<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteBase /

  # ========================
  # 📁 FIX: Redirect /exam/assets ke /assets
  # ========================
  RewriteCond %{REQUEST_URI} ^/exam/assets/
  RewriteRule ^exam/assets/(.*)$ assets/$1 [L]
  
  # ========================
  # 🔒 1. Paksa HTTPS
  # ========================
  RewriteCond %{HTTPS} !=on
  RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

  # ========================
  # 🚀 2. Redirect root domain ke /exam/login
  #     (hanya jika akses langsung ke learning.sqdf.sch.id/)
  # ========================
  RewriteCond %{REQUEST_URI} ^/?$ [NC]
  RewriteRule ^$ /exam/login [R=302,L]

  # ========================
  # 🧩 3. Arahkan /api/... ke backend Laravel
  # ========================
  RewriteRule ^api/(.*)$ backend/public/index.php [L,QSA]

  # ========================
  # ⚙️ 4. Jangan rewrite file/direktori yang benar-benar ada
  # ========================
  RewriteCond %{REQUEST_FILENAME} -f [OR]
  RewriteCond %{REQUEST_FILENAME} -d
  RewriteRule ^ - [L]

  # ========================
  # 🎨 5. Tangani aset build React di frontend/dist
  # ========================
  # Jika request /assets/... → ambil dari frontend/dist/assets/
  RewriteRule ^assets/(.*)$ frontend/dist/assets/$1 [L]

  # Jangan rewrite path asset dalam folder frontend/dist/
  RewriteRule ^frontend/dist/assets/ - [L]
  RewriteRule \.(js|mjs|css|map|json|png|jpg|jpeg|gif|webp|svg|ico|woff|woff2|ttf)$ - [L]

  # ========================
  # 🧭 6. Fallback ke React SPA index.html
  # ========================
  RewriteRule ^ /frontend/dist/index.html [L]
  

</IfModule>

# ========================
# 🔐 7. Keamanan tambahan
# ========================
Options -Indexes
ServerSignature Off

# Blok akses langsung ke file sensitif atau sistem
RewriteRule "(^|/)\." - [F]
RewriteRule ^(backend/(?!public).*) - [F]
RewriteRule ^(frontend/(src|node_modules|public)/.*) - [F]
RewriteRule ^(vendor/|storage/|bootstrap/|resources/|database/|tests/) - [F]
RewriteRule ^(\.env|composer\.(json|lock)|package\.json|package-lock\.json|yarn\.lock|pnpm-lock\.yaml|\.git|\.gitignore|\.gitattributes|README\.md|SECURITY\.md|SCALING\.md|Dockerfile|docker-compose\.yml)$ - [F]

# Blok HTTP methods berbahaya
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK)$ [NC]
RewriteRule ^ - [F]


# --- Konfigurasi Tipe MIME Tambahan untuk Web Fonts ---

# Menambahkan tipe MIME untuk format font umum yang mungkin tidak terkonfigurasi secara default.

# Untuk font WOFF2 (sering digunakan KaTeX)
AddType application/font-woff2 .woff2

# Untuk font WOFF
AddType application/font-woff .woff

# Untuk font OTF/OpenType
AddType application/vnd.ms-opentype .otf

# Untuk font TTF/TrueType
AddType application/x-font-ttf .ttf

# ========================
# 🧱 8. Header Security
# ========================

<IfModule mod_headers.c>

  <FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2)$">
    Header set Access-Control-Allow-Origin "*"
  </FilesMatch>
  Header always set X-Frame-Options "SAMEORIGIN"
  Header always set X-Content-Type-Options "nosniff"
  Header always set Referrer-Policy "strict-origin-when-cross-origin"
  Header always set Permissions-Policy "geolocation=(), microphone=(), camera=()"
  Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
  Header always set Content-Security-Policy "default-src 'self' data: blob:; img-src 'self' data: blob:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; connect-src 'self' https://learning.sqdf.sch.id"
</IfModule>

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php83” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php83 .php .php8 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
