100%; text-align: center; color: var(--tg-theme-hint-color);">Загрузка содержимого папки...</p>';
+        currentFolderNameEl.textContent = 'Загрузка...'; // Reset folder name
+        createFolderParentIdInput.value = folderId; // Update create folder form
+
+        try {
+            const response = await fetch(`/dashboard?folder_id=${folderId}`);
+            if (!response.ok) {
+                 const text = await response.text(); // Get raw response text
+                 // Check if it's a redirect (e.g., login page HTML)
+                 if (text.includes('<title>Zeus Cloud</title>') || text.includes('<title>Регистрация - Zeus Cloud</title>')) {
+                      showError("Сессия истекла или ошибка авторизации. Попробуйте перезапустить Mini App.");
+                      return;
+                 }
+                 throw new Error(`HTTP error! status: ${response.status}`);
+            }
+            // Assuming the endpoint returns a JSON object with folder data
+            const data = await response.json();
+
+            if (data.status === 'ok') {
+                currentFolderNameEl.textContent = data.current_folder_name === 'root' ? 'Главная' : data.current_folder_name;
+                displayItems(data.items);
+                updateBreadcrumbs(data.breadcrumbs);
+                 uploadForm.querySelector('input[name="current_folder_id"]').value = currentFolderId; // Update upload form target
+            } else {
+                showError(data.message || 'Неизвестная ошибка при загрузке папки.');
+            }
+
+        } catch (error) {
+            console.error("Error loading folder:", error);
+             let userMessage = 'Не удалось загрузить содержимое папки. Проверьте соединение или попробуйте позже.';
+             if (error.message.includes('HTTP error! status:')) {
+                 userMessage = `Ошибка загрузки папки: ${error.message}`;
+             }
+            showError(userMessage);
+        }
+    }
+
+    async function postForm(formId, successCallback) {
+        const form = document.getElementById(formId);
+        const formData = new FormData(form);
+        const submitButton = form.querySelector('button[type="submit"]');
+        submitButton.disabled = true;
+        const originalButtonText = submitButton.textContent;
+        submitButton.textContent = 'Отправка...';
+
+        try {
+            const response = await fetch(form.action, {
+                method: form.method,
+                body: formData,
+                // Remove Content-Type header for FormData to let browser set it correctly (includes boundary)
+            });
+
+             const data = await response.json(); // Assuming JSON response for status/messages
+
+            if (data.status === 'ok') {
+                 if (tg.HapticFeedback) { tg.HapticFeedback.notificationOccurred('success'); }
+                 showFlashMessage(data.message, 'success');
+                 successCallback(data); // Call success handler to update UI (e.g., reload folder)
+            } else {
+                 if (tg.HapticFeedback) { tg.HapticFeedback.notificationOccurred('error'); }
+                 showFlashMessage(data.message || 'Произошла ошибка.', 'error');
+            }
+        } catch (error) {
+            console.error("Form submission error:", error);
+             if (tg.HapticFeedback) { tg.HapticFeedback.notificationOccurred('error'); }
+            showFlashMessage('Ошибка сети или сервера при отправке формы.', 'error');
+        } finally {
+            submitButton.disabled = false;
+            submitButton.textContent = originalButtonText;
+        }
+    }
+
+    async function deleteItem(itemId, itemName, itemType) {
+        const confirmMessage = itemType === 'file'
+            ? `Вы уверены, что хотите удалить файл "${itemName}"?`
+            : `Удалить папку "${itemName}"? Папку можно удалить только если она пуста.`;
+
+        if (confirm(confirmMessage)) {
+            const deleteUrl = itemType === 'file' ? `/delete_file/${itemId}` : `/delete_folder/${itemId}`;
+            const postData = { current_view_folder_id: currentFolderId }; // Pass current view folder ID
+
+             // Simple POST request for delete
+            try {
+                const response = await fetch(deleteUrl, {
+                    method: 'POST',
+                    headers: { 'Content-Type': 'application/json' },
+                    body: JSON.stringify(postData)
+                });
+
+                const data = await response.json();
+
+                if (data.status === 'ok') {
+                    if (tg.HapticFeedback) { tg.HapticFeedback.notificationOccurred('success'); }
+                    showFlashMessage(data.message, 'success');
+                    // Reload current folder after deletion, or navigate up if folder was deleted
+                    if (itemType === 'folder' && data.redirect_to_folder_id) {
+                        loadFolder(data.redirect_to_folder_id);
+                    } else {
+                        loadFolder(currentFolderId);
+                    }
+                } else {
+                    if (tg.HapticFeedback) { tg.HapticFeedback.notificationOccurred('error'); }
+                    showFlashMessage(data.message || `Произошла ошибка при удалении ${itemType}.`, 'error');
+                }
+            } catch (error) {
+                console.error(`Error deleting ${itemType}:`, error);
+                 if (tg.HapticFeedback) { tg.HapticFeedback.notificationOccurred('error'); }
+                showFlashMessage(`Ошибка сети или сервера при удалении ${itemType}.`, 'error');
+            }
+        }
+    }
+
+    function deleteFile(fileId, fileName) {
+        deleteItem(fileId, fileName, 'file');
+    }
+
+    function deleteFolder(folderId, folderName) {
+        deleteItem(folderId, folderName, 'folder');
+    }
+
+    function showFlashMessage(message, type) {
+        const flashContainer = document.getElementById('flash-messages');
+        const msgDiv = document.createElement('div');
+        msgDiv.classList.add('flash', type);
+        msgDiv.textContent = message;
+        flashContainer.appendChild(msgDiv);
+
+        // Auto-remove flash message after a few seconds
+        setTimeout(() => {
+            msgDiv.remove();
+        }, 5000);
+    }
+
+
+    // --- Main Logic ---
+    tg.ready();
+    tg.expand();
+    tg.setHeaderColor(tg.themeParams.secondary_bg_color || '#f1f1f1');
+    document.body.style.backgroundColor = tg.themeParams.bg_color || '#ffffff';
+
+    // Check if initData exists
+    if (!tg.initData || !tg.initDataUnsafe || Object.keys(tg.initDataUnsafe).length === 0) {
+        showError("Не удалось получить данные Telegram (initData). Приложение должно быть запущено из Telegram.");
+    } else {
+        // Send initData to backend for validation
+        fetch('/validate', {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ initData: tg.initData })
+        })
+        .then(response => {
+            if (!response.ok) {
+                // Handle non-200 responses as errors
+                return response.json().then(errData => {
+                     throw new Error(errData.message || `HTTP error ${response.status}`);
+                }).catch(() => {
+                     throw new Error(`HTTP error ${response.status}`);
+                });
+            }
+            return response.json();
+        })
+        .then(data => {
+            if (data.status === 'ok') {
+                showContent();
+                displayUserInfo(data.user);
+                // Determine initial folder from URL or default to root
+                const urlParams = new URLSearchParams(window.location.search);
+                const initialFolderId = urlParams.get('folder_id') || 'root';
+                loadFolder(initialFolderId); // Load initial folder content
+                if (tg.HapticFeedback) { tg.HapticFeedback.notificationOccurred('success'); }
+
+            } else {
+                showError(data.message || 'Ошибка авторизации Telegram.');
+            }
+        })
+        .catch(error => {
+            console.error("Validation fetch error:", error);
+            showError(`Ошибка валидации на сервере: ${error.message}. Попробуйте позже.`);
+        });
+    }
+
+    // Handle browser back/forward buttons
+    window.addEventListener('popstate', (event) => {
+        const folderId = event.state && event.state.folder_id ? event.state.folder_id : 'root';
+        loadFolder(folderId);
+    });
+
+
+    // --- Form Submissions (using JS to prevent full page reload) ---
+
+    // Upload form
+    uploadForm.addEventListener('submit', function(e) {
+        e.preventDefault();
+
+        const files = fileInput.files;
+        if (files.length === 0) {
+             showFlashMessage('Пожалуйста, выберите файлы для загрузки.', 'error');
+             return;
+        }
+         if (files.length > 20) {
+             showFlashMessage('Максимум 20 файлов за раз!', 'error');
+             return;
+         }
+
+        progressContainer.style.display = 'block';
+        progressBar.style.width = '0%';
+        progressText.textContent = '0%';
+        uploadBtn.disabled = true;
+        uploadBtn.textContent = 'Загрузка...';
+         if (tg.HapticFeedback) { tg.HapticFeedback.impactOccurred('rigid'); }
+
+
+        const formData = new FormData(uploadForm);
+        const xhr = new XMLHttpRequest();
+
+        xhr.upload.addEventListener('progress', function(event) {
+            if (event.lengthComputable) {
+                const percentComplete = Math.round((event.loaded / event.total) * 100);
+                progressBar.style.width = percentComplete + '%';
+                progressText.textContent = percentComplete + '%';
+                 // Optional: provide haptic feedback at intervals
+                 // if (percentComplete > 0 && percentComplete % 25 === 0 && tg.HapticFeedback) {
+                 //      tg.HapticFeedback.impactOccurred('light');
+                 // }
+            }
+        });
+
+        xhr.addEventListener('load', function() {
+            uploadBtn.disabled = false;
+            uploadBtn.textContent = 'Загрузить файлы сюда';
+            progressContainer.style.display = 'none';
+             if (tg.HapticFeedback) { tg.HapticFeedback.notificationOccurred('success'); }
+
+            try {
+                 const response = JSON.parse(xhr.responseText);
+                 if (response.status === 'ok') {
+                      showFlashMessage(response.message, 'success');
+                      loadFolder(currentFolderId); // Reload current folder after successful upload
+                 } else {
+                      showFlashMessage(response.message || 'Ошибка загрузки файла.', 'error');
+                 }
+            } catch (e) {
+                 console.error("Error parsing upload response:", e);
+                 showFlashMessage('Произошла ошибка при обработке ответа сервера.', 'error');
+            }
+
+        });
+
+        xhr.addEventListener('error', function() {
+             if (tg.HapticFeedback) { tg.HapticFeedback.notificationOccurred('error'); }
+            showFlashMessage('Произошла ошибка во время загрузки файла.', 'error');
+            uploadBtn.disabled = false;
+            uploadBtn.textContent = 'Загрузить файлы сюда';
+            progressContainer.style.display = 'none';
+        });
+
+        xhr.addEventListener('abort', function() {
+             if (tg.HapticFeedback) { tg.HapticFeedback.notificationOccurred('warning'); }
+            showFlashMessage('Загрузка файла отменена.', 'error');
+            uploadBtn.disabled = false;
+            uploadBtn.textContent = 'Загрузить файлы сюда';
+            progressContainer.style.display = 'none';
+        });
+
+        xhr.open('POST', uploadForm.action, true);
+        xhr.send(formData);
+    });
+
+    // Create Folder form
+    createFolderForm.addEventListener('submit', async function(e) {
+        e.preventDefault();
+        if (!folderNameInput.value.trim()) {
+            showFlashMessage('Имя папки не может быть пустым!', 'error');
+            return;
+        }
+         const folderName = folderNameInput.value.trim();
+         // Simple check for disallowed characters - refine if needed
+        if (!/^[a-zA-Z0-9 _.-]+$/.test(folderName)) {
+             showFlashMessage('Имя папки может содержать буквы, цифры, пробелы, тире и точки.', 'error');
+             return;
+        }
+
+
+        await postForm('create-folder-form', (data) => {
+            folderNameInput.value = ''; // Clear input
+            loadFolder(currentFolderId); // Reload current folder
+        });
+    });
+
+
+    // Listen for messages from the parent window (if needed, e.g., from the bot)
+    // tg.onEvent('message_from_bot', (event) => {
+    //    console.log('Message from bot:', event);
+    // });
+
+    // Example: Show a confirmation dialog when closing if there's unsaved work
+    // tg.enableClosingConfirmation();
+
+
+</script>
+</body>
+</html>
+"""
+
+
+def check_telegram_authorization(auth_data: str, bot_token: str) -> dict | None:
+    if not auth_data:
+        logging.error("Auth data is empty.")
+        return None
+
+    try:
+        parsed_data = dict(parse_qsl(unquote(auth_data)))
+        if "hash" not in parsed_data:
+            logging.error("Hash not found in auth data.")
+            return None
+
+        telegram_hash = parsed_data.pop('hash')
+
+        auth_date_ts = int(parsed_data.get('auth_date', 0))
+        current_ts = int(time.time())
+        if current_ts - auth_date_ts > AUTH_DATA_LIFETIME:
+             logging.warning(f"Auth data expired. Auth time: {auth_date_ts}, Current time: {current_ts}, Diff: {current_ts - auth_date_ts}")
+             return None
+
+        data_check_string = "\n".join(sorted([f"{k}={v}" for k, v in parsed_data.items()]))
+
+        secret_key = hmac.new("WebAppData".encode(), bot_token.encode(), hashlib.sha256).digest()
+        calculated_hash = hmac.new(secret_key, data_check_string.encode(), hashlib.sha256).hexdigest()
+
+        if calculated_hash == telegram_hash:
+            user_data_str = parsed_data.get('user')
+            if user_data_str:
+                try:
+                    user_data = json.loads(user_data_str)
+                    if 'id' not in user_data:
+                         logging.error("User data is missing 'id'.")
+                         return None
+                    return user_data
+                except json.JSONDecodeError:
+                    logging.error("Could not decode user JSON.")
+                    return None
+            else:
+                 logging.error("No 'user' field found in validated data.")
+                 return None
+        else:
+            logging.warning(f"Hash mismatch. Calculated: {calculated_hash}, Received: {telegram_hash}")
+            # logging.debug(f"Data check string:\n{data_check_string}") # Uncomment for deep debug
+            return None
+
+    except Exception as e:
+        logging.exception("Error during Telegram authorization check:")
+        return None
+
 
-# --- Helper Functions ---
 def find_node_by_id(filesystem, node_id):
-    if not filesystem or not isinstance(filesystem, dict):
-        return None, None
     if filesystem.get('id') == node_id:
         return filesystem, None
+
     queue = [(filesystem, None)]
     while queue:
         current_node, parent = queue.pop(0)
-        if current_node.get('type') == 'folder' and 'children' in current_node and isinstance(current_node['children'], list):
-            for child in current_node['children']:
-                 if isinstance(child, dict): # Добавлена проверка типа
-                     if child.get('id') == node_id:
-                         return child, current_node
-                     if child.get('type') == 'folder':
-                         queue.append((child, current_node))
+        if current_node.get('type') == 'folder' and 'children' in current_node:
+            for i, child in enumerate(current_node['children']):
+                if child.get('id') == node_id:
+                    return child, current_node
+                if child.get('type') == 'folder':
+                    queue.append((child, current_node))
     return None, None
 
 def add_node(filesystem, parent_id, node_data):
     parent_node, _ = find_node_by_id(filesystem, parent_id)
     if parent_node and parent_node.get('type') == 'folder':
-        if 'children' not in parent_node or not isinstance(parent_node['children'], list):
+        if 'children' not in parent_node:
             parent_node['children'] = []
         parent_node['children'].append(node_data)
         return True
@@ -60,1391 +892,1165 @@ def add_node(filesystem, parent_id, node_data):
 
 def remove_node(filesystem, node_id):
     node_to_remove, parent_node = find_node_by_id(filesystem, node_id)
-    if node_to_remove and parent_node and 'children' in parent_node and isinstance(parent_node['children'], list):
-        parent_node['children'] = [child for child in parent_node['children'] if not isinstance(child, dict) or child.get('id') != node_id]
+    if node_to_remove and parent_node and 'children' in parent_node:
+        parent_node['children'] = [child for child in parent_node['children'] if child.get('id') != node_id]
         return True
     return False
 
+def get_node_path(filesystem, node_id, path_elements=None):
+    if path_elements is None:
+        path_elements = []
+    node, parent = find_node_by_id(filesystem, node_id)
+    if node:
+         # Use node's name or original_filename for path string, but ID for internal path construction
+         path_elements.append({'id': node.get('id'), 'name': node.get('name', node.get('original_filename', ''))})
+         if parent:
+             return get_node_path(filesystem, parent['id'], path_elements)
+    return list(reversed(path_elements)) # Reverse to get path from root
+
 def get_node_path_string(filesystem, node_id):
-    path_list = []
-    current_id = node_id
-    visited = set() # Защита от циклов
-
-    while current_id and current_id not in visited:
-        visited.add(current_id)
-        node, parent = find_node_by_id(filesystem, current_id)
-        if not node: break
-        if node.get('id') != 'root':
-             path_list.append(node.get('name', node.get('original_filename', '')))
-        if not parent: break
-        current_id = parent.get('id') if parent else None
-    return " / ".join(reversed(path_list)) or "Root"
+    path_list = get_node_path(filesystem, node_id)
+    # Filter out the 'root' name for the string representation unless it's just root
+    string_parts = [p['name'] for p in path_list if p['id'] != 'root' or len(path_list) == 1]
+    return " / ".join(string_parts) or "Root"
+
 
 def initialize_user_filesystem(user_data):
-    if 'filesystem' not in user_data or not isinstance(user_data.get('filesystem'), dict):
+    if 'filesystem' not in user_data:
         user_data['filesystem'] = {
             "type": "folder",
             "id": "root",
             "name": "root",
             "children": []
         }
+    # Handle potential old 'files' structure during migration if needed, but assuming fresh start here.
 
