# ---------------------------------
# Enable rewrite engine
# ---------------------------------
RewriteEngine On
RewriteBase /

# ---------------------------------
# Security: Force HTTPS
# Redirects all HTTP traffic to HTTPS
# ---------------------------------
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# ---------------------------------
# Performance: Caching for Static Assets
# Leverages browser cache to speed up page loads for returning visitors
# ---------------------------------
<IfModule mod_expires.c>
  ExpiresActive On
  ExpiresByType text/css "access plus 1 year"
  ExpiresByType application/javascript "access plus 1 year"
  ExpiresByType image/png "access plus 1 year"
  ExpiresByType image/jpg "access plus 1 year"
  ExpiresByType image/jpeg "access plus 1 year"
  ExpiresByType image/gif "access plus 1 year"
  ExpiresByType image/ico "access plus 1 year"
  ExpiresByType image/icon "access plus 1 year"
  ExpiresByType text/html "access plus 600 seconds"
</IfModule>

# ---------------------------------
# Security: Block Access to Sensitive Files
# Prevents unauthorized viewing of important configuration files
# ---------------------------------
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>
<FilesMatch "^(composer\.(json|lock)|package\.json|\.env)$">
    Order allow,deny
    Deny from all
</FilesMatch>

# ---------------------------------
# EXCLUDE ASSET FOLDERS FROM REWRITING
# This prevents CSS, JS, images, and fonts from being processed by rules below
# ---------------------------------
RewriteRule ^(css|js|images|assets|font|fonts)/ - [L]

# ---------------------------------
# Clean URLs (no .php extension)
# Maps user-friendly URLs to actual PHP files
# ---------------------------------

# --- PERUBAHAN DIMULAI DI SINI ---
# JANGAN PROSES REWRITE UNTUK FILE ATAU FOLDER YANG BENAR-BENAR ADA
# Ini adalah kunci untuk memperbaiki masalah fetch API
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
# --- PERUBAHAN BERAKHIR DI SINI ---

# Authentication pages (outside /pages/)
RewriteRule ^login/?$ auth/login.php [L]
RewriteRule ^logout/?$ auth/logout.php [L]

# Specific rule for the reminder search page
# Captures the encoded search query and passes it to reminder.php
RewriteRule ^reminder/search/(.*)$ pages/reminder.php?search_query=$1 [L,QSA]

# General rule for all other pages in /pages/
# This will only be applied if the request is not a real file or directory
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([a-zA-Z0-9_-]+)$ pages/$1.php [L]

# ---------------------------------
# Custom Error Pages
# Provides user-friendly pages for common HTTP errors
# ---------------------------------
ErrorDocument 404 /pages/404.php
ErrorDocument 500 /pages/500.php

# ---------------------------------
# Security Headers
# Adds various security headers to protect against XSS, clickjacking, etc.
# ---------------------------------
<IfModule mod_headers.c>
    Header always set X-Content-Type-Options nosniff
    Header always set X-Frame-Options DENY
    Header always set X-XSS-Protection "1; mode=block"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
    Header always set Content-Security-Policy "default-src 'self'; \
        script-src 'self' 'unsafe-inline' https://cdn.tailwindcss.com https://cdn.jsdelivr.net https://code.jquery.com https://cdn.datatables.net; \
        style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com https://cdn.datatables.net; \
        font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com; \
        img-src 'self' data: https:; \
        connect-src 'self' https://cdn.jsdelivr.net https://cdn.datatables.net;"
</IfModule>

# ---------------------------------
# PHP Settings
# Configures PHP for a production environment
# ---------------------------------
<IfModule mod_php7.c>
    php_flag display_errors Off
    php_value upload_max_filesize 10M
    php_value post_max_size 10M
    php_value memory_limit 256M
    php_value max_execution_time 300
</IfModule>

<IfModule mod_php8.c>
    php_flag display_errors Off
    php_value upload_max_filesize 10M
    php_value post_max_size 10M
    php_value memory_limit 256M
    php_value max_execution_time 300
</IfModule>