# Daneshyar — Apache .htaccess
# DocumentRoot must point to this public/ directory.

# ── Directory / Indexing ──────────────────────────────────────────────────────
Options -Indexes -MultiViews
DirectoryIndex index.php

<IfModule mod_negotiation.c>
    Options -MultiViews
</IfModule>

# ── Block access to sensitive files ──────────────────────────────────────────
<FilesMatch "(^\.env|^\.git|composer\.(json|lock)|package(-lock)?\.json|artisan|webpack\.mix\.js|vite\.config\.(js|ts)|phpunit\.xml|\.editorconfig|\.gitignore|tailwind\.config\.js)$">
    Require all denied
</FilesMatch>

# Block hidden files/folders (dot-files)
<FilesMatch "^\.">
    Require all denied
</FilesMatch>

# ── Rewrite Engine (Laravel front controller) ─────────────────────────────────
<IfModule mod_rewrite.c>
    RewriteEngine On

    # Pass Authorization header to PHP
    RewriteCond %{HTTP:Authorization} .
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

    # Remove trailing slashes (except root)
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_URI} (.+)/$
    RewriteRule ^ %1 [L,R=301]

    # Serve real files/dirs directly
    RewriteCond %{REQUEST_FILENAME} -d [OR]
    RewriteCond %{REQUEST_FILENAME} -f
    RewriteRule ^ - [L]

    # Everything else → Laravel
    RewriteRule ^ index.php [L]
</IfModule>

# ── Security headers (Apache mod_headers) ─────────────────────────────────────
<IfModule mod_headers.c>
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set X-XSS-Protection "1; mode=block"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
    Header always set Permissions-Policy "camera=(), microphone=(), geolocation=()"

    # Remove server signature
    Header unset Server
    Header unset X-Powered-By

    # No caching for HTML/PHP responses
    <FilesMatch "\.(php|html)$">
        Header set Cache-Control "no-cache, no-store, must-revalidate"
        Header set Pragma "no-cache"
        Header set Expires "0"
    </FilesMatch>

    # Long cache for versioned static assets
    <FilesMatch "\.(css|js|woff2?|ttf|eot|svg|ico|png|jpg|jpeg|gif|webp|avif)$">
        Header set Cache-Control "public, max-age=31536000, immutable"
    </FilesMatch>
</IfModule>

# ── Compression ───────────────────────────────────────────────────────────────
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
    AddOutputFilterByType DEFLATE text/javascript application/javascript application/json
    AddOutputFilterByType DEFLATE image/svg+xml application/x-font-ttf font/woff font/woff2
    AddOutputFilterByType DEFLATE application/x-font-woff application/vnd.ms-fontobject
</IfModule>

# ── Browser caching for static assets ─────────────────────────────────────────
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/jpeg        "access plus 1 year"
    ExpiresByType image/png         "access plus 1 year"
    ExpiresByType image/gif         "access plus 1 year"
    ExpiresByType image/webp        "access plus 1 year"
    ExpiresByType image/svg+xml     "access plus 1 year"
    ExpiresByType image/x-icon      "access plus 1 year"
    ExpiresByType text/css          "access plus 6 months"
    ExpiresByType application/javascript "access plus 6 months"
    ExpiresByType font/woff2        "access plus 1 year"
    ExpiresByType font/woff         "access plus 1 year"
    ExpiresByType application/x-font-woff "access plus 1 year"
    ExpiresByType text/html         "access plus 0 seconds"
</IfModule>

# ── Custom error pages (served by Laravel, fallback to static) ────────────────
ErrorDocument 404 /404.html
ErrorDocument 403 /404.html
ErrorDocument 500 /500.html
