# =====================================================================
# NovelSphere — Root-level .htaccess for shared hosting
# Use this when your host does NOT allow you to set the document root
# to the `public/` subdirectory (e.g. cPanel with public_html as root).
#
# What this does:
#   - Internally rewrites all requests to the `public/` subdirectory
#   - Keeps URLs clean (no `/public/` prefix in the browser)
#   - Blocks direct access to sensitive folders (app/, storage/, etc.)
#   - Lets the `public/.htaccess` still handle URL rewriting + security
#
# Installation:
#   1. Upload the entire `novel-platform/` folder contents to your
#      document root (usually `public_html/`).
#   2. This file goes at the TOP LEVEL of your document root.
#   3. Ensure `mod_rewrite` is enabled (it is by default on cPanel).
# =====================================================================

Options -Indexes -MultiViews
Options +FollowSymLinks

<IfModule mod_rewrite.c>
    RewriteEngine On

    # If your site is in a subfolder (e.g. https://example.com/my-novel/),
    # uncomment the next line and set the correct path:
    # RewriteBase /my-novel/

    # -----------------------------------------------------------------
    # 1. Block direct access to sensitive directories
    #    (defense in depth — these should never be web-served)
    # -----------------------------------------------------------------
    RewriteRule ^(app|storage|database|docs|scripts|vendor|node_modules)(/|$) - [F,L,NC]

    # Block dotfiles and config files at the root
    RewriteRule (^|/)\.(env|git|htaccess|htpasswd) - [F,L,NC]
    RewriteRule ^(composer\.(json|lock)|package\.json|package-lock\.json|webpack\.config\.js|\.env\.example)$ - [F,L,NC]

    # -----------------------------------------------------------------
    # 2. Send everything else into the `public/` directory
    #    (internal rewrite — URL in the browser stays clean)
    # -----------------------------------------------------------------
    RewriteCond %{REQUEST_URI} !^/?public/
    RewriteRule ^(.*)$ public/$1 [L]
</IfModule>

# ---------------------------------------------------------------------
# 3. Default fallback (when mod_rewrite is unavailable)
#    Redirect visitors to /public/ explicitly (URL will show /public/)
# ---------------------------------------------------------------------
<IfModule !mod_rewrite.c>
    RedirectMatch 301 ^/(?!public/)(.*)$ /public/$1
</IfModule>

# ---------------------------------------------------------------------
# 4. Protect this .htaccess itself
# ---------------------------------------------------------------------
<Files ".htaccess">
    Require all denied
</Files>

# ---------------------------------------------------------------------
# 5. Set default document
# ---------------------------------------------------------------------
DirectoryIndex public/index.php index.php index.html

# ---------------------------------------------------------------------
# 6. Basic security headers (the public/.htaccess adds more)
# ---------------------------------------------------------------------
<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-XSS-Protection "1; mode=block"
    Header set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>

# ---------------------------------------------------------------------
# 7. Compression (applies to anything routed through Apache)
# ---------------------------------------------------------------------
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/plain text/css text/javascript
    AddOutputFilterByType DEFLATE application/javascript application/json
    AddOutputFilterByType DEFLATE application/xml application/rss+xml image/svg+xml
</IfModule>

# ---------------------------------------------------------------------
# 8. PHP error display during install (set via .htaccess for Apache module PHP)
#    These are IGNORED on PHP-FPM/suPHP hosts — use .user.ini for those.
#    Once install is done, comment out or set to Off.
# ---------------------------------------------------------------------
<IfModule mod_php.c>
    php_flag display_errors On
    php_flag display_startup_errors On
    php_value error_reporting 32767
    php_flag log_errors On
</IfModule>
<IfModule mod_php7.c>
    php_flag display_errors On
    php_flag display_startup_errors On
    php_value error_reporting 32767
    php_flag log_errors On
</IfModule>
<IfModule mod_php8.c>
    php_flag display_errors On
    php_flag display_startup_errors On
    php_value error_reporting 32767
    php_flag log_errors On
</IfModule>