-def get_file_type(filename):
-    filename_lower = filename.lower()
-    if filename_lower.endswith(('.mp4', '.mov', '.avi', '.webm', '.mkv')): return 'video'
-    if filename_lower.endswith(('.jpg', '.jpeg', '.png', '.gif', '.bmp', '.webp', '.svg')): return 'image'
-    if filename_lower.endswith('.pdf'): return 'pdf'
-    if filename_lower.endswith('.txt'): return 'text'
-    if filename_lower.endswith(('.doc', '.docx')): return 'doc'
-    if filename_lower.endswith(('.xls', '.xlsx')): return 'xls'
-    if filename_lower.endswith(('.ppt', '.pptx')): return 'ppt'
-    if filename_lower.endswith(('.zip', '.rar', '.7z', '.tar', '.gz')): return 'archive'
-    if filename_lower.endswith(('.mp3', '.wav', '.ogg', '.aac', '.flac')): return 'audio'
-    return 'other'
-
-# --- Data Persistence ---
-data_lock = threading.Lock()
 
+@cache.memoize(timeout=300)
 def load_data():
-    with data_lock:
-        try:
-            download_db_from_hf()
-            if os.path.exists(DATA_FILE) and os.path.getsize(DATA_FILE) > 0:
-                with open(DATA_FILE, 'r', encoding='utf-8') as file:
-                    data = json.load(file)
-                    if not isinstance(data, dict):
-                        logging.warning(f"{DATA_FILE} is not a dict, initializing.")
-                        data = {'users': {}}
-            else:
-                data = {'users': {}}
-
+    try:
+        download_db_from_hf()
+        with open(DATA_FILE, 'r', encoding='utf-8') as file:
+            data = json.load(file)
+            if not isinstance(data, dict):
+                logging.warning("Data is not in dict format, initializing empty database")
+                return {'users': {}}
             data.setdefault('users', {})
-            # Ensure all users have initialized filesystem
+            # Initialize filesystem for any users loaded without one
             for user_id, user_data in data['users'].items():
-                if isinstance(user_data, dict): # Check if user_data is a dict
-                    initialize_user_filesystem(user_data)
-                else:
-                    logging.warning(f"Invalid data format for user {user_id}, re-initializing.")
-                    data['users'][user_id] = {} # Initialize as empty dict or default structure
-                    initialize_user_filesystem(data['users'][user_id])
-
-
-            logging.info("Data loaded/initialized")
+                 initialize_user_filesystem(user_data)
+            logging.info("Data successfully loaded and initialized")
             return data
-        except json.JSONDecodeError:
-            logging.error(f"Error decoding JSON from {DATA_FILE}. Returning empty data.")
-            return {'users': {}}
-        except Exception as e:
-            logging.error(f"Error loading data: {e}")
-            return {'users': {}}
+    except FileNotFoundError:
+        logging.warning(f"{DATA_FILE} not found, initializing empty database.")
+        return {'users': {}}
+    except json.JSONDecodeError:
+         logging.error(f"Error decoding JSON from {DATA_FILE}, initializing empty database.")
+         return {'users': {}}
+    except Exception as e:
+        logging.exception("Error loading data:")
+        return {'users': {}}
 
 def save_data(data):
-    with data_lock:
-        try:
-            # Ensure filesystem structure is valid before saving
-            for user_id, user_data in data.get('users', {}).items():
-                if isinstance(user_data, dict):
-                    initialize_user_filesystem(user_data) # Ensures filesystem exists and is a dict
-
-            with open(DATA_FILE, 'w', encoding='utf-8') as file:
-                json.dump(data, file, ensure_ascii=False, indent=4)
-            upload_db_to_hf()
-            logging.info("Data saved and uploaded to HF")
-        except Exception as e:
-            logging.error(f"Error saving data: {e}")
-            # Optionally re-raise or handle appropriately
-            # raise
+    try:
+        # It's safer to save to a temporary file first and then replace
+        temp_file = DATA_FILE + '.tmp'
+        with open(temp_file, 'w', encoding='utf-8') as file:
+            json.dump(data, file, ensure_ascii=False, indent=4)
+        os.replace(temp_file, DATA_FILE)
+
+        upload_db_to_hf()
+        cache.clear()
+        logging.info("Data saved and uploaded to HF")
+    except Exception as e:
+        logging.exception("Error saving data:")
+        raise
 
 def upload_db_to_hf():
     if not HF_TOKEN_WRITE:
         logging.warning("HF_TOKEN_WRITE not set, skipping database upload.")
         return
-    if not os.path.exists(DATA_FILE):
-        logging.warning(f"{DATA_FILE} not found, skipping upload.")
-        return
     try:
         api = HfApi()
         api.upload_file(
-            path_or_fileobj=DATA_FILE, path_in_repo=DATA_FILE, repo_id=REPO_ID,
-            repo_type="dataset", token=HF_TOKEN_WRITE,
-            commit_message=f"Backup TG App {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}"
+            path_or_fileobj=DATA_FILE,
+            path_in_repo=DATA_FILE,
+            repo_id=REPO_ID,
+            repo_type="dataset",
+            token=HF_TOKEN_WRITE,
+            commit_message=f"Backup {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}"
         )
         logging.info("Database uploaded to Hugging Face")
     except Exception as e:
-        logging.error(f"Error uploading database: {e}")
+        logging.exception("Error uploading database:")
 
 def download_db_from_hf():
-    if not HF_TOKEN_READ:
-        logging.warning("HF_TOKEN_READ not set, skipping database download.")
+    if not HF_TOKEN_READ and not HF_TOKEN_WRITE:
+        logging.warning("No HF_TOKENs set, skipping database download.")
         if not os.path.exists(DATA_FILE):
-             with open(DATA_FILE, 'w', encoding='utf-8') as f: json.dump({'users': {}}, f)
+             with open(DATA_FILE, 'w', encoding='utf-8') as f:
+                 json.dump({'users': {}}, f)
+             logging.info(f"Created empty local database file: {DATA_FILE}")
         return
     try:
+        # Use HF_TOKEN_WRITE if READ token is not set, for flexibility
+        token_to_use = HF_TOKEN_READ if HF_TOKEN_READ else HF_TOKEN_WRITE
         hf_hub_download(
-            repo_id=REPO_ID, filename=DATA_FILE, repo_type="dataset", token=HF_TOKEN_READ,
-            local_dir=".", local_dir_use_symlinks=False, etag_timeout=60 # Increased timeout
+            repo_id=REPO_ID,
+            filename=DATA_FILE,
+            repo_type="dataset",
+            token=token_to_use,
+            local_dir=".",
+            local_dir_use_symlinks=False
         )
         logging.info("Database downloaded from Hugging Face")
+    except hf_utils.RepositoryNotFoundError:
+         logging.error(f"Repository {REPO_ID} not found.")
+         if not os.path.exists(DATA_FILE):
+             with open(DATA_FILE, 'w', encoding='utf-8') as f:
+                 json.dump({'users': {}}, f)
+             logging.info(f"Created empty local database file: {DATA_FILE}")
     except hf_utils.EntryNotFoundError:
-        logging.warning(f"{DATA_FILE} not found in repo. Initializing empty DB locally.")
+        logging.warning(f"{DATA_FILE} not found in repository {REPO_ID}. Initializing empty database.")
         if not os.path.exists(DATA_FILE):
-            with open(DATA_FILE, 'w', encoding='utf-8') as f: json.dump({'users': {}}, f)
+            with open(DATA_FILE, 'w', encoding='utf-8') as f:
+                json.dump({'users': {}}, f)
+            logging.info(f"Created empty local database file: {DATA_FILE}")
     except Exception as e:
-        logging.error(f"Error downloading database: {e}")
+        logging.exception("Error downloading database:")
         if not os.path.exists(DATA_FILE):
-            with open(DATA_FILE, 'w', encoding='utf-8') as f: json.dump({'users': {}}, f)
+            with open(DATA_FILE, 'w', encoding='utf-8') as f:
+                json.dump({'users': {}}, f)
+            logging.info(f"Created empty local database file: {DATA_FILE}")
+
 
 def periodic_backup():
+    if not HF_TOKEN_WRITE:
+         logging.warning("Periodic backup disabled: HF_TOKEN_WRITE not set.")
+         return
     while True:
-        time.sleep(1800) # Backup every 30 minutes
-        logging.info("Starting periodic backup...")
-        data = load_data() # Load current data before saving
-        save_data(data)
-
-# --- Telegram Validation ---
-def check_telegram_authorization(auth_data: str, bot_token: str) -> dict | None:
-    if not auth_data: return None
-    try:
-        parsed_data = dict(parse_qsl(unquote(auth_data)))
-        if "hash" not in parsed_data: return None
-
-        telegram_hash = parsed_data.pop('hash')
-        auth_date_ts = int(parsed_data.get('auth_date', 0))
-        current_ts = int(time.time())
-        if current_ts - auth_date_ts > AUTH_DATA_LIFETIME:
-             logging.warning(f"Auth data expired: {current_ts - auth_date_ts} seconds old.")
-             return None
-
-        data_check_string = "\n".join(sorted([f"{k}={v}" for k, v in parsed_data.items()]))
-        secret_key = hmac.new("WebAppData".encode(), bot_token.encode(), hashlib.sha256).digest()
-        calculated_hash = hmac.new(secret_key, data_check_string.encode(), hashlib.sha256).hexdigest()
-
-        if calculated_hash == telegram_hash:
-            user_data_str = parsed_data.get('user')
-            if user_data_str:
-                try:
-                    return json.loads(user_data_str)
-                except json.JSONDecodeError:
-                    logging.error("Failed to decode user JSON from initData")
-                    return None
-            return {} # Valid hash, but no user field? Return empty dict
-        else:
-            logging.warning("Hash mismatch during validation.")
-            return None
-    except Exception as e:
-        logging.error(f"Error during Telegram validation: {e}")
-        return None
-
-# --- HTML Template ---
-HTML_TEMPLATE = """
-<!DOCTYPE html>
-<html lang="ru">
-<head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">
-    <title>Zeus Cloud</title>
-    <script src="https://telegram.org/js/telegram-web-app.js"></script>
-    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.0.0/css/all.min.css"> <!-- Font Awesome for icons -->
-    <style>
-        :root {
-            --tg-theme-bg-color: var(--tg-bg-color, #ffffff);
-            --tg-theme-text-color: var(--tg-text-color, #000000);
-            --tg-theme-hint-color: var(--tg-hint-color, #999999);
-            --tg-theme-link-color: var(--tg-link-color, #2481cc);
-            --tg-theme-button-color: var(--tg-button-color, #5288c1);
-            --tg-theme-button-text-color: var(--tg-button-text-color, #ffffff);
-            --tg-theme-secondary-bg-color: var(--tg-secondary-bg-color, #f1f1f1);
-            --tg-viewport-height: var(--tg-viewport-stable-height, 100vh);
-            --tg-header-color: var(--tg-header-bg-color, #ffffff);
-            --border-color: var(--tg-secondary-bg-color);
-            --hover-bg-color: rgba(0, 0, 0, 0.05); /* Subtle hover for light theme */
-            --ios-blue: #007AFF;
-            --ios-red: #FF3B30;
-            --ios-gray: #8E8E93;
-            --ios-light-gray: #C7C7CC;
-            --ios-bg-grouped: #F2F2F7;
-            --ios-separator: #C6C6C8;
-        }
-
-        @media (prefers-color-scheme: dark) {
-            :root {
-                --hover-bg-color: rgba(255, 255, 255, 0.1);
-                --ios-bg-grouped: #1C1C1E;
-                --ios-separator: #38383A;
-            }
-            body.dark { /* Force dark mode styles if needed */
-               --tg-theme-bg-color: var(--tg-bg-color, #000000);
-               --tg-theme-text-color: var(--tg-text-color, #ffffff);
-               --tg-theme-hint-color: var(--tg-hint-color, #7f7f7f);
-               --tg-theme-link-color: var(--tg-link-color, #2ea6ff);
-               --tg-theme-button-color: var(--tg-button-color, #5288c1);
-               --tg-theme-button-text-color: var(--tg-button-text-color, #ffffff);
-               --tg-theme-secondary-bg-color: var(--tg-secondary-bg-color, #1c1c1e);
-               --tg-header-color: var(--tg-header-bg-color, #1c1c1e);
-               --border-color: var(--tg-secondary-bg-color);
-            }
-        }
-
-        html { box-sizing: border-box; -webkit-text-size-adjust: 100%; }
-        *, *:before, *:after { box-sizing: inherit; }
-
-        body {
-            font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif;
-            margin: 0;
-            padding: 0;
-            background-color: var(--tg-theme-bg-color);
-            color: var(--tg-theme-text-color);
-            font-size: 17px;
-            line-height: 1.4;
-            min-height: var(--tg-viewport-height);
-            display: flex;
-            flex-direction: column;
-            -webkit-font-smoothing: antialiased;
-            -moz-osx-font-smoothing: grayscale;
-        }
-
-        .header {
-            background-color: var(--tg-header-color);
-            padding: 10px 15px;
-            border-bottom: 1px solid var(--border-color);
-            display: flex;
-            align-items: center;
-            justify-content: space-between;
-            position: sticky;
-            top: 0;
-            z-index: 100;
-            min-height: 44px;
-        }
-        .header-title { font-weight: 600; font-size: 17px; }
-        .header-actions button { background: none; border: none; color: var(--tg-theme-link-color); font-size: 17px; cursor: pointer; padding: 5px; }
-
-        .main-content { padding: 15px; flex-grow: 1; }
-
-        .loading, .error { text-align: center; padding: 40px 15px; color: var(--tg-theme-hint-color); }
-        .error { color: var(--ios-red); }
+        time.sleep(1800) # 30 minutes
+        try:
+            save_data(load_data()) # Ensure we save the latest state
+        except Exception as e:
+            logging.error(f"Periodic backup failed: {e}")
 
-        .breadcrumbs { margin-bottom: 15px; font-size: 14px; color: var(--tg-theme-hint-color); word-break: break-all; }
-        .breadcrumbs a { color: var(--tg-theme-link-color); text-decoration: none; }
-        .breadcrumbs span { margin: 0 3px; }
 
-        .folder-actions { background-color: var(--tg-theme-secondary-bg-color); padding: 10px; border-radius: 8px; margin-bottom: 15px; display: flex; gap: 10px; flex-wrap: wrap; }
-        .folder-actions input[type=text] { flex-grow: 1; padding: 8px 12px; border: 1px solid var(--border-color); background-color: var(--tg-theme-bg-color); color: var(--tg-theme-text-color); border-radius: 6px; font-size: 16px; min-width: 150px; }
-        .folder-actions .btn { font-size: 16px; padding: 8px 15px; }
+def get_file_type(filename):
+    filename_lower = filename.lower()
+    if filename_lower.endswith(('.mp4', '.mov', '.avi', '.webm', '.mkv')):
+        return 'video'
+    elif filename_lower.endswith(('.jpg', '.jpeg', '.png', '.gif', '.bmp', '.webp', '.svg')):
+        return 'image'
+    elif filename_lower.endswith('.pdf'):
+        return 'pdf'
+    elif filename_lower.endswith('.txt'):
+        return 'text'
+    return 'other'
 
-        .upload-section { margin-bottom: 15px; }
-        .upload-section input[type=file] { display: none; } /* Скрываем стандартный инпут */
-        .upload-label { /* Стилизуем лейбл как кнопку */
-            display: block; /* Или inline-block */
-            padding: 10px 15px;
-            background-color: var(--tg-theme-button-color);
-            color: var(--tg-theme-button-text-color);
-            border-radius: 8px;
-            cursor: pointer;
-            text-align: center;
-            font-weight: 500;
-            transition: opacity 0.2s;
-        }
-        .upload-label:hover { opacity: 0.85; }
-        .upload-label i { margin-right: 8px; }
+def get_user_data(user_id):
+    data = load_data()
+    user_id_str = str(user_id) # Ensure ID is string key
+    return data['users'].get(user_id_str)
 
