# Disable directory listing
Options -Indexes

# Protect .env file
<Files ".env">
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order deny,allow
        Deny from all
    </IfModule>
</Files>

<IfModule mod_rewrite.c>
    RewriteEngine On
    
    # Force HTTPS in production
    # Uncomment the lines below when deploying to production
    # RewriteCond %{HTTPS} off
    # RewriteCond %{HTTP:X-Forwarded-Proto} !https
    # RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    
    # Redirect root and all requests to the public directory
    # Check if request doesn't already point to public directory
    RewriteCond %{REQUEST_URI} !^/public/
    RewriteCond %{REQUEST_URI} !^/payments/public/
    
    # Rewrite to public directory
    RewriteRule ^(.*)$ public/$1 [L]
</IfModule>

