# Enable rewrite engine
RewriteEngine On
RewriteBase /

# Redirect to HTTPS
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# ---------------------------------
# Clean URLs (no .php, no folder)
# ---------------------------------
# If request is not a real file or directory
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d

# Map URL to /pages/{requested}.php
RewriteRule ^([a-zA-Z0-9_-]+)$ pages/$1.php [L]

# ---------------------------------
# Authentication pages (keep folder /auth/)
# ---------------------------------
RewriteRule ^login/?$ auth/login.php [L]
RewriteRule ^logout/?$ auth/logout.php [L]

# ---------------------------------
# Custom error pages
# ---------------------------------
ErrorDocument 404 /pages/404.php
ErrorDocument 500 /pages/500.php

# ---------------------------------
# Security headers (CSP, XSS, etc.)
# ---------------------------------
<IfModule mod_headers.c>
    Header always set X-Content-Type-Options nosniff
    Header always set X-Frame-Options DENY
    Header always set X-XSS-Protection "1; mode=block"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
    Header always set Content-Security-Policy "default-src 'self'; \
        script-src 'self' 'unsafe-inline' https://cdn.tailwindcss.com https://cdn.jsdelivr.net; \
        style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; \
        font-src 'self' https://fonts.gstatic.com https://cdnjs.cloudflare.com; \
        img-src 'self' data: https:;"
</IfModule>

# ---------------------------------
# PHP settings
# ---------------------------------
<IfModule mod_php7.c>
    php_flag display_errors Off
    php_value upload_max_filesize 10M
    php_value post_max_size 10M
    php_value memory_limit 256M
    php_value max_execution_time 300
</IfModule>

<IfModule mod_php8.c>
    php_flag display_errors Off
    php_value upload_max_filesize 10M
    php_value post_max_size 10M
    php_value memory_limit 256M
    php_value max_execution_time 300
</IfModule>