+def save_user_data(user_id, user_data):
+    data = load_data()
+    user_id_str = str(user_id)
+    data['users'][user_id_str] = user_data
+    save_data(data)
 
-        .item-list { list-style: none; padding: 0; margin: 0; }
-        .item {
-            display: flex;
-            align-items: center;
-            padding: 12px 15px;
-            border-bottom: 1px solid var(--ios-separator);
-            cursor: pointer;
-            background-color: var(--tg-theme-secondary-bg-color); /* Grouped background */
-            transition: background-color 0.2s ease;
-        }
-         .item:first-child { border-top-left-radius: 10px; border-top-right-radius: 10px; }
-         .item:last-child { border-bottom-left-radius: 10px; border-bottom-right-radius: 10px; border-bottom: none; }
+def get_current_user():
+    user_id = session.get('user_id')
+    if user_id:
+        return get_user_data(user_id)
+    return None
+
+def requires_auth(f):
+    from functools import wraps
+    @wraps(f)
+    def decorated(*args, **kwargs):
+        if 'user_id' not in session:
+            # For Mini App, return JSON error or specific response
+            # For traditional web, redirect to login
+            # Since this is a single-file Mini App, we assume JSON API calls
+            return jsonify({"status": "error", "message": "Authentication required"}), 401
+        return f(*args, **kwargs)
+    return decorated
 
-        .item:hover { background-color: var(--hover-bg-color); }
+@app.route('/')
+def index():
+    current_folder_id = request.args.get('folder_id', 'root')
+    # Pass dummy folder ID to template for initial JS load
+    return Response(render_template_string(HTML_TEMPLATE, current_folder_id=current_folder_id, REPO_ID=REPO_ID, HF_TOKEN_READ=HF_TOKEN_READ), mimetype='text/html')
 
-        .item-icon {
-            font-size: 24px;
-            width: 35px;
-            text-align: center;
-            margin-right: 15px;
-            flex-shrink: 0;
-        }
-        .item-icon.fa-folder { color: var(--ios-blue); }
-        .item-icon.fa-file-lines { color: var(--ios-gray); } /* text */
-        .item-icon.fa-file-image { color: #34C759; } /* green */
-        .item-icon.fa-file-video { color: #FF9500; } /* orange */
-        .item-icon.fa-file-pdf { color: var(--ios-red); }
-        .item-icon.fa-file-audio { color: #AF52DE; } /* purple */
-        .item-icon.fa-file-archive { color: #5AC8FA; } /* light blue */
-        .item-icon.fa-file-word { color: #007AFF; } /* blue */
-        .item-icon.fa-file-excel { color: #34C759; } /* green */
-        .item-icon.fa-file-powerpoint { color: #FF9500; } /* orange */
-        .item-icon.fa-file-alt { color: var(--ios-light-gray); } /* other */
-
-        .item-details { flex-grow: 1; overflow: hidden; }
-        .item-name { font-weight: 500; white-space: nowrap; overflow: hidden; text-overflow: ellipsis; display: block; }
-        .item-meta { font-size: 13px; color: var(--tg-theme-hint-color); white-space: nowrap; overflow: hidden; text-overflow: ellipsis; margin-top: 2px; }
-
-        .item-actions { margin-left: 10px; display: flex; gap: 5px; flex-shrink: 0; }
-        .item-actions .btn { padding: 4px 8px; font-size: 13px; background: none; border: none; cursor: pointer; }
-        .item-actions .btn-download { color: var(--ios-blue); }
-        .item-actions .btn-preview { color: #AF52DE; } /* purple */
-        .item-actions .btn-delete { color: var(--ios-red); }
-
-        .empty-folder { text-align: center; color: var(--tg-theme-hint-color); padding: 30px 15px; }
-
-        .btn {
-            padding: 10px 18px;
-            background-color: var(--tg-theme-button-color);
-            color: var(--tg-theme-button-text-color);
-            border: none;
-            border-radius: 8px;
-            cursor: pointer;
-            font-size: 17px;
-            font-weight: 500;
-            transition: opacity 0.2s;
-            display: inline-block;
-            text-decoration: none;
-            text-align: center;
-        }
-        .btn:hover { opacity: 0.85; }
-        .btn-delete { background-color: var(--ios-red); }
-        .btn-folder { background-color: var(--ios-blue); }
-        .btn-link { background: none; color: var(--tg-theme-link-color); padding: 5px; }
-
-        #progress-container { width: calc(100% - 30px); margin: 15px auto; background: var(--tg-theme-secondary-bg-color); border-radius: 4px; display: none; position: relative; height: 8px; overflow: hidden; }
-        #progress-bar { width: 0%; height: 100%; background: var(--ios-blue); transition: width 0.3s ease; }
-        #progress-text { display: none; } /* Hide percentage text for cleaner look */
-
-        /* Modal Styles */
-        .modal { display: none; position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: rgba(0, 0, 0, 0.8); z-index: 2000; justify-content: center; align-items: center; }
-        .modal-content { max-width: 95%; max-height: 95%; background: var(--tg-theme-secondary-bg-color); padding: 10px; border-radius: 14px; overflow: auto; position: relative; }
-        .modal img, .modal video, .modal iframe, .modal pre { max-width: 100%; max-height: 85vh; display: block; margin: auto; border-radius: 8px; }
-        .modal iframe { width: 90vw; height: 85vh; border: none; background: white; } /* Ensure PDF iframe has bg */
-        .modal pre { background: var(--tg-theme-bg-color); color: var(--tg-theme-text-color); padding: 15px; border-radius: 8px; white-space: pre-wrap; word-wrap: break-word; text-align: left; max-height: 85vh; overflow-y: auto; font-family: monospace; }
-        .modal-close-btn { position: absolute; top: 5px; right: 10px; font-size: 28px; color: var(--tg-theme-hint-color); cursor: pointer; background: rgba(0,0,0,0.1); border-radius: 50%; width: 30px; height: 30px; line-height: 30px; text-align: center; z-index: 2001;}
 
-    </style>
-</head>
-<body>
-    <div id="app">
-        <div class="loading" id="loading-indicator">
-            <p>Загрузка данных...</p>
-        </div>
+@app.route('/validate', methods=['POST'])
+def validate_data():
+    if BOT_TOKEN == 'YOUR_BOT_TOKEN':
+         logging.warning("Using placeholder BOT_TOKEN. Validation will fail.")
+         # Decide whether to allow bypassing for testing or return error
+         # For security, better return error in production if token is default
+         # return jsonify({"status": "error", "message": "Server configuration error: BOT_TOKEN not set"}), 500
+         # Allowing bypass for local testing:
+         # if request.remote_addr in ['127.0.0.1', '::1']:
+         #      dummy_user = {"id": 123, "first_name": "Тестовый", "last_name": "Пользователь", "username": "test_user", "language_code": "ru", "is_premium": False}
+         #      session['user_id'] = dummy_user['id']
+         #      session['user_data'] = dummy_user # Store basic data in session
+         #      data = load_data()
+         #      if str(dummy_user['id']) not in data['users']:
+         #          data['users'][str(dummy_user['id'])] = {**dummy_user, 'created_at': datetime.now().strftime('%Y-%m-%d %H:%M:%S'), 'filesystem': {"type": "folder", "id": "root", "name": "root", "children": []}}
+         #          save_data(data)
+         #      return jsonify({"status": "ok", "user": dummy_user})
+         # else:
+         return jsonify({"status": "error", "message": "BOT_TOKEN не настроен на сервере"}), 500
 
-        <div class="error" id="error-indicator" style="display: none;">
-            <p id="error-message"></p>
-            <button class="btn" onclick="initializeApp()">Попробовать снова</button>
-        </div>
 
-        <div id="file-manager" style="display: none;">
-            <div class="header">
-                 <button id="back-button" style="visibility: hidden;" onclick="goBack()"> <i class="fas fa-chevron-left"></i> Назад</button>
-                 <span class="header-title" id="header-folder-name">Файлы</span>
-                 <button onclick="Telegram.WebApp.close()">Закрыть</button>
-            </div>
-
-            <div class="main-content">
-                <div class="breadcrumbs" id="breadcrumbs-container"></div>
-
-                <div class="folder-actions">
-                    <input type="text" id="new-folder-name" placeholder="Имя новой папки">
-                    <button class="btn btn-folder" onclick="createFolder()">Создать</button>
-                </div>
-
-                <div class="upload-section">
-                     <label for="file-input" class="upload-label">
-                         <i class="fas fa-cloud-upload-alt"></i> Загрузить файлы
-                     </label>
-                     <input type="file" id="file-input" multiple onchange="uploadFiles(this.files)">
-                     <div id="progress-container"><div id="progress-bar"></div><div id="progress-text">0%</div></div>
-                </div>
-
-                <ul class="item-list" id="item-list-container">
-                    <!-- Items will be loaded here -->
-                </ul>
-                 <div class="empty-folder" id="empty-folder-indicator" style="display: none;">
-                     <p>Эта папка пуста.</p>
-                 </div>
-            </div>
-        </div>
-    </div>
+    data = request.get_json()
+    if not data or 'initData' not in data:
+        return jsonify({"status": "error", "message": "Missing initData in request"}), 400
 
-    <div class="modal" id="mediaModal" onclick="closeModal(event)">
-        <div class="modal-content" id="modalContentContainer">
-            <span onclick="closeModalManual()" class="modal-close-btn">×</span>
-            <div id="modalContent"></div>
-        </div>
-    </div>
+    init_data_string = data['initData']
+    validated_user_data = check_telegram_authorization(init_data_string, BOT_TOKEN)
+
+    if validated_user_data:
+        user_id = validated_user_data['id']
+        session['user_id'] = user_id # Use Telegram user ID as primary session key
+        session['user_data'] = validated_user_data # Store the validated user data
+
+        # Load/create user in database
+        db_data = load_data()
+        user_id_str = str(user_id)
+        if user_id_str not in db_data['users']:
+            db_data['users'][user_id_str] = {
+                **validated_user_data, # Save all Telegram data
+                'created_at': datetime.now().strftime('%Y-%m-%d %H:%M:%S'),
+                'filesystem': {"type": "folder", "id": "root", "name": "root", "children": []}
+            }
+            logging.info(f"New user registered: {user_id}")
+        else:
+             # Optionally update user data (username, photo_url etc.) on subsequent logins
+             db_data['users'][user_id_str].update(validated_user_data)
+             logging.info(f"User {user_id} logged in.")
 
-    <script>
-        const tg = window.Telegram.WebApp;
-        const loadingIndicator = document.getElementById('loading-indicator');
-        const errorIndicator = document.getElementById('error-indicator');
-        const errorMessageEl = document.getElementById('error-message');
-        const fileManagerEl = document.getElementById('file-manager');
-        const itemListContainer = document.getElementById('item-list-container');
-        const breadcrumbsContainer = document.getElementById('breadcrumbs-container');
-        const headerFolderName = document.getElementById('header-folder-name');
-        const backButton = document.getElementById('back-button');
-        const emptyFolderIndicator = document.getElementById('empty-folder-indicator');
-
-        let currentFolderId = 'root';
-        let userSessionData = null; // To store user info after validation
-        let historyStack = [];
-
-        function showLoading() {
-            loadingIndicator.style.display = 'block';
-            errorIndicator.style.display = 'none';
-            fileManagerEl.style.display = 'none';
-        }
 
-        function showError(message) {
-            errorMessageEl.textContent = message || 'Произошла ошибка.';
-            loadingIndicator.style.display = 'none';
-            errorIndicator.style.display = 'block';
-            fileManagerEl.style.display = 'none';
-            tg.HapticFeedback.notificationOccurred('error');
-        }
+        # Ensure filesystem is initialized (backward compatibility)
+        initialize_user_filesystem(db_data['users'][user_id_str])
 
-        function showFileManager() {
-            loadingIndicator.style.display = 'none';
-            errorIndicator.style.display = 'none';
-            fileManagerEl.style.display = 'block';
-        }
+        try:
+            save_data(db_data)
+        except Exception as e:
+             logging.error(f"Error saving user data {user_id} after validation: {e}")
+             # Continue anyway, but log error
 
-        // --- API Interaction ---
-        async function apiRequest(endpoint, method = 'GET', body = null, isFormData = false) {
-            const headers = {};
-            if (!isFormData && body) {
-                headers['Content-Type'] = 'application/json';
-            }
-            // Include initData for backend validation in session
-            // headers['X-Telegram-Init-Data'] = tg.initData; // Optional: Send for re-validation if needed
+        return jsonify({"status": "ok", "user": validated_user_data})
+    else:
+        session.pop('user_id', None)
+        session.pop('user_data', None)
+        return jsonify({"status": "error", "message": "Invalid Telegram authorization data"}), 403 # 403 Forbidden
 
-            try {
-                const response = await fetch(endpoint, {
-                    method: method,
-                    headers: headers,
-                    body: isFormData ? body : (body ? JSON.stringify(body) : null)
-                });
+@app.route('/dashboard', methods=['GET', 'POST'])
+@requires_auth
+def dashboard():
+    user_id = session['user_id']
+    db_data = load_data()
+    user_data = db_data['users'].get(str(user_id))
 
-                if (response.status === 401) { // Unauthorized
-                    showError("Сессия истекла или недействительна. Пожалуйста, перезапустите приложение.");
-                    userSessionData = null; // Clear session data
-                    return null;
-                }
-                 if (response.status === 403) { // Forbidden (e.g., hash validation failed on server)
-                     showError("Ошибка авторизации Telegram. Попробуйте перезапустить.");
-                     return null;
-                 }
+    if not user_data or 'filesystem' not in user_data:
+         # This should not happen if validate worked, but as a fallback
+         logging.error(f"User data or filesystem missing for validated user ID: {user_id}")
+         session.pop('user_id', None)
+         session.pop('user_data', None)
+         return jsonify({"status": "error", "message": "Internal server error: User data corrupted."}), 500
 
-                if (!response.ok) {
-                    let errorMsg = `Ошибка ${response.status}`;
-                    try {
-                        const errorData = await response.json();
-                        errorMsg = errorData.message || errorMsg;
-                    } catch (e) { /* Ignore if error body is not JSON */ }
-                    throw new Error(errorMsg);
-                }
 
-                // Handle different content types
-                 const contentType = response.headers.get("content-type");
-                 if (contentType && contentType.indexOf("application/json") !== -1) {
-                     return await response.json();
-                 } else {
-                     return await response.text(); // Or handle blob/other types if needed
-                 }
+    if request.method == 'POST':
+        if not HF_TOKEN_WRITE:
+             return jsonify({"status": "error", "message": "Загрузка невозможна: токен для записи не настроен."}), 503
 
-            } catch (error) {
-                console.error(`API Request Error (${endpoint}):`, error);
-                showError(`Сетевая ошибка или ошибка сервера: ${error.message}`);
-                throw error; // Re-throw to stop further processing in the caller
-            }
-        }
+        files = request.files.getlist('files')
+        target_folder_id = request.form.get('current_folder_id', 'root')
 
-        // --- Filesystem Rendering ---
-         function getFileIconClass(fileType) {
-             switch (fileType) {
-                 case 'folder': return 'fas fa-folder';
-                 case 'image': return 'fas fa-file-image';
-                 case 'video': return 'fas fa-file-video';
-                 case 'pdf': return 'fas fa-file-pdf';
-                 case 'text': return 'fas fa-file-lines'; // Changed icon
-                 case 'audio': return 'fas fa-file-audio';
-                 case 'archive': return 'fas fa-file-archive';
-                 case 'doc': return 'fas fa-file-word';
-                 case 'xls': return 'fas fa-file-excel';
-                 case 'ppt': return 'fas fa-file-powerpoint';
-                 default: return 'fas fa-file-alt'; // Generic file icon
-             }
-         }
+        if not files or all(not f.filename for f in files):
+             return jsonify({"status": "error", "message": "Файлы для загрузки не выбраны."}), 400
 
