RewriteEngine On

# avoid loops if URL already has /public
RewriteCond %{REQUEST_URI} !^/public/
RewriteRule ^files/(.*)$ public/files/$1 [L,NC]

RewriteRule ^uploads/(.*)$ public/uploads/$1 [L,NC]

### AutoSSL-Satellite Don't Edit Below This Line ###
<IfModule mod_rewrite.c>
    RewriteEngine On

    # 0) Basic hardening
    # Disallow direct access to framework folders
    RewriteRule ^(app|bootstrap|config|database|resources|routes|storage|tests|vendor)/ - [R=404,L,NC]
    # Disallow executing scripts from uploads/files
    RewriteRule ^(?:uploads|files)/.*\.(?:php[0-9]?|phtml|phps|shtml|cgi|pl)$ - [F,L,NC]
    # Force HTTPS
    RewriteCond %{HTTPS} off
    RewriteCond %{HTTP:X-Forwarded-SSL} !on
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
### AutoSSL-Satellite Don't Edit Above This Line ###

<IfModule mod_rewrite.c>
    RewriteEngine On

    # 1) If the requested file/dir exists inside /public, serve it directly
    RewriteCond %{DOCUMENT_ROOT}/public%{REQUEST_URI} -f [OR]
    RewriteCond %{DOCUMENT_ROOT}/public%{REQUEST_URI} -d
    RewriteRule ^(.+)$ public/$1 [L,QSA]

    # 2) Allow direct /public/* access (avoid loops)
    RewriteRule ^public/ - [L]

    # 3) Map common static asset prefixes to /public (includes audio/media)
    RewriteRule ^(css|js|images|img|fonts|audio|sounds|media|build|storage|favicon\.ico|mix-manifest\.json)(.*)$ public/$1$2 [L,NC,QSA]

    # 4) Otherwise, send everything to the front controller (root index.php)
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^ index.php [L]
</IfModule>

# Prevent directory listing
Options -Indexes

# Block access to sensitive dotfiles and config
<FilesMatch "^(?:\.env|composer\.(?:json|lock)|artisan|phpunit\.xml|\.git|\.gitignore|\.gitattributes|Dockerfile|docker-compose\.yml|\.htaccess)$">
  Require all denied
</FilesMatch>

# Caching headers
<IfModule mod_expires.c>
  ExpiresActive On
  ExpiresByType image/jpg "access plus 1 year"
  ExpiresByType image/jpeg "access plus 1 year"
  ExpiresByType image/gif "access plus 1 year"
  ExpiresByType image/png "access plus 1 year"
  ExpiresByType audio/mpeg "access plus 1 month"
  ExpiresByType audio/wav  "access plus 1 month"
  ExpiresByType audio/ogg  "access plus 1 month"
  ExpiresByType text/css "access plus 1 month"
  ExpiresByType application/javascript "access plus 1 month"
</IfModule>

# Compression
<IfModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/plain
  AddOutputFilterByType DEFLATE text/html
  AddOutputFilterByType DEFLATE application/javascript
  AddOutputFilterByType DEFLATE text/css
  AddOutputFilterByType DEFLATE application/json
  AddOutputFilterByType DEFLATE font/ttf
  AddOutputFilterByType DEFLATE font/woff
  AddOutputFilterByType DEFLATE font/woff2
  AddOutputFilterByType DEFLATE audio/mpeg
  AddOutputFilterByType DEFLATE audio/ogg
</IfModule>

# Keep if you want
<Files xmlrpc.php>
  Order Deny,Allow
  Deny from all
</Files>
