RewriteEngine On

# Force HTTPS only for non-development environments
# Comment out the next 3 lines if testing locally with HTTP
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} !^localhost
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Enhanced CORS headers for better compatibility
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS, HEAD"
Header always set Access-Control-Allow-Headers "Content-Type, Authorization, X-Requested-With, Accept, Origin"
Header always set Access-Control-Allow-Credentials "false"
Header always set Access-Control-Max-Age "3600"

# Handle preflight OPTIONS requests immediately
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ - [R=200,L]

# Add response headers for better debugging
Header always set X-Debug-Server "Apache"
Header always set X-Content-Type-Options "nosniff"

# Handle API requests through PHP proxy with better error handling
RewriteCond %{REQUEST_URI} ^/api/ [OR]
RewriteCond %{REQUEST_URI} ^/health$
RewriteRule ^(.*)$ proxy.php [L,QSA]

# Handle static files in uploads directory
RewriteCond %{REQUEST_URI} ^/uploads/
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^(.*)$ - [L]

# Set proper MIME types for better file handling
AddType application/javascript .js
AddType application/json .json
AddType image/webp .webp
AddType image/jpeg .jpg .jpeg
AddType image/png .png
AddType image/gif .gif

# Enable compression for better performance
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/xml
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE application/rss+xml
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE application/x-javascript
    AddOutputFilterByType DEFLATE application/json
</IfModule>

# Protect sensitive files
<FilesMatch "^\.">
	Order allow,deny
	Deny from all
</FilesMatch>

<FilesMatch "(package\.json|package-lock\.json|ecosystem\.config\.js|\.env)$">
	Order allow,deny
	Deny from all
</FilesMatch>

# HSTS (HTTP Strict Transport Security) - only for HTTPS
<If "%{HTTPS} == 'on'">
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
</If>

# Allow access to uploads directory
<Directory "uploads">
    Options +Indexes +FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>

# Error handling for better debugging
ErrorDocument 404 /error.php?code=404
ErrorDocument 500 /error.php?code=500
ErrorDocument 403 /error.php?code=403

# Increase upload limits
php_value upload_max_filesize 50M
php_value post_max_size 50M
php_value max_execution_time 300
php_value max_input_time 300