# ----------------------------------------
# Enable URL Rewriting & Redirect to index.html
# ----------------------------------------
RewriteEngine On

# Redirect to index.html if file or directory doesn't exist
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ index.html [QSA,L]

# ----------------------------------------
# Force HTTPS
# ----------------------------------------
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# ----------------------------------------
# Prevent Hotlinking (CSS, Images, Videos)
# ----------------------------------------
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https?://([a-z0-9-]+\.)?(drwd8\.com|mywebsite\.ca|yourdomain\.com) [NC]
RewriteRule \.(css|jpg|jpeg|png|gif|webp|svg|mp4|webm|ogg|mov)$ - [F]

# ----------------------------------------
# Prevent Direct Access to CSS from External Domains (fixed)
# ----------------------------------------
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https?://([a-z0-9-]+\.)?(drwd8\.com|mywebsite\.ca|yourdomain\.com) [NC]
RewriteRule \.css$ - [F]

# ----------------------------------------
# Security Headers
# ----------------------------------------
<IfModule mod_headers.c>
  Header always set X-Content-Type-Options "nosniff"
  Header always set X-Frame-Options "SAMEORIGIN"
  Header always set X-XSS-Protection "1; mode=block"
</IfModule>

# ----------------------------------------
# Block Access to Sensitive Files
# ----------------------------------------
<FilesMatch "^(\.htaccess|\.env|\.log|\.json|\.md|\.git|\.ini)$">
  Require all denied
</FilesMatch>

# ----------------------------------------
# Enable Gzip Compression
# ----------------------------------------
<IfModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/html text/css application/javascript
</IfModule>

# ----------------------------------------
# Browser Caching
# ----------------------------------------
<IfModule mod_expires.c>
  ExpiresActive On

  # Images — cache for 1 week
  ExpiresByType image/jpeg "access plus 1 week"
  ExpiresByType image/png "access plus 1 week"
  ExpiresByType image/gif "access plus 1 week"
  ExpiresByType image/webp "access plus 1 week"
  ExpiresByType image/svg+xml "access plus 1 week"

  # Fonts — cache for 1 week
  ExpiresByType font/woff2 "access plus 1 week"
  ExpiresByType font/woff "access plus 1 week"
  ExpiresByType font/ttf "access plus 1 week"

  # CSS and JS — cache for 1 day
  ExpiresByType text/css "access plus 1 day"
  ExpiresByType application/javascript "access plus 1 day"
  ExpiresByType text/javascript "access plus 1 day"

  # HTML — cache for 10 minutes
  ExpiresByType text/html "access plus 10 minutes"
</IfModule>