# Study-mate School Orchestrator - Apache Configuration

# Activer le module rewrite
RewriteEngine On

# Forcer HTTPS (production)
# Décommenter en production
# RewriteCond %{HTTPS} off
# RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# Bloquer l'accès aux fichiers sensibles
<FilesMatch "\.(env|log|sql|md|json|yaml)$">
    Order deny,allow
    Deny from all
</FilesMatch>

# Bloquer l'accès aux dossiers système
RedirectMatch 404 /\.git
RedirectMatch 404 /orchestrator/logs
RedirectMatch 404 /orchestrator/var

# Routes API
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^api/health$ orchestrator/api/health.php [L]
RewriteRule ^api/auth/login$ orchestrator/api/auth.php [L]
RewriteRule ^api/auth/me$ orchestrator/api/auth.php [L]
RewriteRule ^api/students$ orchestrator/api/students.php [L]
RewriteRule ^api/students/(.+)$ orchestrator/api/students.php?id=$1 [L]
RewriteRule ^api/classes$ orchestrator/api/classes.php [L]
RewriteRule ^api/classes/(.+)$ orchestrator/api/classes.php?id=$1 [L]
RewriteRule ^api/themes$ orchestrator/api/themes.php [L]
RewriteRule ^api/themes/(.+)$ orchestrator/api/themes.php?id=$1 [L]
RewriteRule ^api/assignments$ orchestrator/api/assignments.php [L]
RewriteRule ^api/assignments/(.+)$ orchestrator/api/assignments.php?id=$1 [L]
RewriteRule ^api/stats$ orchestrator/api/stats.php [L]
RewriteRule ^api/sync/pull-stats$ orchestrator/api/sync.php [L]
RewriteRule ^api/dashboard/summary$ orchestrator/api/dashboard.php [L]
RewriteRule ^api/mistral/queue$ orchestrator/api/mistral.php [L]
RewriteRule ^api/webhooks/ergo/(.+)$ orchestrator/api/webhooks/ergo.php?event=$1 [L]

# Route diagnostics (protégée)
RewriteRule ^diag$ orchestrator/diag.php [L]

# Fallback vers index.html pour le SPA
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^.*$ public/index.html [L]

# Compression gzip
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/json
</IfModule>

# Cache statique
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/jpg "access plus 1 year"
    ExpiresByType image/jpeg "access plus 1 year"
    ExpiresByType image/gif "access plus 1 year"
    ExpiresByType image/png "access plus 1 year"
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
</IfModule>

# Sécurité headers
<IfModule mod_headers.c>
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set X-XSS-Protection "1; mode=block"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>

# Limites PHP
php_value upload_max_filesize 10M
php_value post_max_size 10M
php_value memory_limit 128M
php_value max_execution_time 30
