# ============================================================
# NexaStore — .htaccess
# Compatible with cPanel PHP-FPM (no php_value directives)
# ============================================================

# Enable rewrite engine
RewriteEngine On

# Force HTTPS (uncomment in production)
# RewriteCond %{HTTPS} !=on
# RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Remove trailing slash (except directories)
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]

# ── Custom Pages & Brands ─────────────────────────────────
RewriteRule ^page/([a-zA-Z0-9_-]+)$ page.php?slug=$1 [L,QSA]
RewriteRule ^brand/([a-zA-Z0-9_-]+)$ brand.php?slug=$1 [L,QSA]

# ── Security ──────────────────────────────────────────────

# Block access to sensitive files
<FilesMatch "\.(sql|log|env|ini|bak|conf|dist|fla|psd|sh|yml|yaml|lock|json|xml)$">
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order allow,deny
        Deny from all
    </IfModule>
</FilesMatch>

# Block access to hidden files (except .well-known)
RewriteCond %{REQUEST_URI} "!(^|/)\.well-known" [NC]
RewriteRule "(^|/)\." - [F]

# Block access to config and includes folders from web
RewriteRule ^config/ - [F,L]
RewriteRule ^includes/ - [F,L]
RewriteRule ^install/schema\.sql$ - [F,L]
RewriteRule ^install/seed\.sql$ - [F,L]
RewriteRule ^logs/ - [F,L]
RewriteRule ^cache/ - [F,L]

# Prevent directory listing
Options -Indexes

# ── Headers ───────────────────────────────────────────────
<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-XSS-Protection "1; mode=block"
    Header set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>

# ── Caching ───────────────────────────────────────────────
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/jpeg "access plus 1 year"
    ExpiresByType image/png "access plus 1 year"
    ExpiresByType image/gif "access plus 1 year"
    ExpiresByType image/webp "access plus 1 year"
    ExpiresByType image/svg+xml "access plus 1 year"
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
    ExpiresByType application/x-javascript "access plus 1 month"
    ExpiresByType font/woff2 "access plus 1 year"
    ExpiresByType font/woff "access plus 1 year"
    ExpiresByType font/ttf "access plus 1 year"
</IfModule>

# ── Compression ───────────────────────────────────────────
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/plain text/css
    AddOutputFilterByType DEFLATE application/javascript application/json
    AddOutputFilterByType DEFLATE image/svg+xml
</IfModule>

# ── Character Encoding ────────────────────────────────────
AddDefaultCharset UTF-8
