# ============================================================
# NexusIT ITSM — .htaccess for cPanel
# ============================================================

Options -MultiViews -Indexes
RewriteEngine On

# ── Force HTTPS ─────────────────────────────────────────────
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# ── Security headers ─────────────────────────────────────────
<IfModule mod_headers.c>
  Header always set X-Frame-Options "SAMEORIGIN"
  Header always set X-Content-Type-Options "nosniff"
  Header always set X-XSS-Protection "1; mode=block"
</IfModule>

# ── Block sensitive files ────────────────────────────────────
<FilesMatch "(\.env|\.git|package\.json|package-lock\.json|node_modules)">
  Order allow,deny
  Deny from all
</FilesMatch>

# ============================================================
# OPTION A — API on SAME domain via proxy (most common cPanel setup)
# The Node.js app runs on an internal port. cPanel uses Passenger
# or a proxy. Uncomment and set PORT to your Node.js app port.
# Find the port in cPanel > Node.js Apps > your app details.
# ============================================================
# <IfModule mod_proxy.c>
#   ProxyRequests Off
#   ProxyPreserveHost On
#   RewriteCond %{REQUEST_URI} ^/api [NC]
#   RewriteRule ^api/(.*)$ http://127.0.0.1:YOUR_PORT/api/$1 [P,L]
#   ProxyPassReverse /api http://127.0.0.1:YOUR_PORT/api
# </IfModule>

# ============================================================
# OPTION B — API on SUBDOMAIN (api.yourdomain.ae)
# If you set up a subdomain for the Node.js app, you don't need
# any proxy here. Just set API_BASE in index.html to:
#   https://api.yourdomain.ae/api
# And remove or comment out the proxy rules above.
# ============================================================

# ── React SPA routing — all non-file requests → index.html ──
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/api
RewriteRule ^ index.html [QSA,L]

# ── Caching for static assets ─────────────────────────────────
<IfModule mod_expires.c>
  ExpiresActive On
  ExpiresByType text/css               "access plus 1 month"
  ExpiresByType application/javascript "access plus 1 month"
  ExpiresByType image/png              "access plus 1 year"
  ExpiresByType image/jpg              "access plus 1 year"
  ExpiresByType image/jpeg             "access plus 1 year"
  ExpiresByType image/svg+xml         "access plus 1 year"
  ExpiresByType image/x-icon          "access plus 1 year"
</IfModule>

# ── Gzip compression ─────────────────────────────────────────
<IfModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/html text/css application/javascript application/json
</IfModule>
