# ----------------------------------------------------------------------
# Live-In Properties — Production .htaccess
# ----------------------------------------------------------------------

Options -MultiViews
DirectoryIndex index.html

# ----------------------------------------------------------------------
# 1. SPA Routing — fall back to index.html for client-side routes
# ----------------------------------------------------------------------
<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteBase /

  # Force HTTPS
  RewriteCond %{HTTPS} off
  RewriteCond %{HTTP:X-Forwarded-Proto} !https
  RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

  # Don't rewrite real files or directories
  RewriteRule ^index\.html$ - [L]
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteCond %{REQUEST_URI} !^/api/
  RewriteRule . /index.html [L]
</IfModule>

# ----------------------------------------------------------------------
# 2. Correct MIME types (videos, fonts, modern formats)
# ----------------------------------------------------------------------
<IfModule mod_mime.c>
  AddType video/mp4                      .mp4 .m4v
  AddType video/webm                     .webm
  AddType video/ogg                      .ogv
  AddType image/webp                     .webp
  AddType image/avif                     .avif
  AddType image/svg+xml                  .svg .svgz
  AddType application/javascript         .js .mjs
  AddType text/css                       .css
  AddType application/json               .json
  AddType application/manifest+json      .webmanifest
  AddType font/woff                      .woff
  AddType font/woff2                     .woff2
  AddType application/vnd.ms-fontobject  .eot
  AddType font/ttf                       .ttf
  AddType font/otf                       .otf
</IfModule>

# ----------------------------------------------------------------------
# 3. GZIP / Deflate compression
# ----------------------------------------------------------------------
<IfModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/html text/plain text/css text/xml
  AddOutputFilterByType DEFLATE application/javascript application/x-javascript
  AddOutputFilterByType DEFLATE application/json application/xml
  AddOutputFilterByType DEFLATE image/svg+xml font/ttf font/otf application/vnd.ms-fontobject
</IfModule>

# ----------------------------------------------------------------------
# 4. Browser caching
# ----------------------------------------------------------------------
<IfModule mod_expires.c>
  ExpiresActive On
  ExpiresDefault                              "access plus 1 month"

  # HTML — never cache (so updates show immediately)
  ExpiresByType text/html                     "access plus 0 seconds"

  # Data
  ExpiresByType application/json              "access plus 0 seconds"
  ExpiresByType application/xml               "access plus 0 seconds"

  # Hashed assets — cache aggressively
  ExpiresByType text/css                      "access plus 1 year"
  ExpiresByType application/javascript        "access plus 1 year"
  ExpiresByType application/x-javascript      "access plus 1 year"

  # Media
  ExpiresByType image/jpeg                    "access plus 6 months"
  ExpiresByType image/png                     "access plus 6 months"
  ExpiresByType image/webp                    "access plus 6 months"
  ExpiresByType image/avif                    "access plus 6 months"
  ExpiresByType image/svg+xml                 "access plus 6 months"
  ExpiresByType image/x-icon                  "access plus 1 year"
  ExpiresByType video/mp4                     "access plus 6 months"
  ExpiresByType video/webm                    "access plus 6 months"

  # Fonts
  ExpiresByType font/woff                     "access plus 1 year"
  ExpiresByType font/woff2                    "access plus 1 year"
  ExpiresByType application/vnd.ms-fontobject "access plus 1 year"
</IfModule>

<IfModule mod_headers.c>
  # index.html — always revalidate
  <FilesMatch "^(index\.html|service-worker\.js|sw\.js)$">
    Header set Cache-Control "no-cache, no-store, must-revalidate"
    Header set Pragma "no-cache"
    Header set Expires "0"
  </FilesMatch>

  # Hashed Vite assets in /assets/ — immutable
  <FilesMatch "\.(js|mjs|css|woff|woff2|ttf|otf|eot|jpg|jpeg|png|webp|avif|svg|ico|mp4|webm)$">
    Header set Cache-Control "public, max-age=31536000, immutable"
  </FilesMatch>

  # CORS for fonts and videos
  <FilesMatch "\.(woff|woff2|ttf|otf|eot|mp4|webm)$">
    Header set Access-Control-Allow-Origin "*"
  </FilesMatch>

  # ----- Security headers -----
  Header always set X-Content-Type-Options "nosniff"
  Header always set X-Frame-Options "SAMEORIGIN"
  Header always set Referrer-Policy "strict-origin-when-cross-origin"
  Header always set Permissions-Policy "camera=(), microphone=(), geolocation=(self), interest-cohort=()"
  Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" env=HTTPS
  Header unset X-Powered-By
</IfModule>

# ----------------------------------------------------------------------
# 5. Block access to sensitive files
# ----------------------------------------------------------------------
<FilesMatch "(^\.|\.(env|env\..*|log|sql|sh|bak|swp|ini|conf|json|lock|md|gitignore))$">
  Require all denied
</FilesMatch>

<Files "package.json">
  Require all denied
</Files>
<Files "package-lock.json">
  Require all denied
</Files>
<Files "composer.json">
  Require all denied
</Files>

# Re-allow site manifest / robots / sitemap
<Files "manifest.webmanifest">
  Require all granted
</Files>
<Files "robots.txt">
  Require all granted
</Files>
<Files "sitemap.xml">
  Require all granted
</Files>

# ----------------------------------------------------------------------
# 6. Custom error pages (fall back to SPA)
# ----------------------------------------------------------------------
ErrorDocument 404 /index.html

# ----------------------------------------------------------------------
# 7. UTF-8 default charset
# ----------------------------------------------------------------------
AddDefaultCharset UTF-8