-         function renderItems(items) {
-             itemListContainer.innerHTML = ''; // Clear previous items
-             if (!items || items.length === 0) {
-                 emptyFolderIndicator.style.display = 'block';
-                 return;
-             }
-             emptyFolderIndicator.style.display = 'none';
-
-             items.sort((a, b) => {
-                 if (a.type === 'folder' && b.type !== 'folder') return -1;
-                 if (a.type !== 'folder' && b.type === 'folder') return 1;
-                 const nameA = a.name || a.original_filename || '';
-                 const nameB = b.name || b.original_filename || '';
-                 return nameA.localeCompare(nameB, undefined, { numeric: true, sensitivity: 'base' });
-             });
-
-             items.forEach(item => {
-                 const li = document.createElement('li');
-                 li.className = 'item';
-                 const name = item.type === 'folder' ? item.name : item.original_filename;
-                 const iconClass = getFileIconClass(item.type === 'folder' ? 'folder' : item.file_type);
-
-                 let actionsHtml = '';
-                 if (item.type === 'file') {
-                      actionsHtml += `<button class="btn btn-download" onclick="event.stopPropagation(); downloadFile('${item.id}', '${item.original_filename}');"><i class="fas fa-download"></i></button>`;
-                      const previewable = ['image', 'video', 'pdf', 'text'].includes(item.file_type);
-                      if (previewable) {
-                          const previewUrl = item.file_type === 'text'
-                              ? `/text_content/${item.id}`
-                              : `/download/${item.id}`; // Use download URL for preview for others
-                          actionsHtml += `<button class="btn btn-preview" onclick="event.stopPropagation(); openModal('${previewUrl}', '${item.file_type}', '${item.id}');"><i class="fas fa-eye"></i></button>`;
-                      }
-                      actionsHtml += `<button class="btn btn-delete" onclick="event.stopPropagation(); deleteItem('${item.id}', '${name}', 'file');"><i class="fas fa-trash"></i></button>`;
-                 } else { // Folder actions
-                      actionsHtml += `<button class="btn btn-delete" onclick="event.stopPropagation(); deleteItem('${item.id}', '${name}', 'folder');"><i class="fas fa-trash"></i></button>`;
-                 }
+        if len(files) > 20:
+            return jsonify({"status": "error", "message": "Максимум 20 файлов за раз!"}), 400
 
+        target_folder_node, _ = find_node_by_id(user_data['filesystem'], target_folder_id)
 
-                 li.innerHTML = `
-                     <i class="item-icon ${iconClass}"></i>
-                     <div class="item-details">
-                         <span class="item-name">${name}</span>
-                         ${item.type === 'file' ? `<span class="item-meta">${item.upload_date || ''}</span>` : ''}
-                     </div>
-                     <div class="item-actions">
-                         ${actionsHtml}
-                     </div>
-                 `;
+        if not target_folder_node or target_folder_node.get('type') != 'folder':
+             logging.error(f"Upload failed: Target folder {target_folder_id} not found for user {user_id}")
+             return jsonify({"status": "error", "message": "Целевая папка для загрузки не найдена!"}), 404
 
-                 if (item.type === 'folder') {
-                     li.onclick = () => navigateToFolder(item.id);
-                 } else {
-                      // Maybe open preview directly on item click?
-                      const previewable = ['image', 'video', 'pdf', 'text'].includes(item.file_type);
-                      if (previewable) {
-                           const previewUrl = item.file_type === 'text' ? `/text_content/${item.id}` : `/download/${item.id}`;
-                           li.onclick = () => openModal(previewUrl, item.file_type, item.id);
-                      } else {
-                          li.style.cursor = 'default'; // Non-previewable files
-                      }
-                 }
-                 itemListContainer.appendChild(li);
-             });
-         }
+        api = HfApi()
+        uploaded_count = 0
+        errors = []
+        uploaded_file_paths = [] # Track successful HF uploads for cleanup if DB save fails
+
+        for file in files:
+            if file and file.filename:
+                original_filename = secure_filename(file.filename)
+                # Create a unique filename for HF Hub storage using Telegram user ID and UUID
+                name_part, ext_part = os.path.splitext(original_filename)
+                unique_suffix = uuid.uuid4().hex[:8]
+                unique_filename = f"{name_part}_{unique_suffix}{ext_part}"
+                file_id = uuid.uuid4().hex # Unique ID for database node
+
+                # Use user ID in HF path for robustness
+                hf_path = f"cloud_files/{user_id}/{target_folder_id}/{unique_filename}"
+                temp_path = os.path.join(UPLOAD_FOLDER, f"{file_id}_{unique_filename}")
 
-         function renderBreadcrumbs(path) {
-             breadcrumbsContainer.innerHTML = '';
-             path.forEach((crumb, index) => {
-                 if (index > 0) {
-                     breadcrumbsContainer.innerHTML += `<span>/</span>`;
-                 }
-                 if (index < path.length - 1) {
-                     const a = document.createElement('a');
-                     a.href = '#';
-                     a.textContent = crumb.name;
-                     a.onclick = (e) => {
-                         e.preventDefault();
-                         // Find the folder in history and navigate back
-                         const targetIndex = historyStack.findIndex(h => h.id === crumb.id);
-                         if (targetIndex > -1) {
-                              const historyToKeep = historyStack.slice(0, targetIndex + 1);
-                              historyStack = historyToKeep;
-                              const targetFolder = historyStack.pop(); // Remove current to force reload
-                              navigateToFolder(targetFolder.id, true); // true to skip adding to history again
-                         } else {
-                              navigateToFolder(crumb.id); // Should ideally not happen if path is from history
-                         }
-                     };
-                     breadcrumbsContainer.appendChild(a);
-                 } else {
-                     const span = document.createElement('span');
-                     span.textContent = crumb.name;
-                     breadcrumbsContainer.appendChild(span);
-                 }
-             });
-         }
+                try:
+                    file.save(temp_path)
+
+                    api.upload_file(
+                        path_or_fileobj=temp_path,
+                        path_in_repo=hf_path,
+                        repo_id=REPO_ID,
+                        repo_type="dataset",
+                        token=HF_TOKEN_WRITE,
+                        commit_message=f"User {user_id} uploaded {original_filename} to folder {target_folder_id}"
+                    )
+                    uploaded_file_paths.append(hf_path) # Add to cleanup list if DB fails
+
+                    file_info = {
+                        'type': 'file',
+                        'id': file_id,
+                        'original_filename': original_filename,
+                        'unique_filename': unique_filename,
+                        'path': hf_path, # Store full HF path
+                        'file_type': get_file_type(original_filename),
+                        'upload_date': datetime.now().strftime('%Y-%m-%d %H:%M:%S')
+                    }
+
+                    if add_node(user_data['filesystem'], target_folder_id, file_info):
+                        uploaded_count += 1
+                    else:
+                        errors.append(f"Ошибка добавления метаданных для {original_filename}.")
+                        logging.error(f"Failed to add node metadata for file {file_id} to folder {target_folder_id} for user {user_id}. HF Path: {hf_path}")
+                        # Don't delete from HF here, cleanup after save_data attempt
+
+                except Exception as e:
+                    logging.exception(f"Error uploading file {original_filename} for {user_id} to HF Path {hf_path}:")
+                    errors.append(f"Ошибка загрузки файла {original_filename}: {e}")
+                finally:
+                    if os.path.exists(temp_path):
+                        os.remove(temp_path)
+
+        # Attempt to save data after all files processed
+        if uploaded_count > 0 or errors: # Only save if something was attempted
+            try:
+                save_data(db_data)
+                logging.info(f"{uploaded_count} files uploaded, DB updated for user {user_id}")
+            except Exception as e:
+                 logging.exception(f"Error saving data after upload for user {user_id}:")
+                 save_error_message = 'Файлы загружены на сервер, но произошла ошибка сохранения метаданных.'
+                 errors.append(save_error_message)
+                 # Attempt to clean up uploaded files from HF if DB save failed critically
+                 logging.warning(f"Attempting to clean up {len(uploaded_file_paths)} files from HF due to DB save error.")
+                 for path_to_clean in uploaded_file_paths:
+                     try:
+                          api.delete_file(path_in_repo=path_to_clean, repo_id=REPO_ID, repo_type="dataset", token=HF_TOKEN_WRITE)
+                          logging.info(f"Cleaned up file {path_to_clean} from HF.")
+                     except Exception as clean_err:
+                          logging.error(f"Failed to clean up file {path_to_clean} from HF after DB error: {clean_err}")
+                 # If DB save failed, the metadata might be lost. The files on HF might be orphaned
+                 # or some metadata might be partially added. Manual cleanup might be needed.
+
+        response_message = f'{uploaded_count} файл(ов) успешно загружено!' if uploaded_count > 0 else 'Файлы для загрузки не выбраны или произошли ошибки.'
+        if errors:
+            response_message += " Ошибки: " + "; ".join(errors)
+
+        return jsonify({"status": "ok" if not errors else "error", "message": response_message})
+
+
+    else: # GET request for dashboard
+        current_folder_id = request.args.get('folder_id', 'root')
+        current_folder, parent_folder = find_node_by_id(user_data['filesystem'], current_folder_id)
+
+        if not current_folder or current_folder.get('type') != 'folder':
+            logging.warning(f"Folder ID {current_folder_id} not found or not a folder for user {user_id}. Redirecting to root.")
+            current_folder_id = 'root'
+            current_folder, parent_folder = find_node_by_id(user_data['filesystem'], current_folder_id)
+            if not current_folder:
+                 logging.error(f"CRITICAL: Root folder not found for user {user_id}")
+                 session.pop('user_id', None)
+                 session.pop('user_data', None)
+                 return jsonify({"status": "error", "message": "Internal server error: Root folder not found."}), 500
+
+
+        items_in_folder = sorted(current_folder.get('children', []), key=lambda x: (x['type'] != 'folder', x.get('name', x.get('original_filename', '')).lower()))
+
+        breadcrumbs_list = get_node_path(user_data['filesystem'], current_folder_id)
+
+        # This GET endpoint now returns JSON data for the JS to render
+        return jsonify({
+            "status": "ok",
+            "current_folder_id": current_folder_id,
+            "current_folder_name": current_folder.get('name', 'root'),
+            "items": items_in_folder,
+            "breadcrumbs": breadcrumbs_list,
+            # Do NOT send user_data here, it's already sent during validate and stored in JS
+        })
 
 
-        // --- Navigation and Actions ---
-         async function loadFolderContent(folderId) {
-             currentFolderId = folderId;
-             showLoading(); // Show loading specifically for folder content
-             fileManagerEl.style.display = 'block'; // Ensure file manager is visible if previously hidden by error
-             errorIndicator.style.display = 'none'; // Hide error indicator
+@app.route('/create_folder', methods=['POST'])
+@requires_auth
+def create_folder():
+    user_id = session['user_id']
+    db_data = load_data()
+    user_data = db_data['users'].get(str(user_id))
 
+    if not user_data or 'filesystem' not in user_data:
+         logging.error(f"User data or filesystem missing during create_folder for user ID: {user_id}")
+         session.pop('user_id', None)
+         session.pop('user_data', None)
+         return jsonify({"status": "error", "message": "Internal server error."}), 500
 
-             try {
-                 const data = await apiRequest(`/filesystem/${folderId}`);
-                 if (data) {
-                     renderItems(data.items);
-                     renderBreadcrumbs(data.breadcrumbs);
-                     headerFolderName.textContent = data.current_folder_name || 'Файлы';
-                     backButton.style.visibility = folderId !== 'root' ? 'visible' : 'hidden';
-                     showFileManager(); // Ensure UI is shown after loading
-                 } else {
-                      // Error handled by apiRequest, but maybe show specific folder load error?
-                      showError(`Не удалось загрузить содержимое папки ${folderId}.`);
-                 }
-             } catch (error) {
-                  // Error is already shown by apiRequest
-                  // Ensure loading indicator is hidden if an error occurred during fetch
-                  loadingIndicator.style.display = 'none';
-             }
-         }
+    parent_folder_id = request.form.get('parent_folder_id', 'root')
+    folder_name = request.form.get('folder_name', '').strip()
 
-         function navigateToFolder(folderId, skipHistory = false) {
-             if (!skipHistory) {
-                  const currentFolderData = { id: currentFolderId, name: headerFolderName.textContent };
-                  historyStack.push(currentFolderData);
-             }
-             loadFolderContent(folderId);
-         }
+    if not folder_name:
+        return jsonify({"status": "error", "message": "Имя папки не может быть пустым!"}), 400
 
-        function goBack() {
-            if (historyStack.length > 0) {
-                const previousFolder = historyStack.pop();
-                loadFolderContent(previousFolder.id);
-            }
-        }
+    # Basic validation for folder name characters
+    if not /^[a-zA-Z0-9 _.-]+$/.test(folder_name):
+         return jsonify({"status": "error", "message": "Имя папки может содержать буквы, цифры, пробелы, тире и точки."}), 400
 
-        async function createFolder() {
-            const folderNameInput = document.getElementById('new-folder-name');
-            const folderName = folderNameInput.value.trim();
-            if (!folderName) {
-                tg.showAlert('Пожалуйста, введите имя папки.');
-                return;
-            }
-            if (!/^[a-zA-Z0-9 _-]+$/.test(folderName)) {
-                 tg.showAlert('Имя папки может содержать буквы, цифры, пробелы, дефисы и подчеркивания.');
-                 return;
-            }
 
-            try {
-                 tg.MainButton.showProgress();
-                 const result = await apiRequest('/folder', 'POST', {
-                     parent_folder_id: currentFolderId,
-                     folder_name: folderName
-                 });
-                 if (result && result.status === 'success') {
-                     folderNameInput.value = ''; // Clear input
-                     loadFolderContent(currentFolderId); // Refresh
-                     tg.HapticFeedback.notificationOccurred('success');
-                 } else {
-                      tg.showAlert(result?.message || 'Не удалось создать папку.');
-                 }
-            } catch (error) {
-                 // Error message handled by apiRequest
-            } finally {
-                 tg.MainButton.hideProgress();
-            }
-        }
+    folder_id = uuid.uuid4().hex
+    folder_data = {
+        'type': 'folder',
+        'id': folder_id,
+        'name': folder_name,
+        'children': []
+    }
 
-        function downloadFile(fileId, filename) {
-             // We can directly navigate to the download URL as the backend route handles auth via session
-             const downloadUrl = `/download/${fileId}`;
-             // Create a temporary link and click it
-             const link = document.createElement('a');
-             link.href = downloadUrl;
-             link.download = filename; // Suggest filename
-             document.body.appendChild(link);
-             link.click();
-             document.body.removeChild(link);
-             tg.HapticFeedback.impactOccurred('light');
-        }
+    if add_node(user_data['filesystem'], parent_folder_id, folder_data):
+        try:
+            save_data(db_data)
+            return jsonify({"status": "ok", "message": f'Папка "{folder_name}" успешно создана.', "folder_id": folder_id, "parent_folder_id": parent_folder_id})
+        except Exception as e:
+            logging.exception(f"Error saving data after creating folder for user {user_id}:")
+            return jsonify({"status": "error", "message": "Ошибка сохранения данных при создании папки."}), 500
+    else:
+        return jsonify({"status": "error", "message": "Не удалось найти родительскую папку."}), 404
 
-        function deleteItem(itemId, itemName, itemType) {
-             const typeText = itemType === 'folder' ? 'папку' : 'файл';
-             tg.showConfirm(`Вы уверены, что хотите удалить ${typeText} "${itemName}"? ${itemType === 'folder' ? 'Папку можно удалить только если она пуста.' : ''}`, async (confirmed) => {
-                 if (confirmed) {
-                     try {
-                          tg.MainButton.showProgress();
-                          const endpoint = itemType === 'folder' ? `/folder/${itemId}` : `/file/${itemId}`;
-                          const result = await apiRequest(endpoint, 'DELETE');
-                          if (result && result.status === 'success') {
-                              loadFolderContent(currentFolderId); // Refresh list
-                              tg.HapticFeedback.notificationOccurred('success');
-                          } else {
-                               tg.showAlert(result?.message || `Не удалось удалить ${typeText}.`);
-                               tg.HapticFeedback.notificationOccurred('error');
-                          }
-                     } catch (error) {
-                          // Error handled by apiRequest
-                     } finally {
-                          tg.MainButton.hideProgress();
-                     }
-                 }
-             });
-        }
 
-        // --- File Upload ---
-        function uploadFiles(files) {
-            if (!files || files.length === 0) return;
-            if (files.length > 20) {
-                 tg.showAlert('Можно загрузить не более 20 файлов за раз.');
-                 return;
-            }
+@app.route('/download/<file_id>')
+@requires_auth
+def download_file(file_id):
+    user_id = session['user_id']
+    db_data = load_data()
+    user_data = db_data['users'].get(str(user_id))
 
-            const formData = new FormData();
-            for (let i = 0; i < files.length; i++) {
-                formData.append('files', files[i]);
-            }
+    if not user_data or 'filesystem' not in user_data:
+         logging.error(f"User data or filesystem missing during download_file for user ID: {user_id}")
+         # Cannot return JSON here, this is a direct download route
+         flash('Internal server error: User data corrupted.', 'error')
+         return redirect(url_for('index'))
 
