RewriteEngine On
RewriteBase /TA/

# Security headers
<IfModule mod_headers.c>
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
    Header always set X-XSS-Protection "1; mode=block"
</IfModule>

# Block direct access to internal and sensitive directories
RewriteRule ^(cache|config|database|logs|migrations|vendor)(/|$) - [F,L,NC]

# Block known maintenance, setup, test, and dump files from public access
RewriteRule ^(check-db|setup-database|setup-rubrics|test-session|test-pass|test-classes|test-penilaian-integration)\.php$ - [F,L,NC]
RewriteRule ^database_asesmen.*\.sql$ - [F,L,NC]

# Block hidden and sensitive files
<FilesMatch "^\.">
    Require all denied
</FilesMatch>

<FilesMatch "\.(htaccess|htpasswd|ini|log|sh|sql|bak|old|dist)$">
    Require all denied
</FilesMatch>

# Prevent script execution from uploads
RewriteRule ^uploads/.*\.(php|phtml|php3|php4|php5|phar|cgi|pl|asp|aspx|jsp|js)$ - [F,L,NC]

# API routing
RewriteRule ^api/auth/(.*)$ api/auth/$1 [L]
RewriteRule ^api/assessment/(.*)$ api/assessment/$1 [L]
RewriteRule ^api/classes/(.*)$ api/classes/$1 [L]
RewriteRule ^api/projects/(.*)$ api/projects/$1 [L]

# Pretty URLs untuk halaman utama
RewriteRule ^login$ login.html [L]
RewriteRule ^register$ register.html [L]
RewriteRule ^dashboard/guru$ dashboard-guru.html [L]
RewriteRule ^dashboard/siswa$ dashboard-siswa.html [L]

# Fallback untuk Single Page Application
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php [QSA,L]

# Compression
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/json
</IfModule>

# Caching
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/jpg "access plus 1 year"
    ExpiresByType image/jpeg "access plus 1 year"
    ExpiresByType image/gif "access plus 1 year"
    ExpiresByType image/png "access plus 1 year"
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
</IfModule>
