# Galappxy API - Education Service
# Rewrite: /v1/homework/123 → v1/homework/index.php (PATH_INFO = /123)

RewriteEngine On
Options -Indexes +FollowSymLinks

# Route /v1/{resource}/{id} to the resource's index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^v1/([^/]+)/(\d+)/?$ v1/$1/index.php/$2 [QSA,L]

# Route /v1/{resource}/{id}/{sub} to the resource's index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^v1/([^/]+)/(\d+)/(.+)$ v1/$1/index.php/$2/$3 [QSA,L]

# Security Headers
<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "DENY"
</IfModule>

# Hide sensitive files
<FilesMatch "^\\.env|^\\.git|composer\\.(json|lock)|README\\.md|\\.sql$">
    Require all denied
</FilesMatch>
