# ==============================================================================
# Apache Configuration for the Project Root Directory
# ==============================================================================

<IfModule mod_rewrite.c>
    # --- Turn on the Rewrite Engine ---
    RewriteEngine On

    # --- Force HTTPS ---
    # Redirect all HTTP traffic to HTTPS for security.
    RewriteCond %{HTTPS} !=on
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

    # --- Security: Block Access to Sensitive Files & Directories ---
    # Prevent web access to critical files and folders.
    RewriteRule ^(app|vendor|languages)/ - [F,L]
    RewriteRule ^(composer\.json|database\.sql|credentials\.json|token\.json)$ - [F,L]
    RewriteRule ^\.env$ - [F,L] # Block .env file if you add one

    # --- Main Routing Logic ---
    # This is the core of the front controller pattern. It routes all
    # requests for non-existent files/directories to the correct index.php.

    # 1. Route admin requests to the admin controller.
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^admin/(.*)$ admin/index.php?page=$1 [L,QSA]

    # 2. Route all other requests to the main public controller.
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)$ index.php?page=$1 [L,QSA]

</IfModule>

# --- Prevent Directory Listing Globally ---
Options -Indexes

# --- Protect this .htaccess file ---
<Files .htaccess>
    Order Allow,Deny
    Deny from all
</Files>
