# WsplCloud Main .htaccess Configuration
# Enable Apache's rewrite engine
RewriteEngine On
RewriteBase /wsplcloud/

# Force HTTPS
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# HSTS (HTTP Strict Transport Security)
# Max-Age: 1 year (31536000 seconds)
# includeSubDomains: Apply to all subdomains
# preload: Allow preloading into browsers (requires submission to hstspreload.org)
<IfModule mod_headers.c>
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS
    # Prevent MIME sniffing
    Header always set X-Content-Type-Options "nosniff"
    # Prevent clickjacking
    Header always set X-Frame-Options "SAMEORIGIN"
    # Control referrer information sent with requests
    Header always set Referrer-Policy "no-referrer-when-downgrade"
</IfModule>

# ----------------------------------------------------------------------
# | URL Cleanup & SEO                                                  |
# ----------------------------------------------------------------------

# Remove trailing slashes from URLs
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ $1 [L,R=301]

# Redirect direct access to PHP files in pages directory to clean URLs
RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s/+wsplcloud/pages/([^/]+)\.php [NC]
RewriteRule ^ %1 [R=301,L]

# Prevent direct directory access to /pages and /partial
RewriteRule ^(pages|partial)/?$ - [F,L]

# ----------------------------------------------------------------------
# | Security                                                           |
# ----------------------------------------------------------------------

# Block access to sensitive files
<FilesMatch "^(\.htaccess|\.git|\.env|config\.php)$">
  Order allow,deny
  Deny from all
</FilesMatch>

# Deny access to filenames starting with dot (.) or tilde (~)
<FilesMatch "^\.">
  Order allow,deny
  Deny from all
</FilesMatch>
<FilesMatch "~$">
  Order allow,deny
  Deny from all
</FilesMatch>

# Deny access to PHP files in specific directories for security
RewriteCond %{REQUEST_URI} ^/wsplcloud/(pages|partial)/.*\.php$ [NC]
RewriteRule ^ - [F,L]

# Prevent directory listing
Options -Indexes

# ----------------------------------------------------------------------
# | Performance Optimization                                           |
# ----------------------------------------------------------------------

# Compress text files
<IfModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/javascript application/json application/x-javascript text/javascript
  
  # Exclude old browsers that don't support compression
  BrowserMatch ^Mozilla/4 gzip-only-text/html
  BrowserMatch ^Mozilla/4\.0[678] no-gzip
  BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
</IfModule>

# Set cache control headers
<IfModule mod_expires.c>
  ExpiresActive On
  
  # Default
  ExpiresDefault "access plus 1 month"
  
  # Images
  ExpiresByType image/jpeg "access plus 1 year"
  ExpiresByType image/png "access plus 1 year"
  ExpiresByType image/gif "access plus 1 year"
  ExpiresByType image/svg+xml "access plus 1 year"
  ExpiresByType image/webp "access plus 1 year"
  ExpiresByType image/x-icon "access plus 1 year"
  ExpiresByType image/vnd.microsoft.icon "access plus 1 year"
  
  # CSS, JavaScript
  ExpiresByType text/css "access plus 1 month"
  ExpiresByType text/javascript "access plus 1 month"
  ExpiresByType application/javascript "access plus 1 month"
  
  # Fonts
  ExpiresByType font/ttf "access plus 1 year"
  ExpiresByType font/otf "access plus 1 year"
  ExpiresByType font/woff "access plus 1 year"
  ExpiresByType font/woff2 "access plus 1 year"
  ExpiresByType application/font-woff "access plus 1 year"
  ExpiresByType application/font-woff2 "access plus 1 year"
  ExpiresByType application/vnd.ms-fontobject "access plus 1 year"
  
  # HTML - shorter cache time
  ExpiresByType text/html "access plus 1 week"
</IfModule>

# Add proper MIME types
<IfModule mod_mime.c>
  # JavaScript
  AddType application/javascript js
  
  # Fonts
  AddType application/vnd.ms-fontobject eot
  AddType font/ttf ttf
  AddType font/otf otf
  AddType font/woff woff
  AddType font/woff2 woff2
  
  # Data interchange
  AddType application/json json
  AddType application/xml xml
</IfModule>

# CORS headers for fonts
<IfModule mod_headers.c>
  <FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|font.css)$">
    Header set Access-Control-Allow-Origin "*"
  </FilesMatch>
  
  # Remove ETag (use Cache-Control instead)
  Header unset ETag
  FileETag None
</IfModule>

# ----------------------------------------------------------------------
# | Main Router                                                        |
# ----------------------------------------------------------------------

# Handle direct access to static files
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteCond %{REQUEST_URI} !^/wsplcloud/(pages|partial)/.*\.php$ [NC]
RewriteRule ^ - [L]

# Route all other requests to index.php
RewriteRule ^(.*)$ index.php?path=$1 [QSA,L]