-            const progressBar = document.getElementById('progress-bar');
-            const progressContainer = document.getElementById('progress-container');
-            const uploadLabel = document.querySelector('.upload-label'); // Select the label
 
-            progressContainer.style.display = 'block';
-            progressBar.style.width = '0%';
-            uploadLabel.style.opacity = '0.5'; // Indicate loading state on label
-            uploadLabel.style.pointerEvents = 'none'; // Disable clicking label during upload
+    file_node, _ = find_node_by_id(user_data['filesystem'], file_id)
 
-            const xhr = new XMLHttpRequest();
-            xhr.open('POST', `/upload/${currentFolderId}`, true);
-            // Pass initData for session validation if needed, though session should work
-            // xhr.setRequestHeader('X-Telegram-Init-Data', tg.initData);
+    if not file_node or file_node.get('type') != 'file':
+         flash('Файл не найден!', 'error')
+         # Attempt to redirect back to the folder user was viewing
+         current_view_folder_id = request.args.get('current_view_folder_id', 'root')
+         return redirect(url_for('index', folder_id=current_view_folder_id)) # Redirect to index to reload Mini App
 
-            xhr.upload.addEventListener('progress', function(event) {
-                if (event.lengthComputable) {
-                    const percentComplete = Math.round((event.loaded / event.total) * 100);
-                    progressBar.style.width = percentComplete + '%';
-                }
-            });
 
-            xhr.addEventListener('load', function() {
-                progressContainer.style.display = 'none';
-                 progressBar.style.width = '0%';
-                 uploadLabel.style.opacity = '1';
-                 uploadLabel.style.pointerEvents = 'auto';
-                 document.getElementById('file-input').value = ''; // Clear file input
-
-                if (xhr.status >= 200 && xhr.status < 300) {
-                     try {
-                         const result = JSON.parse(xhr.responseText);
-                         if (result.status === 'success') {
-                             tg.HapticFeedback.notificationOccurred('success');
-                              if (result.message) tg.showAlert(result.message); // Show partial success/error messages
-                             loadFolderContent(currentFolderId); // Refresh
-                         } else {
-                              tg.showAlert(result.message || 'Ошибка при загрузке файлов.');
-                              tg.HapticFeedback.notificationOccurred('error');
-                         }
-                     } catch (e) {
-                          tg.showAlert('Ошибка обработки ответа сервера после загрузки.');
-                          tg.HapticFeedback.notificationOccurred('error');
-                     }
-
-                } else if (xhr.status === 401 || xhr.status === 403) {
-                     showError("Ошибка авторизации при загрузке. Перезапустите приложение.");
-                }
-                 else {
-                     tg.showAlert(`Ошибка загрузки: ${xhr.statusText || 'Неизвестная ошибка'}`);
-                     tg.HapticFeedback.notificationOccurred('error');
-                }
-            });
+    hf_path = file_node.get('path')
+    original_filename = file_node.get('original_filename', 'downloaded_file')
 
-            xhr.addEventListener('error', function() {
-                tg.showAlert('Произошла ошибка сети во время загрузки.');
-                 progressContainer.style.display = 'none';
-                 progressBar.style.width = '0%';
-                 uploadLabel.style.opacity = '1';
-                 uploadLabel.style.pointerEvents = 'auto';
-                 document.getElementById('file-input').value = '';
-                 tg.HapticFeedback.notificationOccurred('error');
-            });
+    if not hf_path:
+        flash('Ошибка: Путь к файлу не найден в метаданных.', 'error')
+        return redirect(url_for('index', folder_id=request.args.get('current_view_folder_id', 'root'))) # Redirect back
 
-             xhr.addEventListener('abort', function() {
-                 // User likely cancelled file selection, or network abort
-                 console.log('Upload aborted');
-                 progressContainer.style.display = 'none';
-                 progressBar.style.width = '0%';
-                 uploadLabel.style.opacity = '1';
-                 uploadLabel.style.pointerEvents = 'auto';
-                 document.getElementById('file-input').value = '';
-             });
 
+    file_url = f"https://huggingface.co/datasets/{REPO_ID}/resolve/main/{hf_path}"
 
-            xhr.send(formData);
-        }
+    try:
+        headers = {}
+        # Pass token if available for private repos, although resolve often works without it in headers
+        if HF_TOKEN_READ:
+            headers["authorization"] = f"Bearer {HF_TOKEN_READ}"
 
-        // --- Modal ---
-         const modal = document.getElementById('mediaModal');
-         const modalContent = document.getElementById('modalContent');
-
-         async function openModal(srcOrUrl, type, itemId) {
-             modalContent.innerHTML = '<p style="text-align: center; padding: 20px;">Загрузка...</p>';
-             modal.style.display = 'flex'; // Use flex for centering
-
-             try {
-                 if (type === 'image') {
-                     // Preload image
-                     const img = new Image();
-                     img.onload = () => { modalContent.innerHTML = ''; modalContent.appendChild(img); };
-                     img.onerror = () => { modalContent.innerHTML = '<p style="color: var(--ios-red); text-align: center; padding: 20px;">Не удалось загрузить изображение.</p>'; };
-                     img.src = srcOrUrl;
-                     img.alt = "Просмотр изображения";
-                 } else if (type === 'video') {
-                      // Use download URL directly for video source
-                     modalContent.innerHTML = `<video controls autoplay style='max-width: 95%; max-height: 85vh;'><source src="${srcOrUrl}?download=true" type="video/mp4">Ваш браузер не поддерживает видео.</video>`;
-                 } else if (type === 'pdf') {
-                      // Use download URL directly for iframe source
-                     modalContent.innerHTML = `<iframe src="${srcOrUrl}?download=true" title="Просмотр PDF"></iframe>`;
-                 } else if (type === 'text') {
-                     // Fetch text content using API endpoint
-                     const response = await fetch(srcOrUrl); // srcOrUrl is /text_content/id here
-                     if (!response.ok) throw new Error(`Ошибка загрузки текста: ${response.statusText}`);
-                     const text = await response.text();
-                      // Basic escaping for safety, though pre handles most
-                     const escapedText = text.replace(/</g, "<").replace(/>/g, ">");
-                     modalContent.innerHTML = `<pre>${escapedText}</pre>`;
-                 } else {
-                      modalContent.innerHTML = '<p>Предпросмотр для этого типа файла не поддерживается.</p>';
-                 }
-             } catch (error) {
-                  console.error("Error loading modal content:", error);
-                  modalContent.innerHTML = `<p style="color: var(--ios-red); text-align: center; padding: 20px;">Не удалось загрузить содержимое. ${error.message}</p>`;
-             }
-         }
+        # Stream the response to avoid loading large files into memory
+        response = requests.get(file_url, headers=headers, stream=True)
+        response.raise_for_status()
 
-         function closeModal(event) {
-             if (event.target === modal) { // Click outside content
-                 closeModalManual();
-             }
-         }
+        # Use Flask's send_file from a stream
+        return Response(response.iter_content(chunk_size=8192),
+                        headers={
+                            'Content-Disposition': f'attachment; filename="{original_filename}"',
+                            'Content-Type': response.headers.get('Content-Type', 'application/octet-stream')
+                        })
 
-         function closeModalManual() {
-              modal.style.display = 'none';
-              const video = modal.querySelector('video');
-              if (video) video.pause();
-              const iframe = modal.querySelector('iframe');
-              if (iframe) iframe.src = 'about:blank'; // Clear iframe
-              modalContent.innerHTML = ''; // Clear content
-         }
+    except requests.exceptions.RequestException as e:
+        logging.exception(f"Error downloading file from HF ({hf_path}) for user {user_id}:")
+        flash(f'Ошибка скачивания файла {original_filename}: {e}', 'error')
+        return redirect(url_for('index', folder_id=request.args.get('current_view_folder_id', 'root'))) # Redirect back
+    except Exception as e:
+        logging.exception(f"Unexpected error during download ({hf_path}) for user {user_id}:")
+        flash('Произошла непредвиденная ошибка при скачивании файла.', 'error')
+        return redirect(url_for('index', folder_id=request.args.get('current_view_folder_id', 'root'))) # Redirect back
 
 
-        // --- Initialization ---
-        async function initializeApp() {
-            showLoading();
-            tg.ready();
-            tg.expand();
+@app.route('/delete_file/<file_id>', methods=['POST'])
+@requires_auth
+def delete_file(file_id):
+    user_id = session['user_id']
+    db_data = load_data()
+    user_data = db_data['users'].get(str(user_id))
 
-            // Apply theme colors immediately
-             document.body.style.backgroundColor = tg.themeParams.bg_color || '#ffffff';
-             tg.setHeaderColor(tg.themeParams.secondary_bg_color || '#f1f1f1'); // Match header to secondary bg
-             if (tg.colorScheme === 'dark') {
-                  document.body.classList.add('dark');
-             }
+    if not user_data or 'filesystem' not in user_data:
+         logging.error(f"User data or filesystem missing during delete_file for user ID: {user_id}")
+         session.pop('user_id', None)
+         session.pop('user_data', None)
+         return jsonify({"status": "error", "message": "Internal server error."}), 500
 
-             // Add listener for theme changes
-             tg.onEvent('themeChanged', function() {
-                 document.body.style.backgroundColor = tg.themeParams.bg_color;
-                 tg.setHeaderColor(tg.themeParams.secondary_bg_color);
-                 if (tg.colorScheme === 'dark') {
-                     document.body.classList.add('dark');
-                 } else {
-                      document.body.classList.remove('dark');
-                 }
-             });
 
+    file_node, parent_node = find_node_by_id(user_data['filesystem'], file_id)
+    # current_view_folder_id is sent in JSON body now
+    request_data = request.get_json()
+    current_view_folder_id = request_data.get('current_view_folder_id', 'root')
 
-             if (!tg.initData || tg.initData.length === 0) {
-                 showError("Не удалось получить данные авторизации Telegram. Пожалуйста, запустите приложение внутри Telegram.");
-                 return;
-             }
 
-             if (BOT_TOKEN === 'YOUR_BOT_TOKEN') {
-                 console.warn("Using placeholder BOT_TOKEN! Validation will likely fail on server.");
-                 // Optionally show a warning in UI for local dev?
-             }
+    if not file_node or file_node.get('type') != 'file' or not parent_node:
+        return jsonify({"status": "error", "message": "Файл не найден или не может быть удален."}), 404
 
-             try {
-                 // Validate initData with the backend
-                 const validationResponse = await apiRequest('/validate_telegram', 'POST', { initData: tg.initData });
-
-                 if (validationResponse && validationResponse.status === 'ok') {
-                     userSessionData = validationResponse.user; // Store user data from backend response
-                     console.log("Telegram validation successful:", userSessionData);
-                     tg.HapticFeedback.notificationOccurred('success');
-                     // Load initial root folder content
-                     historyStack = []; // Reset history on fresh load
-                     await loadFolderContent('root');
-                 } else {
-                      showError(validationResponse?.message || "Ошибка валидации Telegram на сервере.");
-                 }
-             } catch (error) {
-                 // Error already shown by apiRequest or initial check
-                 console.error("Initialization failed:", error);
-             }
-        }
+    hf_path = file_node.get('path')
+    original_filename = file_node.get('original_filename', 'файл')
 
-         // --- Global Constants ---
-         const BOT_TOKEN = "{{ bot_token_placeholder }}"; // Placeholder replaced by Flask
+    if not hf_path:
+        logging.warning(f"File {original_filename} (ID: {file_id}) for user {user_id} has no HF path. Removing from DB only.")
+        if remove_node(user_data['filesystem'], file_id):
+            try:
+                save_data(db_data)
+                return jsonify({"status": "ok", "message": f'Метаданные файла "{original_filename}" удалены (путь отсутствовал).'})
+            except Exception as e:
+                logging.exception(f"Error saving data after deleting metadata (no path) for user {user_id}:")
+                return jsonify({"status": "error", "message": "Ошибка сохранения данных после удаления метаданных."}), 500
+        else:
+             logging.error(f"Failed to remove file node {file_id} (no path) from DB for user {user_id}.")
+             return jsonify({"status": "error", "message": "Ошибка удаления метаданных файла из базы данных."}), 500
 
-        // Start the app
-        initializeApp();
 
-    </script>
-</body>
-</html>
-"""
+    if not HF_TOKEN_WRITE:
+         return jsonify({"status": "error", "message": "Удаление невозможно: токен для записи не настроен."}), 503
 
-# --- Flask Routes ---
+    try:
+        api = HfApi()
+        api.delete_file(
+            path_in_repo=hf_path,
+            repo_id=REPO_ID,
+            repo_type="dataset",
+            token=HF_TOKEN_WRITE,
+            commit_message=f"User {user_id} deleted file {original_filename} (ID: {file_id})"
+        )
+        logging.info(f"Deleted file {hf_path} from HF Hub for user {user_id}")
 
-@app.route('/')
-def index():
-    """Serves the main Mini App HTML."""
-    # Replace placeholder in template - avoids exposing token directly in JS if inspected early
-    # Although, initData mechanism is the primary security layer.
-    html_content = HTML_TEMPLATE.replace("{{ bot_token_placeholder }}", "YOUR_BOT_TOKEN" if BOT_TOKEN == 'YOUR_BOT_TOKEN' else "HIDDEN")
-    return Response(html_content, mimetype='text/html')
-
-@app.route('/validate_telegram', methods=['POST'])
-def validate_telegram_data():
-    """Validates initData, creates user if new, and establishes session."""
-    if BOT_TOKEN == 'YOUR_BOT_TOKEN':
-         logging.warning("Attempting validation with placeholder BOT_TOKEN!")
-         # Return error immediately if token isn't set for production
-         # return jsonify({"status": "error", "message": "Server configuration error: Bot token not set."}), 500
+        if remove_node(user_data['filesystem'], file_id):
+            try:
+                save_data(db_data)
+                return jsonify({"status": "ok", "message": f'Файл "{original_filename}" успешно удален!'})
+            except Exception as e:
+                logging.exception(f"Error saving data after deleting file from HF for user {user_id}:")
+                return jsonify({"status": "error", "message": "Файл удален с сервера, но произошла ошибка обновления базы данных."}), 500
+        else:
+             logging.error(f"Failed to remove file node {file_id} from DB for user {user_id} after HF deletion.")
+             return jsonify({"status": "error", "message": "Файл удален с сервера, но не найден в базе данных для удаления."}), 500
 
-    data = request.get_json()
-    if not data or 'initData' not in data:
-        return jsonify({"status": "error", "message": "Missing initData"}), 400
 
-    init_data_string = data['initData']
-    validated_user_info = check_telegram_authorization(init_data_string, BOT_TOKEN)
-
-    if validated_user_info is not None and 'id' in validated_user_info:
-        user_id_str = str(validated_user_info['id'])
-        session['user_id'] = user_id_str
-        session['user_info'] = validated_user_info # Store full info if needed
-
-        # Check if user exists, create if not
-        all_data = load_data()
-        if user_id_str not in all_data['users']:
-            logging.info(f"New user detected: {user_id_str}, Name: {validated_user_info.get('first_name')}")
-            all_data['users'][user_id_str] = {
-                'tg_info': validated_user_info,
-                'created_at': datetime.now().strftime('%Y-%m-%d %H:%M:%S'),
-                'filesystem': { "type": "folder", "id": "root", "name": "root", "children": [] }
-            }
+    except hf_utils.EntryNotFoundError:
+        logging.warning(f"File {hf_path} not found on HF Hub during delete attempt for user {user_id}. Removing from DB.")
+        if remove_node(user_data['filesystem'], file_id):
             try:
-                save_data(all_data)
-                logging.info(f"New user {user_id_str} saved.")
+                save_data(db_data)
+                return jsonify({"status": "ok", "message": f'Файл "{original_filename}" не найден на сервере, удален из базы.'})
             except Exception as e:
-                 logging.error(f"Failed to save new user {user_id_str}: {e}")
-                 # Should we proceed or return error? Let's proceed but log.
+                 logging.exception(f"Error saving data after deleting metadata (HF not found) for user {user_id}:")
+                 return jsonify({"status": "error", "message": "Ошибка сохранения данных после удаления метаданных (файл не найден на сервере)."})
         else:
-            # Ensure filesystem exists for existing user (data integrity check)
-             if 'filesystem' not in all_data['users'][user_id_str] or not isinstance(all_data['users'][user_id_str]['filesystem'], dict):
-                 logging.warning(f"Filesystem missing or invalid for user {user_id_str}. Reinitializing.")
-                 initialize_user_filesystem(all_data['users'][user_id_str])
-                 # Optionally save immediately if structure was corrected
-                 # try: save_data(all_data)
-                 # except: logging.error(...)
-
-        return jsonify({"status": "ok", "user": validated_user_info})
-    else:
-        logging.warning("Telegram validation failed or user ID missing.")
-        session.clear() # Clear session on failed validation
-        return jsonify({"status": "error", "message": "Invalid Telegram data or expired session."}), 403
+             logging.error(f"Failed to remove file node {file_id} (HF not found) from DB for user {user_id}.")
+             return jsonify({"status": "error", "message": "Файл не найден ни на сервере, ни в базе данных."}), 500
 
