# ---------------------------------------------------------------
# NGO PLATFORM - .htaccess Configuration
# Place this file in your root directory (same level as index.php)
# ---------------------------------------------------------------

# Disable directory browsing
Options -Indexes

# Follow symbolic links
Options +FollowSymLinks

# Default charset UTF-8
AddDefaultCharset UTF-8

# Enable Rewrite Engine
<IfModule mod_rewrite.c>
    RewriteEngine On
    
    # Set the base for rewrites
    # IMPORTANT: This MUST match your folder structure
    RewriteBase /atelier/
    
    # Redirect all requests to index.php except for existing files and directories
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)$ index.php/$1 [L,QSA]
    
    # Remove index.php from URL
    RewriteCond %{THE_REQUEST} ^GET.*index\.php [NC]
    RewriteRule (.*?)index\.php/*(.*) /$1$2 [R=301,NE,L]
</IfModule>

# ---------------------------------------------------------------
# SECURITY HEADERS
# ---------------------------------------------------------------

# Prevent viewing of .htaccess and other hidden files
<FilesMatch "^\.">
    Order allow,deny
    Deny from all
</FilesMatch>

# Protect application and system folders
<IfModule mod_rewrite.c>
    RewriteCond %{REQUEST_URI} ^/(application|system).*
    RewriteRule ^(.*)$ index.php/$1 [L]
</IfModule>

# Protect sensitive files
<FilesMatch "(^#.*#|\.(bak|conf|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$">
    Order allow,deny
    Deny from all
    Satisfy All
</FilesMatch>

# ---------------------------------------------------------------
# PERFORMANCE OPTIMIZATION
# ---------------------------------------------------------------

# Enable GZIP Compression
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/x-javascript application/json
</IfModule>

# Browser Caching
<IfModule mod_expires.c>
    ExpiresActive On
    
    # Images
    ExpiresByType image/jpeg "access plus 1 year"
    ExpiresByType image/gif "access plus 1 year"
    ExpiresByType image/png "access plus 1 year"
    ExpiresByType image/webp "access plus 1 year"
    ExpiresByType image/svg+xml "access plus 1 year"
    ExpiresByType image/x-icon "access plus 1 year"
    
    # Video
    ExpiresByType video/mp4 "access plus 1 year"
    ExpiresByType video/webm "access plus 1 year"
    
    # CSS, JavaScript
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType text/javascript "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
    
    # Others
    ExpiresByType application/pdf "access plus 1 month"
    ExpiresByType application/x-shockwave-flash "access plus 1 month"
</IfModule>

# ---------------------------------------------------------------
# PHP SETTINGS (if allowed by host)
# ---------------------------------------------------------------
<IfModule mod_php7.c>
    php_value upload_max_filesize 10M
    php_value post_max_size 10M
    php_value max_execution_time 300
    php_value max_input_time 300
</IfModule>

# ---------------------------------------------------------------
# ERROR PAGES - UPDATED
# ---------------------------------------------------------------
ErrorDocument 404 /atelier/
ErrorDocument 403 /atelier/
ErrorDocument 500 /atelier/

# ---------------------------------------------------------------
# SECURITY HEADERS
# ---------------------------------------------------------------
<IfModule mod_headers.c>
    # Prevent clickjacking
    Header always set X-Frame-Options "SAMEORIGIN"
    
    # XSS Protection
    Header always set X-XSS-Protection "1; mode=block"
    
    # Prevent MIME sniffing
    Header always set X-Content-Type-Options "nosniff"
    
    # Referrer Policy
    Header always set Referrer-Policy "no-referrer-when-downgrade"
    
    # Remove Server signature
    Header unset Server
    Header unset X-Powered-By
</IfModule>

# ---------------------------------------------------------------
# SSL/HTTPS REDIRECT (Uncomment when you have SSL certificate)
# ---------------------------------------------------------------
# <IfModule mod_rewrite.c>
#     RewriteEngine On
#     RewriteCond %{HTTPS} off
#     RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# </IfModule>