# Enable rewrite engine
RewriteEngine On

# Set default index file
DirectoryIndex index.php index.html

# Allow access to uploads directory
<Directory "uploads">
    Options -Indexes
    AllowOverride None
    Require all granted
</Directory>

# Allow access to albums directory
<Directory "albums">
    Options -Indexes
    AllowOverride None
    Require all granted
</Directory>

# PHP settings (chỉ hoạt động nếu AllowOverride All)
<IfModule mod_php.c>
    php_value upload_max_filesize 10M
    php_value post_max_size 10M
    php_value max_execution_time 300
    php_value memory_limit 256M
</IfModule>

# Allow access to main PHP files in root
<FilesMatch "^(index|upload|api|admin|test_sdk|albums|album_detail|create_album|create_post|albums_api|cosplay_scraper|scraper_api|import_json|bulk_scraper|bulk_scraper_api)\.php$">
    <IfModule mod_authz_core.c>
        Require all granted
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order Allow,Deny
        Allow from all
    </IfModule>
</FilesMatch>

# Security - Prevent direct access to PHP files in uploads directory only
<DirectoryMatch "^.*/uploads/">
    <FilesMatch "\.php$">
        <IfModule mod_authz_core.c>
            Require all denied
        </IfModule>
        <IfModule !mod_authz_core.c>
            Order Deny,Allow
            Deny from all
        </IfModule>
    </FilesMatch>
</DirectoryMatch>

# Allow access to CSS, JS, images
<FilesMatch "\.(css|js|jpg|jpeg|png|gif|webp|ico|svg)$">
    <IfModule mod_authz_core.c>
        Require all granted
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order Allow,Deny
        Allow from all
    </IfModule>
</FilesMatch>
