# --- AASA must not redirect and must return JSON ---
<IfModule mod_rewrite.c>
  RewriteEngine On
  # Serve AASA files as-is (root and .well-known)
  RewriteRule ^(?:\.well-known/)?apple-app-site-association$ - [L]
</IfModule>

<IfModule mod_headers.c>
  <Files "apple-app-site-association">
    Header set Content-Type "application/json; charset=utf-8"
    Header set X-Content-Type-Options "nosniff"
    Header set Cache-Control "no-cache, no-store, max-age=0, must-revalidate"
  </Files>
  # This pattern also catches the .well-known version
  <FilesMatch "apple-app-site-association$">
    Header set Content-Type "application/json; charset=utf-8"
    Header set X-Content-Type-Options "nosniff"
    Header set Cache-Control "no-cache, no-store, max-age=0, must-revalidate"
  </FilesMatch>
</IfModule>

AddType application/json apple-app-site-association


# --- Short, Share, and API routes ---
<IfModule mod_rewrite.c>
  RewriteEngine On

  # 1) Skip rewrites if the request maps to an actual file or directory
  RewriteCond %{REQUEST_FILENAME} -f [OR]
  RewriteCond %{REQUEST_FILENAME} -d
  RewriteRule . - [L]

  # 2) Pretty routes (order matters: specific before general)

  # Dynamic OG image
  # /share/og/<id>.png|jpg -> share_og.php?id=<id>
  RewriteRule ^share/og/([A-Za-z0-9_-]{4,32})\.(?:png|jpg)$ share_og.php?id=$1 [L,QSA]

  # Share landing page
  # /share/<id> -> share.php?id=<id>
  RewriteRule ^share/([A-Za-z0-9_-]{4,32})$ share.php?id=$1 [L,QSA]

  # Short-link resolver
  # /s/<id> -> /s/index.php?id=<id>
  RewriteRule ^s/([A-Za-z0-9_-]{4,32})$ s/index.php?id=$1 [L,QSA]


  # /api/resolve/<id> -> /api/resolve.php?id=<id>
  RewriteRule ^api/resolve/([A-Za-z0-9_-]{4,32})$ api/resolve.php?id=$1 [L,QSA]
</IfModule>

# --- CORS for API only ---
# FilesMatch in root can be unreliable for deep paths; use an env flag.
<IfModule mod_setenvif.c>
  SetEnvIf Request_URI "^/api/.*\.php$" IS_API=1
</IfModule>
<IfModule mod_headers.c>
  Header set Access-Control-Allow-Origin "*"           env=IS_API
  Header set Access-Control-Allow-Methods "GET,POST,OPTIONS" env=IS_API
  Header set Access-Control-Allow-Headers "Content-Type, Authorization, X-API-Key" env=IS_API
</IfModule>

# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php80” package as the default “PHP” programming language.
<IfModule mime_module>
  AddHandler application/x-httpd-ea-php80 .php .php8 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