-# --- Filesystem API Routes (Require Session) ---
+    except Exception as e:
+        logging.exception(f"Error deleting file {hf_path} for {user_id}:")
+        return jsonify({"status": "error", "message": f'Ошибка удаления файла "{original_filename}": {e}'}), 500
 
-@app.before_request
-def check_session():
-    # Allow access to '/' and '/validate_telegram' without session
-    if request.endpoint in ['index', 'validate_telegram_data', 'static']:
-        return
-    # Allow download and text_content if accessed via specific means (e.g., direct link after initial auth)
-    # This is less secure than validating initData on each request, but simpler for downloads.
-    # Consider adding more robust checks if needed.
-    if request.endpoint in ['download_file_route', 'get_text_content_route']:
-         # Maybe check a temporary token here in the future?
-         # For now, just rely on the existing session from the main app load.
-         pass
-
-    if 'user_id' not in session:
-        logging.warning(f"Unauthorized access attempt to {request.endpoint}. No user_id in session.")
-        return jsonify({"status": "error", "message": "Unauthorized. Please relaunch the app."}), 401
-
-@app.route('/filesystem/<folder_id>', methods=['GET'])
-def get_folder_content(folder_id):
-    user_id = session.get('user_id')
-    if not user_id: return jsonify({"status": "error", "message": "Unauthorized"}), 401
 
-    data = load_data()
-    user_data = data['users'].get(user_id)
+@app.route('/delete_folder/<folder_id>', methods=['POST'])
+@requires_auth
+def delete_folder(folder_id):
+    user_id = session['user_id']
+    db_data = load_data()
+    user_data = db_data['users'].get(str(user_id))
+
     if not user_data or 'filesystem' not in user_data:
-        return jsonify({"status": "error", "message": "User data not found"}), 404
-
-    folder_node, _ = find_node_by_id(user_data['filesystem'], folder_id)
-    if not folder_node or folder_node.get('type') != 'folder':
-        # Try finding root if requested folder doesn't exist
-        folder_node, _ = find_node_by_id(user_data['filesystem'], 'root')
-        if not folder_node:
-             return jsonify({"status": "error", "message": "Root folder not found"}), 404
-        folder_id = 'root' # Reset to root
-
-
-    items_in_folder = sorted(folder_node.get('children', []), key=lambda x: (x.get('type', 'file') != 'folder', x.get('name', x.get('original_filename', '')).lower()))
-
-    # Build breadcrumbs
-    breadcrumbs = []
-    temp_id = folder_id
-    visited_bc = set()
-    while temp_id and temp_id not in visited_bc:
-        visited_bc.add(temp_id)
-        node, parent = find_node_by_id(user_data['filesystem'], temp_id)
-        if not node: break
-        breadcrumbs.append({'id': node['id'], 'name': node.get('name', 'Root')})
-        if not parent: break
-        temp_id = parent.get('id')
-    breadcrumbs.reverse()
-
-
-    return jsonify({
-        "status": "ok",
-        "items": items_in_folder,
-        "breadcrumbs": breadcrumbs,
-        "current_folder_name": folder_node.get('name', 'Root'),
-        "current_folder_id": folder_id
-    })
-
-
-@app.route('/folder', methods=['POST'])
-def create_folder_route():
-    user_id = session.get('user_id')
-    if not user_id: return jsonify({"status": "error", "message": "Unauthorized"}), 401
+         logging.error(f"User data or filesystem missing during delete_folder for user ID: {user_id}")
+         session.pop('user_id', None)
+         session.pop('user_data', None)
+         return jsonify({"status": "error", "message": "Internal server error."}), 500
 
-    req_data = request.get_json()
-    parent_folder_id = req_data.get('parent_folder_id', 'root')
-    folder_name = req_data.get('folder_name', '').strip()
+    if folder_id == 'root':
+         return jsonify({"status": "error", "message": "Нельзя удалить корневую папку!"}), 400
 
-    if not folder_name:
-        return jsonify({'status': 'error', 'message': 'Имя папки не может быть пустым!'}), 400
-    if not folder_name.replace(' ', '').replace('_', '').replace('-', '').isalnum():
-         return jsonify({'status': 'error', 'message': 'Имя папки содержит недопустимые символы.'}), 400
-    if len(folder_name) > 50: # Limit length
-         return jsonify({'status': 'error', 'message': 'Имя папки слишком длинное.'}), 400
+    request_data = request.get_json()
+    current_view_folder_id = request_data.get('current_view_folder_id', 'root')
 
-    data = load_data()
-    user_data = data['users'].get(user_id)
-    if not user_data: return jsonify({'status': 'error', 'message': 'User data not found'}), 404
+    folder_node, parent_node = find_node_by_id(user_data['filesystem'], folder_id)
 
-    folder_id = uuid.uuid4().hex
-    folder_data = { 'type': 'folder', 'id': folder_id, 'name': folder_name, 'children': [] }
+    if not folder_node or folder_node.get('type') != 'folder' or not parent_node:
+        return jsonify({"status": "error", "message": "Папка не найдена или не может быть удалена."}), 404
 
-    if add_node(user_data['filesystem'], parent_folder_id, folder_data):
+    folder_name = folder_node.get('name', 'папка')
+
+    if folder_node.get('children'):
+        return jsonify({"status": "error", "message": f'Папку "{folder_name}" можно удалить только если она пуста.'}), 400
+
+    if remove_node(user_data['filesystem'], folder_id):
         try:
-            save_data(data)
-            return jsonify({'status': 'success', 'message': f'Папка "{folder_name}" создана.'})
+            save_data(db_data)
+            redirect_to_folder_id = parent_node.get('id', 'root')
+            return jsonify({"status": "ok", "message": f'Пустая папка "{folder_name}" успешно удалена.', "redirect_to_folder_id": redirect_to_folder_id})
         except Exception as e:
-            logging.error(f"Create folder save error for user {user_id}: {e}")
-            # Attempt to remove added node if save failed? Complex.
-            return jsonify({'status': 'error', 'message': 'Ошибка сохранения данных при создании папки.'}), 500
+            logging.exception(f"Error saving data after deleting empty folder for user {user_id}:")
+            return jsonify({"status": "error", "message": "Ошибка сохранения данных после удаления папки."}), 500
     else:
-        return jsonify({'status': 'error', 'message': 'Не удалось найти родительскую папку.'}), 404
+        logging.error(f"Failed to remove folder node {folder_id} from DB for user {user_id}.")
+        return jsonify({"status": "error", "message": "Не удалось удалить папку из базы данных."}), 500
 
 
-@app.route('/upload/<folder_id>', methods=['POST'])
-def upload_file_route(folder_id):
-    user_id = session.get('user_id')
-    user_info = session.get('user_info', {})
-    user_identifier = user_info.get('username', user_id) # Use username in path if available, else ID
+@app.route('/get_text_content/<file_id>')
+@requires_auth
+def get_text_content(file_id):
+    user_id = session['user_id']
+    db_data = load_data()
+    user_data = db_data['users'].get(str(user_id))
 
-    if not user_id: return jsonify({"status": "error", "message": "Unauthorized"}), 401
-    if not HF_TOKEN_WRITE:
-        return jsonify({'status': 'error', 'message': 'Загрузка невозможна: токен HF для записи не настроен.'}), 503
+    if not user_data or 'filesystem' not in user_data:
+         logging.error(f"User data or filesystem missing during get_text_content for user ID: {user_id}")
+         # Cannot return JSON here usually, it's fetched by JS for modal content
+         return Response("Internal server error: User data corrupted.", status=500)
 
-    files = request.files.getlist('files')
-    if not files or all(not f.filename for f in files):
-        return jsonify({'status': 'error', 'message': 'Файлы для загрузки не выбраны.'}), 400
-    if len(files) > 20:
-         return jsonify({'status': 'error', 'message': 'Максимум 20 файлов за раз!'}), 400
+    file_node, _ = find_node_by_id(user_data['filesystem'], file_id)
 
-    data = load_data()
-    user_data = data['users'].get(user_id)
-    if not user_data: return jsonify({'status': 'error', 'message': 'User data not found'}), 404
+    if not file_node or file_node.get('type') != 'file' or file_node.get('file_type') != 'text':
+        return Response("Текстовый файл не найден или недоступен для предпросмотра.", status=404)
 
-    target_folder_node, _ = find_node_by_id(user_data['filesystem'], folder_id)
-    if not target_folder_node or target_folder_node.get('type') != 'folder':
-         return jsonify({'status': 'error', 'message': 'Целевая папка для загрузки не найдена!'}), 404
+    hf_path = file_node.get('path')
+    if not hf_path:
+         logging.error(f"Text file {file_id} for user {user_id} has no HF path.")
+         return Response("Ошибка: путь к файлу отсутствует", status=500)
 
-    api = HfApi()
-    uploaded_count = 0
-    errors = []
-    save_needed = False
+    file_url = f"https://huggingface.co/datasets/{REPO_ID}/resolve/main/{hf_path}"
 
-    for file in files:
-        if file and file.filename:
-            original_filename = secure_filename(file.filename)
-            if len(original_filename) > 100: # Limit filename length
-                 original_filename = original_filename[:97] + '...'
+    try:
+        headers = {}
+        if HF_TOKEN_READ:
+            headers["authorization"] = f"Bearer {HF_TOKEN_READ}"
 
-            name_part, ext_part = os.path.splitext(original_filename)
-            unique_suffix = uuid.uuid4().hex[:6]
-            unique_filename = f"{name_part}_{unique_suffix}{ext_part}"
-            file_id = uuid.uuid4().hex
+        response = requests.get(file_url, headers=headers)
+        response.raise_for_status()
 
-            # Use user_id in the HF path for uniqueness
-            hf_path = f"cloud_files/{user_id}/{folder_id}/{unique_filename}"
-            temp_path = os.path.join(UPLOAD_FOLDER, f"{file_id}_{unique_filename}")
+        if len(response.content) > 1 * 1024 * 1024: # Limit text file size for preview
+             return Response("Файл слишком большой для предпросмотра.", status=413)
 
+        try:
+            text_content = response.content.decode('utf-8')
+        except UnicodeDecodeError:
             try:
-                file.save(temp_path)
-                api.upload_file(
-                    path_or_fileobj=temp_path, path_in_repo=hf_path, repo_id=REPO_ID,
-                    repo_type="dataset", token=HF_TOKEN_WRITE,
-                    commit_message=f"TG User {user_identifier} ({user_id}) uploaded {original_filename} to folder {folder_id}"
-                )
-                file_info = {
-                    'type': 'file', 'id': file_id, 'original_filename': original_filename,
-                    'unique_filename': unique_filename, 'path': hf_path,
-                    'file_type': get_file_type(original_filename),
-                    'upload_date': datetime.now().strftime('%Y-%m-%d %H:%M:%S')
-                }
-                if add_node(user_data['filesystem'], folder_id, file_info):
-                    uploaded_count += 1
-                    save_needed = True
-                else:
-                    errors.append(f"Ошибка добавления метаданных для {original_filename}.")
-                    logging.error(f"Failed to add node metadata for file {file_id} to folder {folder_id} for user {user_id}")
-                    # Attempt to delete orphaned file from HF
-                    try: api.delete_file(path_in_repo=hf_path, repo_id=REPO_ID, repo_type="dataset", token=HF_TOKEN_WRITE)
-                    except Exception as del_err: logging.error(f"Failed to delete orphaned file {hf_path}: {del_err}")
-            except Exception as e:
-                logging.error(f"Error uploading file {original_filename} for {user_id}: {e}")
-                errors.append(f"Ошибка загрузки {original_filename}: {str(e)[:100]}") # Limit error msg length
-            finally:
-                if os.path.exists(temp_path):
-                    try: os.remove(temp_path)
-                    except Exception as rm_err: logging.error(f"Error removing temp file {temp_path}: {rm_err}")
-
-    response_message = ""
-    if uploaded_count > 0:
-        response_message += f'{uploaded_count} файл(ов) успешно загружено. '
-        if save_needed:
-            try:
-                save_data(data)
-            except Exception as e:
-                 response_message += 'Ошибка сохранения метаданных. '
-                 logging.error(f"Error saving data after upload for {user_id}: {e}")
-    if errors:
-        response_message += "Ошибки: " + "; ".join(errors)
+                text_content = response.content.decode('latin-1')
+            except Exception:
+                 logging.error(f"Could not decode text file {hf_path} for user {user_id}.")
+                 return Response("Не удалось определить кодировку файла.", status=500)
 
-    status = 'success' if uploaded_count > 0 else 'error'
-    if uploaded_count > 0 and errors: status = 'partial_success' # Indicate partial success
+        return Response(text_content, mimetype='text/plain')
 
-    return jsonify({'status': status, 'message': response_message.strip()})
+    except requests.exceptions.RequestException as e:
+        logging.exception(f"Error fetching text content from HF ({hf_path}) for user {user_id}:")
+        return Response(f"Ошибка загрузки содержимого: {e}", status=502)
+    except Exception as e:
+        logging.exception(f"Unexpected error fetching text content ({hf_path}) for user {user_id}:")
+        return Response("Внутренняя ошибка сервера", status=500)
+
+
+@app.route('/logout')
+def logout():
+    # This is unlikely to be used in a Mini App, but included for completeness
+    # Mini Apps are typically closed rather than logged out of explicitly.
+    session.pop('user_id', None)
+    session.pop('user_data', None)
+    # For Mini App, just return a message or blank page, closing is handled by JS
+    return "Logged out. Please close the Mini App."
+
+
+# --- ADMIN PANEL (using separate login for simplicity in this single file) ---
+ADMIN_USERNAME = os.getenv("ADMIN_USERNAME", "admin")
+ADMIN_PASSWORD = os.getenv("ADMIN_PASSWORD", "adminpass") # CHANGE ME!
+
+@app.route('/admhosto_login', methods=['GET', 'POST'])
+def admhosto_login():
+    if request.method == 'POST':
+        username = request.form.get('username')
+        password = request.form.get('password')
+        if username == ADMIN_USERNAME and password == ADMIN_PASSWORD:
+            session['is_admin'] = True
+            flash('Админ вход успешен.')
+            return redirect(url_for('admin_panel'))
+        else:
+            flash('Неверный логин или пароль администратора.', 'error')
+    html = '''
+<!DOCTYPE html><html lang="ru"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>Админ Логин</title><link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;800&display=swap" rel="stylesheet">
+<style>
+    body { font-family: 'Inter', sans-serif; background-color: #f5f6fa; color: #2a1e5a; display: flex; justify-content: center; align-items: center; min-height: 100vh;}
+    .container { background: #fff; padding: 30px; border-radius: 15px; box-shadow: 0 10px 30px rgba(0, 0, 0, 0.1); text-align: center; max-width: 400px; width: 90%;}
+    h1 { color: #ff4d6d; margin-bottom: 20px; }
+    input[type="text"], input[type="password"] { width: 100%; padding: 12px; margin: 10px 0; border: 1px solid #ddd; border-radius: 8px; }
+    button { background-color: #5288c1; color: white; padding: 12px 20px; border: none; border-radius: 8px; cursor: pointer; font-size: 1em; margin-top: 15px;}
+    .flash { padding: 10px; margin-bottom: 15px; border-radius: 8px; }
+    .flash.error { background-color: #f8d7da; color: #721c24; }
+</style>
+</head><body><div class="container"><h1>Админ Логин</h1>
+{% with messages = get_flashed_messages() %}{% if messages %}{% for message in messages %}<div class="flash {{ 'error' if 'ошибка' in message.lower() else '' }}">{{ message }}</div>{% endfor %}{% endif %}{% endwith %}
+<form method="POST">
+<input type="text" name="username" placeholder="Username" required>
+<input type="password" name="password" placeholder="Password" required>
+<button type="submit">Войти как Админ</button>
+</form></div></body></html>
+    '''
+    return render_template_string(html)
+
+
+def is_admin():
+     return session.get('is_admin', False)
+
+@app.route('/admhosto')
+def admin_panel():
+    if not is_admin():
+        flash('Доступ запрещен.', 'error')
+        return redirect(url_for('admhosto_login'))
 
