# .htaccess principal — ProyectoGestion
# Seguridad, URL clean y redirects

Options -Indexes
ServerSignature Off

# ── Caché de assets estáticos ────────────────────────────────────────────────
<IfModule mod_expires.c>
  ExpiresActive On
  ExpiresByType text/css        "access plus 1 month"
  ExpiresByType application/javascript "access plus 1 month"
  ExpiresByType image/png       "access plus 1 year"
  ExpiresByType image/jpeg      "access plus 1 year"
  ExpiresByType image/gif       "access plus 1 year"
  ExpiresByType image/svg+xml   "access plus 1 year"
  ExpiresByType font/woff2      "access plus 1 year"
</IfModule>

# ── Cabeceras de seguridad ────────────────────────────────────────────────────
<IfModule mod_headers.c>
  Header set X-Content-Type-Options "nosniff"
  Header set X-Frame-Options "SAMEORIGIN"
  Header set X-XSS-Protection "1; mode=block"
  Header set Referrer-Policy "strict-origin-when-cross-origin"
  Header set Permissions-Policy "geolocation=(), microphone=(), camera=()"
</IfModule>

# ── Proteger archivos sensibles ───────────────────────────────────────────────
<FilesMatch "(\.env|\.env\.example|composer\.json|composer\.lock)$">
  Order Deny,Allow
  Deny from all
</FilesMatch>

<FilesMatch "^(config|cron|lib|database|exports)">
  Order Deny,Allow
  Deny from all
</FilesMatch>

# ── GZIP compression ─────────────────────────────────────────────────────────
<IfModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/html text/css application/javascript application/json
</IfModule>

# ── Reescritura de URL (si se quiere URL limpia) ─────────────────────────────
<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteBase /ProyectoGestion/

  # Redirigir /ProyectoGestion/ → /ProyectoGestion/index.php
  RewriteRule ^$ index.php [L]

  # No reescribir archivos/directorios que existen
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule ^(.*)$ index.php?url=$1 [L,QSA]
</IfModule>
