# MyKollectOr API — .htaccess
# Placer à la racine de api.mykollector.com

# Forcer HTTPS
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# ── FIX CRITIQUE OVH : passer le header Authorization à PHP ──────
# OVH mutualisé supprime Authorization par défaut
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

# Fallback si mod_rewrite ne suffit pas
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

# Router vers Slim 4 — public/index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ public/index.php [QSA,L]

# Bloquer accès direct .env
<FilesMatch "^\.env">
    Order allow,deny
    Deny from all
</FilesMatch>

# Bloquer accès storage/
<IfModule mod_rewrite.c>
    RewriteRule ^storage/ - [F,L]
</IfModule>

# Bloquer accès src/
<IfModule mod_rewrite.c>
    RewriteRule ^src/ - [F,L]
</IfModule>

# Bloquer accès logs/
<IfModule mod_rewrite.c>
    RewriteRule ^logs/ - [F,L]
</IfModule>

# Headers sécurité
<IfModule mod_headers.c>
    Header always set X-Content-Type-Options nosniff
    Header always set X-Frame-Options DENY
    Header always set X-XSS-Protection "1; mode=block"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>

# Désactiver listing répertoires
Options -Indexes

# PHP 8.1 OVH
<IfModule mod_php8.c>
    php_value upload_max_filesize 10M
    php_value post_max_size 10M
    php_value max_execution_time 60
    php_value memory_limit 256M
</IfModule>