+    data = load_data()
+    users = data.get('users', {})
+
+    user_details = []
+    for user_id, udata in users.items():
+        file_count = 0
+        folder_count = 0
+        # Simple recursive count
+        def count_items(folder):
+             count = 0
+             folder_c = 0
+             if 'children' in folder:
+                 for item in folder['children']:
+                      if item.get('type') == 'file':
+                          count += 1
+                      elif item.get('type') == 'folder':
+                          folder_c += 1
+                          f_c, deep_f_c = count_items(item) # Recursive call
+                          count += f_c
+                          folder_c += deep_f_c # Include nested folders
+             return count, folder_c
+        file_count, folder_count = count_items(udata.get('filesystem', {}))
+
+
+        user_details.append({
+            'id': user_id,
+            'username': udata.get('username', 'N/A'),
+            'first_name': udata.get('first_name', 'N/A'),
+            'created_at': udata.get('created_at', 'N/A'),
+            'file_count': file_count,
+            'folder_count': folder_count # Includes subfolders
+        })
 
-@app.route('/download/<file_id>')
-def download_file_route(file_id):
-    user_id = session.get('user_id')
-    if not user_id: return Response("Unauthorized", status=401)
-    if not HF_TOKEN_READ: return Response("Server configuration error: Read token missing", status=503)
+    html = '''
+<!DOCTYPE html><html lang="ru"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0">
+<title>Админ-панель</title>
+<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;800&display=swap" rel="stylesheet">
+<style>
+    body { font-family: 'Inter', sans-serif; background-color: #f5f6fa; color: #2a1e5a;}
+    .container { margin: 20px auto; max-width: 900px; padding: 25px; background: #fff; border-radius: 15px; box-shadow: 0 10px 30px rgba(0, 0, 0, 0.1); }
+    h1 { color: #ff4d6d; text-align: center; margin-bottom: 25px; }
+    h2 { color: #5288c1; margin-top: 20px; }
+    .user-list { margin-top: 15px; }
+    .user-item { background: #eee; padding: 15px; border-radius: 10px; margin-bottom: 10px; display: flex; justify-content: space-between; align-items: center; flex-wrap: wrap; }
+    .user-info { flex-grow: 1; margin-right: 10px; }
+    .user-item a { color: #ff4d6d; text-decoration: none; font-weight: 600; }
+    .user-item a:hover { text-decoration: underline; }
+    .user-actions button { background: #e53935; color: white; border: none; padding: 5px 10px; border-radius: 5px; cursor: pointer; font-size: 0.9em; }
+    .user-actions button:hover { background: #c62828; }
+    .flash { padding: 10px; margin-bottom: 15px; border-radius: 8px; }
+    .flash.error { background-color: #f8d7da; color: #721c24; }
+</style>
+</head><body><div class="container"><h1>Админ-панель</h1>
+{% with messages = get_flashed_messages() %}{% if messages %}{% for message in messages %}<div class="flash {{ 'error' if 'ошибка' in message.lower() else '' }}">{{ message }}</div>{% endfor %}{% endif %}{% endwith %}
+<h2>Пользователи</h2><div class="user-list">
+{% for user in user_details %}
+<div class="user-item">
+    <div class="user-info">
+        <a href="{{ url_for('admin_user_files', user_id=user.id) }}">ID: {{ user.id }} | @{{ user.username }} ({{ user.first_name }})</a>
+        <p>Зарегистрирован: {{ user.created_at }}</p>
+        <p>Файлов: {{ user.file_count }} | Папок: {{ user.folder_count }}</p>
+    </div>
+    <div class="user-actions">
+         <form method="POST" action="{{ url_for('admin_delete_user', user_id=user.id) }}" style="display: inline;" onsubmit="return confirm('УДАЛИТЬ пользователя ID {{ user.id }} и ВСЕ его файлы? НЕОБРАТИМО!');">
+            <button type="submit">Удалить пользователя</button>
+         </form>
+    </div>
+</div>
+{% else %}<p>Пользователей нет.</p>{% endfor %}</div></div></body></html>'''
+    return render_template_string(html, user_details=user_details)
+
+@app.route('/admhosto/user/<int:user_id>')
+def admin_user_files(user_id):
+    if not is_admin():
+        flash('Доступ запрещен.', 'error')
+        return redirect(url_for('admhosto_login'))
+
+    db_data = load_data()
+    user_data = db_data.get('users', {}).get(str(user_id))
+    if not user_data:
+        flash(f'Пользователь ID {user_id} не найден.', 'error')
+        return redirect(url_for('admin_panel'))
+
+    all_files = []
+    def collect_files(folder, current_path_id='root'):
+         if not folder or 'children' not in folder: return
+
+         parent_path_str = get_node_path_string(user_data.get('filesystem', {}), current_path_id)
+
+         for item in folder['children']:
+              if item.get('type') == 'file':
+                  item_copy = item.copy() # Avoid modifying original data while iterating
+                  item_copy['parent_path_str'] = parent_path_str
+                  all_files.append(item_copy)
+              elif item.get('type') == 'folder':
+                  collect_files(item, item.get('id'))
+
+    collect_files(user_data.get('filesystem', {}))
+    all_files.sort(key=lambda x: x.get('upload_date', ''), reverse=True)
+
+    html = '''
+<!DOCTYPE html><html lang="ru"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><title>Файлы пользователя ID {{ user_id }}</title>
+<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;800&display=swap" rel="stylesheet">
+<style>
+    body { font-family: 'Inter', sans-serif; background-color: #f5f6fa; color: #2a1e5a;}
+    .container { margin: 20px auto; max-width: 1000px; padding: 25px; background: #fff; border-radius: 15px; box-shadow: 0 10px 30px rgba(0, 0, 0, 0.1); }
+    h1 { color: #ff4d6d; text-align: center; margin-bottom: 25px; }
+    .file-grid { display: grid; grid-template-columns: repeat(auto-fill, minmax(200px, 1fr)); gap: 20px; margin-top: 20px; }
+    .file-item { background: #eee; padding: 15px; border-radius: 10px; box-shadow: 0 2px 5px rgba(0,0,0,0.1); text-align: center; display: flex; flex-direction: column; justify-content: space-between; }
+    .file-preview { max-width: 100%; height: 100px; object-fit: contain; border-radius: 8px; margin-bottom: 10px; display: block; margin-left: auto; margin-right: auto; cursor: pointer;}
+    .file-info p { font-size: 0.9em; margin: 4px 0; word-break: break-all; }
+    .admin-file-actions { margin-top: 10px; display: flex; flex-wrap: wrap; gap: 5px; justify-content: center; }
+    .admin-file-actions a, .admin-file-actions button { font-size: 0.8em; padding: 6px 10px; margin: 0; border-radius: 6px; cursor: pointer;}
+    .download-btn { background-color: #5288c1; color: white; border: none; }
+    .delete-btn { background-color: #e53935; color: white; border: none; }
+     .view-btn { background-color: #2481cc; color: white; border: none; }
+    .flash { padding: 10px; margin-bottom: 15px; border-radius: 8px; }
+    .flash.error { background-color: #f8d7da; color: #721c24; }
+
+    .modal { display: none; position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: rgba(0, 0, 0, 0.85); z-index: 2000; justify-content: center; align-items: center; }
+    .modal-content { max-width: 95%; max-height: 95%; background: #fff; padding: 10px; border-radius: 10px; overflow: auto; position: relative; }
+    .modal img, .modal video, .modal iframe, .modal pre { max-width: 100%; max-height: 85vh; display: block; margin: auto; border-radius: 8px; }
+    .modal iframe { width: 80vw; height: 85vh; border: none; }
+    .modal pre { background: #eee; color: #333; padding: 15px; border-radius: 8px; white-space: pre-wrap; word-wrap: break-word; text-align: left; max-height: 85vh; overflow-y: auto;}
+    .modal-close-btn { position: absolute; top: 10px; right: 15px; font-size: 24px; color: #aaa; cursor: pointer; background: rgba(0,0,0,0.3); border-radius: 50%; width: 30px; height: 30px; line-height: 30px; text-align: center; }
+</style>
+</head><body><div class="container"><h1>Файлы пользователя ID: {{ user_id }}</h1>
+<p>Telegram Username: @{{ user_data.username or 'N/A' }} | Имя: {{ user_data.first_name }} {{ user_data.last_name or '' }}</p>
+<a href="{{ url_for('admin_panel') }}" class="btn" style="margin-bottom: 20px;">Назад к пользователям</a>
+{% with messages = get_flashed_messages() %}{% if messages %}{% for message in messages %}<div class="flash {{ 'error' if 'ошибка' in message.lower() else '' }}">{{ message }}</div>{% endfor %}{% endif %}{% endwith %}
+<div class="file-grid">
+{% for file in files %}
+<div class="file-item">
+    <div class="file-info">
+    {% set previewable = file.file_type in ['image', 'video', 'pdf', 'text'] %}
+    {% set hf_file_url = 'https://huggingface.co/datasets/' + REPO_ID + '/resolve/main/' + file.path %}
+    {% set hf_download_url = hf_file_url + '?download=true' %}
+
+    {% if file.file_type == 'image' %} <img class="file-preview" src="{{ hf_file_url }}" loading="lazy" onclick="openModal('{{ hf_file_url }}', '{{ file.file_type }}', '{{ file.id }}')">
+    {% elif file.file_type == 'video' %} <video class="file-preview" preload="metadata" muted onclick="openModal('{{ hf_download_url }}', '{{ file.file_type }}', '{{ file.id }}')"><source src="{{ hf_download_url }}#t=0.5"></video>
+    {% elif file.file_type == 'pdf' %} <div class="file-preview" style="font-size: 40px; line-height: 100px; text-align: center; color: #2481cc;" onclick="openModal('https://docs.google.com/viewer?url={{ hf_download_url | urlencode }}&embedded=true', '{{ file.file_type }}', '{{ file.id }}')">📄</div>
+    {% elif file.file_type == 'text' %} <div class="file-preview" style="font-size: 40px; line-height: 100px; text-align: center; color: #00ddeb;" onclick="openModal('{{ url_for('get_text_content', file_id=file.id) }}', '{{ file.file_type }}', '{{ file.id }}')">📝</div>
+    {% else %} <div class="file-preview" style="font-size: 40px; line-height: 100px; text-align: center; color: #aaa;">❓</div> {% endif %}
+
+    <p title="{{ file.original_filename }}"><b>{{ file.original_filename | truncate(25) }}</b></p>
+    <p style="font-size: 0.8em; color: #555;">В папке: {{ file.parent_path_str }}</p>
+    <p style="font-size: 0.8em; color: #555;">Загружен: {{ file.upload_date }}</p>
+    <p style="font-size: 0.7em; color: #999;">ID: {{ file.id }}</p>
+    <p style="font-size: 0.7em; color: #999; word-break: break-all;">Path: {{ file.path }}</p>
+    </div>
+    <div class="admin-file-actions">
+        <a href="{{ url_for('download_file', file_id=file.id) }}" class="btn download-btn">Скачать</a>
+        {% if previewable %}
+             {% set admin_preview_url = hf_file_url if file.file_type != 'text' else url_for('get_text_content', file_id=file.id) %}
+             {% if file.file_type == 'pdf' %}
+                 {% set admin_preview_url = 'https://docs.google.com/viewer?url=' + (hf_download_url | urlencode) + '&embedded=true' %}
+             {% elif file.file_type == 'video' %}
+                 {% set admin_preview_url = hf_download_url %}
+             {% endif %}
+
+            <button class="btn view-btn" onclick="openModal('{{ admin_preview_url }}', '{{ file.file_type }}', '{{ file.id }}')">Просмотр</button>
+        {% endif %}
+        <form method="POST" action="{{ url_for('admin_delete_file', user_id=user_id, file_id=file.id) }}" style="display: inline-block;" onsubmit="return confirm('Удалить файл {{ file.original_filename }} пользователя {{ user_id }}?');">
+             <button type="submit" class="btn delete-btn">Удалить</button>
+        </form>
+    </div>
+</div>
+{% else %} <p>У пользователя нет файлов.</p> {% endif %}
+</div></div>
+
+<div class="modal" id="mediaModal" onclick="closeModal(event)">
+    <div class="modal-content" id="modalContentContainer">
+        <span onclick="closeModalManual()" class="modal-close-btn">×</span>
+        <div id="modalContent"></div>
+    </div>
+</div>
+
+<script>
+ // Keep modal functions needed for admin panel
+ async function openModal(srcOrUrl, type, itemId) {
+     const modal = document.getElementById('mediaModal');
+     const modalContent = document.getElementById('modalContent');
+     modalContent.innerHTML = '<p style="color: #333;">Загрузка...</p>';
+     modal.style.display = 'flex';
+
+     try {
+         if (type === 'image') {
+             modalContent.innerHTML = `<img src="${srcOrUrl}" alt="Просмотр изображения">`;
+         } else if (type === 'video') {
+             modalContent.innerHTML = `<video controls autoplay style='max-width: 95%; max-height: 85vh;'><source src="${srcOrUrl}" type="video/mp4">Ваш браузер не поддерживает видео.</video>`;
+         } else if (type === 'pdf') {
+              modalContent.innerHTML = `<iframe src="${srcOrUrl}" title="Просмотр PDF" style="width: 80vw; height: 85vh;"></iframe>`;
+         } else if (type === 'text') {
+             const response = await fetch(srcOrUrl);
+             if (!response.ok) {
+                  const errorText = await response.text();
+                  throw new Error(`Ошибка загрузки текста (${response.status}): ${errorText}`);
+             }
+             const text = await response.text();
+             const escapedText = text.replace(/&/g, "&").replace(/</g, "<").replace(/>/g, ">");
+             modalContent.innerHTML = `<pre>${escapedText}</pre>`;
+         } else {
+              modalContent.innerHTML = '<p style="color: #333;">Предпросмотр для этого типа файла не поддерживается.</p>';
+         }
+     } catch (error) {
+          console.error("Error loading modal content:", error);
+          modalContent.innerHTML = `<p style="color: red;">Не удалось загрузить содержимое для предпросмотра.<br>${error.message}</p>`;
+     }
+ }
+
+ function closeModal(event) {
+     const modal = document.getElementById('mediaModal');
+     if (event.target === modal) {
+         closeModalManual();
+     }
+ }
+
+ function closeModalManual() {
+      const modal = document.getElementById('mediaModal');
+      modal.style.display = 'none';
+      const video = modal.querySelector('video');
+      if (video) { video.pause(); video.removeAttribute('src'); video.load(); }
+      const iframe = modal.querySelector('iframe');
+      if (iframe) iframe.src = 'about:blank';
+      document.getElementById('modalContent').innerHTML = '';
+ }
+</script>
+
+</body></html>'''
+    # Add truncate filter for Jinja2
+    def truncate_filter(s, length=25, killwords=False, end='...'):
+        if len(s) <= length:
+            return s
+        if killwords:
+            return s[:length] + end
+        words = s.split()
+        result = []
+        l = 0
+        for word in words:
+            if l + len(word) + len(result) > length:
+                break
+            result.append(word)
+            l += len(word)
+        return ' '.join(result) + end if result else s[:length] + end
+
+    app.jinja_env.filters['truncate'] = truncate_filter
+
+
+    return render_template_string(html, user_id=user_id, user_data=user_data, files=all_files, REPO_ID=REPO_ID)
+
+
+@app.route('/admhosto/delete_user/<int:user_id>', methods=['POST'])
+def admin_delete_user(user_id):
+    if not is_admin():
+        flash('Доступ запрещен.', 'error')
+        return redirect(url_for('admhosto_login'))
+    if not HF_TOKEN_WRITE:
+         flash('Удаление невозможно: токен для записи не настроен.', 'error')
+         return redirect(url_for('admin_panel'))
 
-    data = load_data()
-    user_data = data['users'].get(user_id)
-    if not user_data: return Response("User data not found", status=404)
+    db_data = load_data()
+    user_id_str = str(user_id)
 
-    file_node, _ = find_node_by_id(user_data['filesystem'], file_id)
-    if not file_node or file_node.get('type') != 'file':
-         return Response("File not found", status=404)
+    if user_id_str not in db_data['users']:
+        flash(f'Пользователь ID {user_id} не найден!', 'error')
+        return redirect(url_for('admin_panel'))
 
-    hf_path = file_node.get('path')
-    original_filename = file_node.get('original_filename', 'downloaded_file')
-    if not hf_path: return Response("Error: File path missing", status=500)
+    user_data = db_data['users'][user_id_str]
+    logging.warning(f"ADMIN ACTION: Attempting to delete user ID {user_id} and all their data.")
 
