<IfModule mod_rewrite.c>
    RewriteEngine On

    # 1️⃣ WebSocket proxy
    RewriteCond %{HTTP:Upgrade} =websocket [NC]
    RewriteCond %{HTTPS} on
    RewriteRule ^app/(.*)$ ws://127.0.0.1:6001/app/$1 [P,L]

    # 2️⃣ Preserve Authorization headers
    RewriteCond %{HTTP:Authorization} ^(.*)
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%1]
    SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

    # 3️⃣ Serve existing files or directories directly
    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^ - [L]

    # 4️⃣ Forward everything else to public/index.php
    RewriteRule ^(.*)$ public/index.php [L]
</IfModule>

# 5️⃣ Security
<FilesMatch "\.(env|json|lock)$">
    Order allow,deny
    Deny from all
</FilesMatch>

# ----------------------------------------------------------------------
# ✅ Set Cache-Control headers (for modern browsers / CDNs)
# ----------------------------------------------------------------------

<IfModule mod_headers.c>
    # Images - cache aggressively
    <FilesMatch "\.(ico|jpe?g|png|gif|webp|svg)$">
        Header set Cache-Control "public, max-age=31536000, immutable"
    </FilesMatch>

    # CSS & JS - cache but allow revalidation if hash changes
    <FilesMatch "\.(css|js)$">
        Header set Cache-Control "public, max-age=2592000, immutable"
    </FilesMatch>

    # Fonts
    <FilesMatch "\.(woff2?|ttf|otf|eot)$">
        Header set Cache-Control "public, max-age=31536000, immutable"
    </FilesMatch>
</IfModule>
