# =============================================================================
# Snapparty :: public/.htaccess
# The DocumentRoot for *.snapparty.online must point at THIS /public folder so
# that app code, config, and storage all sit safely above the web root.
# =============================================================================

Options -Indexes -MultiViews
DirectoryIndex index.php

<IfModule mod_rewrite.c>
    RewriteEngine On

    # Serve existing static files/dirs directly (assets, etc.)
    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^ - [L]

    # Everything else goes to the front controller.
    RewriteRule ^ index.php [L]
</IfModule>

# Never serve dotfiles (.env can't live here anyway, but defence in depth).
<FilesMatch "^\.">
    Require all denied
</FilesMatch>

# Block direct access to PHP files other than the front controller.
<FilesMatch "\.(php)$">
    Require all denied
</FilesMatch>
<Files "index.php">
    Require all granted
</Files>

# Sensible caching for static assets (tune in Module 1+).
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/jpeg "access plus 1 year"
    ExpiresByType image/png  "access plus 1 year"
    ExpiresByType image/webp "access plus 1 year"
    ExpiresByType text/css   "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
</IfModule>

# Compression.
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/css application/javascript application/json image/svg+xml
</IfModule>