-    file_url = f"https://huggingface.co/datasets/{REPO_ID}/resolve/main/{hf_path}?download=true"
     try:
-        headers = {"authorization": f"Bearer {HF_TOKEN_READ}"}
-        response = requests.get(file_url, headers=headers, stream=True, timeout=60) # Added timeout
-        response.raise_for_status()
+        api = HfApi()
+        user_folder_path_on_hf = f"cloud_files/{user_id_str}"
+
+        logging.info(f"Attempting to delete HF Hub folder: {user_folder_path_on_hf} for user {user_id}")
+        # Use allow_missing=True in case the folder doesn't exist (e.g., new user with no files)
+        api.delete_folder(
+            folder_path=user_folder_path_on_hf,
+            repo_id=REPO_ID,
+            repo_type="dataset",
+            token=HF_TOKEN_WRITE,
+            commit_message=f"ADMIN ACTION: Deleted all files/folders for user ID {user_id}"
+        )
+        logging.info(f"Successfully initiated deletion of folder {user_folder_path_on_hf} on HF Hub (or it was missing).")
 
-        # Stream response for potentially large files
-        def generate():
-            for chunk in response.iter_content(chunk_size=8192):
-                yield chunk
+    except Exception as e:
+        logging.exception(f"Error during HF Hub folder deletion for user ID {user_id}:")
+        # Do NOT return here. We want to attempt DB cleanup even if HF failed.
+        flash(f'Ошибка при удалении файлов пользователя ID {user_id} с сервера: {e}. Проверьте HF Hub. Пользователь будет удален из базы.', 'error')
 
-        return Response(generate(), mimetype='application/octet-stream', headers={
-            "Content-Disposition": f"attachment; filename*=UTF-8''{secure_filename(original_filename)}"
-        })
 
-    except requests.exceptions.RequestException as e:
-        logging.error(f"Error downloading file from HF ({hf_path}) for user {user_id}: {e}")
-        return Response(f'Download error: {e}', status=502)
+    try:
+        del db_data['users'][user_id_str]
+        save_data(db_data)
+        flash(f'Пользователь ID {user_id} успешно удален из базы данных!')
+        logging.info(f"ADMIN ACTION: Successfully deleted user ID {user_id} from database.")
     except Exception as e:
-        logging.error(f"Unexpected error during download ({hf_path}) for user {user_id}: {e}")
-        return Response('Internal server error during download', status=500)
+        logging.exception(f"Error saving data after deleting user ID {user_id}:")
+        flash(f'Ошибка при удалении пользователя ID {user_id} из базы данных: {e}', 'error')
 
+    return redirect(url_for('admin_panel'))
 
-@app.route('/file/<file_id>', methods=['DELETE'])
-def delete_file_route(file_id):
-    user_id = session.get('user_id')
-    user_info = session.get('user_info', {})
-    user_identifier = user_info.get('username', user_id)
-    if not user_id: return jsonify({"status": "error", "message": "Unauthorized"}), 401
+
+@app.route('/admhosto/delete_file/<int:user_id>/<file_id>', methods=['POST'])
+def admin_delete_file(user_id, file_id):
+    if not is_admin():
+        flash('Доступ запрещен.', 'error')
+        return redirect(url_for('admhosto_login'))
     if not HF_TOKEN_WRITE:
-         return jsonify({'status': 'error', 'message': 'Удаление невозможно: токен HF для записи не настроен.'}), 503
+         flash('Удаление невозможно: токен для записи не настроен.', 'error')
+         return redirect(url_for('admin_user_files', user_id=user_id))
 
-    data = load_data()
-    user_data = data['users'].get(user_id)
-    if not user_data: return jsonify({'status': 'error', 'message': 'User data not found'}), 404
+    db_data = load_data()
+    user_id_str = str(user_id)
+    user_data = db_data.get('users', {}).get(user_id_str)
+    if not user_data:
+        flash(f'Пользователь ID {user_id} не найден.', 'error')
+        return redirect(url_for('admin_panel'))
+
+    file_node, parent_node = find_node_by_id(user_data.get('filesystem', {}), file_id)
 
-    file_node, parent_node = find_node_by_id(user_data['filesystem'], file_id)
     if not file_node or file_node.get('type') != 'file' or not parent_node:
-        return jsonify({'status': 'error', 'message': 'Файл не найден.'}), 404
+        flash('Файл не найден в структуре пользователя.', 'error')
+        return redirect(url_for('admin_user_files', user_id=user_id))
 
     hf_path = file_node.get('path')
     original_filename = file_node.get('original_filename', 'файл')
 
-    delete_from_hf = True
     if not hf_path:
-        logging.warning(f"HF path missing for file {file_id} user {user_id}. Deleting only metadata.")
-        delete_from_hf = False
-
-    if delete_from_hf:
-        try:
-            api = HfApi()
-            api.delete_file(
-                path_in_repo=hf_path, repo_id=REPO_ID, repo_type="dataset", token=HF_TOKEN_WRITE,
-                commit_message=f"TG User {user_identifier} ({user_id}) deleted file {original_filename}"
-            )
-            logging.info(f"Deleted file {hf_path} from HF Hub for user {user_id}")
-        except hf_utils.EntryNotFoundError:
-            logging.warning(f"File {hf_path} not found on HF Hub during delete for user {user_id}.")
-        except Exception as e:
-            logging.error(f"Error deleting file {hf_path} from HF for {user_id}: {e}")
-            return jsonify({'status': 'error', 'message': f'Ошибка удаления файла с сервера: {str(e)[:100]}'}), 500
-
-    # Always try to remove from DB
-    if remove_node(user_data['filesystem'], file_id):
-        try:
-            save_data(data)
-            return jsonify({'status': 'success', 'message': f'Файл {original_filename} удален.'})
-        except Exception as e:
-            logging.error(f"Delete file DB save error for user {user_id}: {e}")
-            return jsonify({'status': 'error', 'message': 'Файл удален с сервера (если был), но ошибка сохранения базы.'}), 500
-    else:
-         # This case should ideally not happen if file_node was found earlier
-         logging.error(f"Failed to remove node {file_id} from filesystem structure for user {user_id} after finding it initially.")
-         return jsonify({'status': 'error', 'message': 'Ошибка удаления файла из структуры данных.'}), 500
-
+        logging.warning(f"ADMIN ACTION: File {original_filename} (ID: {file_id}) for user {user_id} has no HF path. Removing from DB only.")
+        if remove_node(user_data['filesystem'], file_id):
+            try:
+                save_data(db_data)
+                flash(f'Метаданные файла "{original_filename}" удалены (путь отсутствовал).')
+            except Exception as e:
+                 logging.exception(f"Admin delete file metadata save error (no path) for user {user_id}:")
+                 flash('Ошибка сохранения данных после удаления метаданных (путь отсутствовал).', 'error')
+        else:
+             logging.error(f"Admin failed to remove file node {file_id} (no path) from DB for user {user_id}.")
+             flash('Ошибка удаления метаданных файла из базы данных.', 'error')
+        return redirect(url_for('admin_user_files', user_id=user_id))
 
-@app.route('/folder/<folder_id>', methods=['DELETE'])
-def delete_folder_route(folder_id):
-    user_id = session.get('user_id')
-    if not user_id: return jsonify({"status": "error", "message": "Unauthorized"}), 401
-    if folder_id == 'root': return jsonify({'status': 'error', 'message': 'Нельзя удалить корневую папку!'}), 400
+    try:
+        api = HfApi()
+        api.delete_file(
+            path_in_repo=hf_path,
+            repo_id=REPO_ID,
+            repo_type="dataset",
+            token=HF_TOKEN_WRITE,
+            commit_message=f"ADMIN ACTION: Deleted file {original_filename} (ID: {file_id}) for user ID {user_id}"
+        )
+        logging.info(f"ADMIN ACTION: Deleted file {hf_path} from HF Hub for user ID {user_id}")
 
-    data = load_data()
-    user_data = data['users'].get(user_id)
-    if not user_data: return jsonify({'status': 'error', 'message': 'User data not found'}), 404
+        if remove_node(user_data['filesystem'], file_id):
+            try:
+                save_data(db_data)
+                flash(f'Файл "{original_filename}" успешно удален!')
+            except Exception as e:
+                logging.exception(f"Admin delete file DB update error for user {user_id}:")
+                flash('Файл удален с сервера, но произошла ошибка обновления базы данных.', 'error')
+        else:
+             logging.error(f"Admin failed to remove file node {file_id} from DB for user {user_id} after HF deletion.")
+             flash('Файл удален с сервера, но не найден в базе данных для удаления.', 'error')
 
-    folder_node, parent_node = find_node_by_id(user_data['filesystem'], folder_id)
-    if not folder_node or folder_node.get('type') != 'folder' or not parent_node:
-        return jsonify({'status': 'error', 'message': 'Папка не найдена.'}), 404
+    except hf_utils.EntryNotFoundError:
+        logging.warning(f"ADMIN ACTION: File {hf_path} not found on HF Hub during delete for user {user_id}. Removing from DB.")
+        if remove_node(user_data['filesystem'], file_id):
+            try:
+                save_data(db_data)
+                flash(f'Файл "{original_filename}" не найден на сервере, удален из базы.')
+            except Exception as e:
+                 logging.exception(f"Admin delete file metadata save error (HF not found) for user {user_id}:")
+                 flash('Ошибка сохранения данных после удаления метаданных (файл не найден на сервере).', 'error')
+        else:
+            logging.error(f"Admin failed to remove file node {file_id} (HF not found) from DB for user {user_id}.")
+            flash('Файл не найден ни на сервере, ни в базе данных.', 'error')
 
-    folder_name = folder_node.get('name', 'папка')
-    if folder_node.get('children'):
-        return jsonify({'status': 'error', 'message': f'Папку "{folder_name}" можно удалить только если она пуста.'}), 400
+    except Exception as e:
+        logging.exception(f"ADMIN ACTION: Error deleting file {hf_path} for user {user_id}:")
+        flash(f'Ошибка удаления файла "{original_filename}": {e}', 'error')
 
-    if remove_node(user_data['filesystem'], folder_id):
-        try:
-            save_data(data)
-            return jsonify({'status': 'success', 'message': f'Папка "{folder_name}" удалена.'})
-        except Exception as e:
-            logging.error(f"Delete empty folder save error for user {user_id}: {e}")
-            # Attempt to add node back? Difficult state to recover.
-            return jsonify({'status': 'error', 'message': 'Ошибка сохранения данных после удаления папки.'}), 500
-    else:
-        logging.error(f"Failed to remove folder node {folder_id} for user {user_id} after finding it.")
-        return jsonify({'status': 'error', 'message': 'Ошибка удаления папки из структуры данных.'}), 500
+    return redirect(url_for('admin_user_files', user_id=user_id))
 
-@app.route('/text_content/<file_id>')
-def get_text_content_route(file_id):
-    user_id = session.get('user_id')
-    if not user_id: return Response("Unauthorized", status=401)
-    if not HF_TOKEN_READ: return Response("Server configuration error: Read token missing", status=503)
+@app.route('/admhosto/logout')
+def admhosto_logout():
+    session.pop('is_admin', None)
+    flash('Вы успешно вышли из админ-панели.')
+    return redirect(url_for('admhosto_login'))
 
-    data = load_data()
-    user_data = data['users'].get(user_id)
-    if not user_data: return Response("User data not found", status=404)
 
-    file_node, _ = find_node_by_id(user_data['filesystem'], file_id)
-    if not file_node or file_node.get('type') != 'file' or file_node.get('file_type') != 'text':
-        return Response("Text file not found", status=404)
+if __name__ == '__main__':
+    if not BOT_TOKEN or BOT_TOKEN == 'YOUR_BOT_TOKEN':
+        logging.error("\n*** ERROR: TELEGRAM_BOT_TOKEN is not set or is the default placeholder. Telegram validation will FAIL. ***\n")
+    if not HF_TOKEN_WRITE:
+        logging.warning("\n*** WARNING: HF_TOKEN (write access) is not set. File uploads, deletions, and backups will FAIL. ***\n")
+    if not HF_TOKEN_READ:
+        logging.warning("\n*** WARNING: HF_TOKEN_READ is not set. Falling back to HF_TOKEN. File downloads/previews might fail for private repos if HF_TOKEN is also not set. ***\n")
+    if ADMIN_PASSWORD == 'adminpass':
+        logging.warning("\n*** WARNING: Using default ADMIN_PASSWORD. CHANGE IT! ***\n")
 
-    hf_path = file_node.get('path')
-    if not hf_path: return Response("Error: File path missing", status=500)
+    logging.info("Performing initial database operations before starting.")
 
-    file_url = f"https://huggingface.co/datasets/{REPO_ID}/resolve/main/{hf_path}?download=true"
-    try:
-        headers = {"authorization": f"Bearer {HF_TOKEN_READ}"}
-        response = requests.get(file_url, headers=headers, timeout=30)
-        response.raise_for_status()
-        if len(response.content) > 1 * 1024 * 1024: # 1MB limit for preview
-             return Response("File too large for preview.", status=413)
-        try: text_content = response.content.decode('utf-8')
-        except UnicodeDecodeError: text_content = response.content.decode('latin-1', errors='replace')
-        return Response(text_content, mimetype='text/plain; charset=utf-8')
-    except requests.exceptions.RequestException as e:
-        logging.error(f"Error fetching text content from HF ({hf_path}) for user {user_id}: {e}")
-        return Response(f"Error loading content: {e}", status=502)
-    except Exception as e:
-        logging.error(f"Unexpected error fetching text content ({hf_path}) for user {user_id}: {e}")
-        return Response("Internal server error", status=500)
+    # Ensure DATA_FILE exists before download/upload attempts
+    if not os.path.exists(DATA_FILE):
+         with open(DATA_FILE, 'w', encoding='utf-8') as f:
+              json.dump({'users': {}}, f)
+         logging.info(f"Created empty local database file: {DATA_FILE}")
 
+    # Always attempt download on startup
+    download_db_from_hf()
 
-# --- Main Execution ---
-if __name__ == '__main__':
-    if BOT_TOKEN == 'YOUR_BOT_TOKEN':
-        logging.warning("*"*60)
-        logging.warning("WARNING: Using placeholder Telegram BOT_TOKEN!")
-        logging.warning("Telegram validation will likely FAIL.")
-        logging.warning("Set the TELEGRAM_BOT_TOKEN environment variable.")
-        logging.warning("*"*60)
-    if not HF_TOKEN_WRITE:
-        logging.warning("HF_TOKEN (write access) is not set. Uploads, deletions, backups will fail.")
-    if not HF_TOKEN_READ:
-        logging.warning("HF_TOKEN_READ is not set (or HF_TOKEN). Downloads/previews might fail.")
-    if not FLASK_SECRET_KEY or FLASK_SECRET_KEY == "supersecretkey_mini_app_unique":
-         logging.warning("Using default/insecure FLASK_SECRET_KEY. Set a strong secret key via environment variable.")
-
-    # Start periodic backup in a separate thread if write token exists
-    if HF_TOKEN_WRITE:
-        logging.info("Attempting initial database download before starting periodic backup.")
-        download_db_from_hf() # Load the latest DB before starting
-        backup_thread = threading.Thread(target=periodic_backup, daemon=True)
-        backup_thread.start()
-        logging.info("Periodic backup thread started.")
+    # Start periodic backup thread only if HF_TOKEN_WRITE is set
+    if HF_TOKEN_WRITE and BOT_TOKEN != 'YOUR_BOT_TOKEN': # Only backup if write token and bot token are set
+        logging.info("Starting periodic backup thread.")
+        threading.Thread(target=periodic_backup, daemon=True).start()
     else:
-        logging.warning("Periodic backup disabled (HF_TOKEN_WRITE not set).")
-        # Still try to download if read token exists
-        if HF_TOKEN_READ:
-             logging.info("Attempting initial database download (read-only access).")
-             download_db_from_hf()
-        else:
-             logging.warning("No read/write HF tokens. HF DB operations disabled.")
-             # Ensure local file exists if no download possible
-             if not os.path.exists(DATA_FILE):
-                 with open(DATA_FILE, 'w', encoding='utf-8') as f: json.dump({'users': {}}, f)
+        logging.warning("Periodic backup disabled.")
 
-    logging.info(f"Starting Flask server for Telegram Mini App on 0.0.0.0:7860")
-    app.run(host='0.0.0.0', port=7860, debug=False) # debug=False for production
 
-# --- END OF FILE app.py ---
\ No newline at end of file
+    app.run(host=HOST, port=PORT, debug=False) # debug=False for production
\ No newline at end of file