# =========================================================
# DigUpDOG v2.0 - Apache Configuration
# =========================================================

# PHP Handler (cPanel)
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php80 .php .php8 .phtml
</IfModule>

# =========================================================
# SECURITY HEADERS
# =========================================================
<IfModule mod_headers.c>
  # Prevent clickjacking
  Header always set X-Frame-Options "SAMEORIGIN"

  # XSS Protection
  Header always set X-XSS-Protection "1; mode=block"

  # Prevent MIME sniffing
  Header always set X-Content-Type-Options "nosniff"

  # Referrer Policy
  Header always set Referrer-Policy "strict-origin-when-cross-origin"

  # Content Security Policy
  Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: https: http:; connect-src 'self';"

  # CORS for API (adjust domain as needed)
  Header always set Access-Control-Allow-Origin "*"
  Header always set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
  Header always set Access-Control-Allow-Headers "Content-Type, Authorization, X-Requested-With"
</IfModule>

# =========================================================
# PERFORMANCE OPTIMIZATION
# =========================================================

# Enable GZIP Compression
<IfModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/x-javascript application/json
</IfModule>

# Browser Caching
<IfModule mod_expires.c>
  ExpiresActive On
  ExpiresByType image/jpg "access plus 1 year"
  ExpiresByType image/jpeg "access plus 1 year"
  ExpiresByType image/gif "access plus 1 year"
  ExpiresByType image/png "access plus 1 year"
  ExpiresByType image/webp "access plus 1 year"
  ExpiresByType image/svg+xml "access plus 1 year"
  ExpiresByType text/css "access plus 1 month"
  ExpiresByType application/javascript "access plus 1 month"
  ExpiresByType application/pdf "access plus 1 month"
  ExpiresByType text/html "access plus 1 hour"
</IfModule>

# Cache-Control Headers
<IfModule mod_headers.c>
  <FilesMatch "\.(jpg|jpeg|png|gif|webp|svg|css|js|ico)$">
    Header set Cache-Control "max-age=31536000, public"
  </FilesMatch>
  <FilesMatch "\.(html|htm)$">
    Header set Cache-Control "max-age=3600, public, must-revalidate"
  </FilesMatch>
</IfModule>

# =========================================================
# FILE PROTECTION
# =========================================================

# Protect configuration files
<FilesMatch "^(config\.php|\.env|composer\.json|package\.json)$">
  Order allow,deny
  Deny from all
</FilesMatch>

# Protect SQL files
<FilesMatch "\.(sql|sqlite|db)$">
  Order allow,deny
  Deny from all
</FilesMatch>

# Protect log files
<FilesMatch "\.(log|txt)$">
  Order allow,deny
  Deny from all
</FilesMatch>

# Disable directory browsing
Options -Indexes

# =========================================================
# URL REWRITING
# =========================================================
<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteBase /DigUpDOG_2/

  # ========== API ROUTING ==========

  # API endpoints - route to api/ folder
  RewriteCond %{REQUEST_URI} ^/api/
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule ^api/(.+)$ api/$1.php [L,QSA]

  # ========== PAGE ROUTING ==========

  # Author pages: /author/username
  RewriteRule ^author/([a-zA-Z0-9_-]+)/?$ pages/author.php?username=$1 [L,QSA]

  # User profile: /user/username or /@username
  RewriteRule ^user/([a-zA-Z0-9_-]+)/?$ pages/user.php?username=$1 [L,QSA]
  RewriteRule ^@([a-zA-Z0-9_-]+)/?$ pages/user.php?username=$1 [L,QSA]

  # Profile: /profile or /perfil
  RewriteRule ^(profile|perfil)/?$ pages/perfil.php [L,QSA]

  # Short URLs: /s/shortcode
  RewriteRule ^s/([a-zA-Z0-9]+)/?$ pages/short.php?code=$1 [L,QSA]

  # Embed: /embed/postid
  RewriteRule ^embed/([0-9]+)/?$ pages/embed.php?id=$1 [L,QSA]

  # Source page
  RewriteRule ^source/?$ pages/source.html [L]

  # ========== AUTH ROUTING ==========

  # Login
  RewriteRule ^login/?$ auth/login.html [L]
  RewriteRule ^login/submit$ auth/login.php [L,QSA]

  # Register
  RewriteRule ^register/?$ auth/register.html [L]
  RewriteRule ^register/submit$ auth/register.php [L,QSA]

  # Logout
  RewriteRule ^logout/?$ auth/logout.php [L]

  # ========== FEED ROUTING ==========

  # Tag feeds: /tag/tagname or /#tagname
  RewriteRule ^tag/([a-zA-Z0-9_-]+)/?$ index.php?tag=$1 [L,QSA]
  RewriteRule ^#([a-zA-Z0-9_-]+)/?$ index.php?tag=$1 [L,QSA]

  # Search: /search?q=query
  RewriteRule ^search/?$ index.php?search=1 [L,QSA]

  # ========== STATIC FILES ==========

  # If file or directory exists, serve it directly
  RewriteCond %{REQUEST_FILENAME} -f [OR]
  RewriteCond %{REQUEST_FILENAME} -d
  RewriteRule ^ - [L]

  # ========== FALLBACK ==========

  # Everything else goes to index.php
  RewriteRule ^(.*)$ index.php [L,QSA]
</IfModule>

# =========================================================
# ERROR PAGES
# =========================================================
ErrorDocument 404 /DigUpDOG_2/index.php
ErrorDocument 403 /DigUpDOG_2/index.php
ErrorDocument 500 /DigUpDOG_2/index.php

# =========================================================
# PHP SETTINGS
# =========================================================
<IfModule mod_php8.c>
  php_value upload_max_filesize 10M
  php_value post_max_size 10M
  php_value max_execution_time 30
  php_value max_input_time 60
  php_flag display_errors Off
  php_flag log_errors On
</IfModule>
