# ── GMLM Platform — Apache Configuration ─────────────────────
#
# Place this file in your web root (where you uploaded the code).
# For cPanel: public_html/.htaccess
#
# This file:
# 1. Routes all traffic to public/ (Laravel's web root)
# 2. Redirects to the installer if not yet installed
# 3. Applies security headers
# 4. Blocks access to sensitive files

Options -Indexes
Options -MultiViews

# ── Security — block sensitive files ─────────────────────────
<FilesMatch "^\.env">
    Order allow,deny
    Deny from all
</FilesMatch>

<FilesMatch "\.(php|json|lock|log|key|pem)$">
    <If "-f '%{REQUEST_FILENAME}' && '%{REQUEST_URI}' !~ m{^/public/}">
        # Block PHP files outside public/
    </If>
</FilesMatch>

# Block access to server directories
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /

    # ── Installer routing ─────────────────────────────────────
    # Allow direct access to install.php
    RewriteRule ^install\.php$ - [L]

    # If not installed, serve the installer
    RewriteCond %{DOCUMENT_ROOT}/.env -f
    RewriteCond %{DOCUMENT_ROOT}/.env !empty
    RewriteRule ^ - [L]

    # ── Shared hosting: route to public/ subdirectory ─────────
    # Remove this block if your hosting lets you set public/ as the web root
    RewriteCond %{REQUEST_URI} !^/public/
    RewriteRule ^(.*)$ public/$1 [L]

    # ── Inside public/ — Laravel's own routing ─────────────────
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^ public/index.php [L]
</IfModule>

# ── Security headers ───────────────────────────────────────────
<IfModule mod_headers.c>
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-XSS-Protection "1; mode=block"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"

    # Cache static assets
    <FilesMatch "\.(css|js|png|jpg|jpeg|gif|ico|svg|woff2|woff)$">
        Header set Cache-Control "public, max-age=31536000, immutable"
    </FilesMatch>

    # Never cache PHP responses
    <FilesMatch "\.php$">
        Header set Cache-Control "no-cache, no-store, must-revalidate"
    </FilesMatch>
</IfModule>

# ── PHP settings (if allowed by host) ─────────────────────────
<IfModule mod_php.c>
    php_value upload_max_filesize 20M
    php_value post_max_size 25M
    php_value memory_limit 256M
    php_value max_execution_time 60
    php_flag display_errors Off
    php_flag log_errors On
</IfModule>
