# Enable Rewrite Engine
RewriteEngine On
RewriteBase /

# ============================================
# SECURITY HEADERS
# ============================================

# Prevent clickjacking
Header always append X-Frame-Options SAMEORIGIN

# Enable XSS protection
Header set X-XSS-Protection "1; mode=block"

# Prevent MIME type sniffing
Header set X-Content-Type-Options "nosniff"

# ============================================
# PROTECT SENSITIVE FILES
# ============================================

# Protect config directory
RewriteRule ^config/ - [F,L]

# Protect includes directory
RewriteRule ^includes/ - [F,L]

# Protect scripts directory
RewriteRule ^scripts/ - [F,L]

# Protect logs directory
RewriteRule ^logs/ - [F,L]

# Protect backups directory
RewriteRule ^backups/ - [F,L]

# Protect tmp directory
RewriteRule ^tmp/ - [F,L]

# Deny access to .sql files
<FilesMatch "\.(sql|log|ini|conf)$">
    Order allow,deny
    Deny from all
</FilesMatch>

# Deny access to hidden files
<FilesMatch "^\.">
    Order allow,deny
    Deny from all
</FilesMatch>

# ============================================
# PRETTY URLS (Clean URLs)
# ============================================

# Doctor routes
RewriteRule ^doctor/dashboard$ doctor/dashboard.php [L,QSA]
RewriteRule ^doctor/profile$ doctor/profile.php [L,QSA]
RewriteRule ^doctor/cases$ doctor/cases/list.php [L,QSA]
RewriteRule ^doctor/case/([0-9]+)$ doctor/cases/view.php?id=$1 [L,QSA]
RewriteRule ^doctor/case/([0-9]+)/edit$ doctor/cases/edit.php?id=$1 [L,QSA]
RewriteRule ^doctor/cases/new$ doctor/cases/new.php [L,QSA]

# Repertory routes
RewriteRule ^doctor/repertory$ doctor/repertory/index.php [L,QSA]
RewriteRule ^doctor/repertory/rubric/([0-9]+)$ doctor/repertory/rubric.php?id=$1 [L,QSA]
RewriteRule ^doctor/repertory/search$ doctor/repertory/search.php [L,QSA]

# Materia Medica routes
RewriteRule ^doctor/materia-medica$ doctor/materia-medica/index.php [L,QSA]
RewriteRule ^doctor/remedy/([a-zA-Z0-9-]+)$ doctor/materia-medica/view.php?name=$1 [L,QSA]

# AI routes
RewriteRule ^doctor/ai/analyze$ doctor/ai/analyze.php [L,QSA]
RewriteRule ^doctor/ai/suggest$ doctor/ai/suggest-remedy.php [L,QSA]

# Reports routes
RewriteRule ^doctor/reports$ doctor/reports/index.php [L,QSA]

# Admin routes
RewriteRule ^admin/dashboard$ admin/dashboard.php [L,QSA]
RewriteRule ^admin/doctors$ admin/doctors/index.php [L,QSA]
RewriteRule ^admin/doctors/add$ admin/doctors/add.php [L,QSA]
RewriteRule ^admin/doctors/edit/([0-9]+)$ admin/doctors/edit.php?id=$1 [L,QSA]
RewriteRule ^admin/subscriptions$ admin/subscriptions/index.php [L,QSA]
RewriteRule ^admin/rubrics$ admin/rubrics/index.php [L,QSA]
RewriteRule ^admin/remedies$ admin/remedies/index.php [L,QSA]

# API routes
RewriteRule ^api/login$ api/login.php [L,QSA]
RewriteRule ^api/repertorize$ api/repertorize.php [L,QSA]
RewriteRule ^api/search-rubrics$ api/search-rubrics.php [L,QSA]

# ============================================
# REDIRECTS
# ============================================

# Redirect index.php to root
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php\ HTTP/
RewriteRule ^index\.php$ / [R=301,L]

# Remove trailing slash
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [R=301,L]

# Force HTTPS (uncomment in production)
# RewriteCond %{HTTPS} off
# RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

# ============================================
# CACHING
# ============================================

<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/jpg "access plus 1 year"
    ExpiresByType image/jpeg "access plus 1 year"
    ExpiresByType image/gif "access plus 1 year"
    ExpiresByType image/png "access plus 1 year"
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
    ExpiresByType text/javascript "access plus 1 month"
    ExpiresByType image/x-icon "access plus 1 year"
</IfModule>

# ============================================
# ERROR DOCUMENTS
# ============================================

ErrorDocument 400 /error.php?code=400
ErrorDocument 401 /error.php?code=401
ErrorDocument 403 /error.php?code=403
ErrorDocument 404 /error.php?code=404
ErrorDocument 500 /error.php?code=500

# ============================================
# COMPRESSION
# ============================================

<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/json
</IfModule>

# ============================================
# PHP SETTINGS
# ============================================

<IfModule mod_php7.c>
    php_value upload_max_filesize 20M
    php_value post_max_size 20M
    php_value max_execution_time 300
    php_value memory_limit 256M
</IfModule>