# ==============================================================================
# LUX STUDIO - SPA ROUTING AND SECURITY CONFIGURATION
# ==============================================================================
# Location: /var/www/html/lux-studio/.htaccess
# Purpose: SPA routing, API passthrough, and security hardening
# ==============================================================================

# ------------------------------------------------------------------------------
# SPA ROUTING (Required for React Router)
# ------------------------------------------------------------------------------

RewriteEngine On
RewriteBase /lux-studio/

# Handle API requests - pass to PHP files directly
RewriteRule ^api/(.*)$ api/$1 [L]

# Serve generated videos/images directly
RewriteRule ^generated_videos/(.*)$ generated_videos/$1 [L]
RewriteRule ^generated_images/(.*)$ generated_images/$1 [L]

# Serve existing files and directories
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]

# SPA fallback - all other requests to index.html
RewriteRule ^ index.html [L]

# ------------------------------------------------------------------------------
# DIRECTORY PROTECTION
# ------------------------------------------------------------------------------

# Disable directory browsing
Options -Indexes

# Follow symbolic links (required for some servers)
Options +FollowSymLinks

# Disable server signature
ServerSignature Off

# ------------------------------------------------------------------------------
# FILE ACCESS CONTROL
# ------------------------------------------------------------------------------

# Deny access to hidden files (dotfiles)
<FilesMatch "^\.">
    Require all denied
</FilesMatch>

# Deny access to backup and temporary files
<FilesMatch "\.(bak|backup|old|tmp|temp|swp|save|orig|dist|log|sql|sqlite|db)$">
    Require all denied
</FilesMatch>

# Deny access to version control files
<FilesMatch "(^\.git|^\.svn|^\.hg|^\.bzr)">
    Require all denied
</FilesMatch>

# Deny access to environment and configuration files
<FilesMatch "^(\.env|\.env\.|config\.json|package\.json|package-lock\.json|composer\.json|composer\.lock)">
    Require all denied
</FilesMatch>

# Prevent access to .htaccess itself
<Files ".htaccess">
    Require all denied
</Files>

# ==============================================================================
# END OF CONFIGURATION
# ==============================================================================
