# ============================================================
#  Nocom — Apache configuration
#  React SPA (Vite build) on Apache 2.4+
# ============================================================

# ── Charset par défaut ──────────────────────────────────────
AddDefaultCharset UTF-8

# ── Module Rewrite ──────────────────────────────────────────
<IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteBase /

  # Forcer HTTPS
  RewriteCond %{HTTPS} off
  RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

  # Forcer www (désactiver si non souhaité)
  # RewriteCond %{HTTP_HOST} !^www\. [NC]
  # RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

  # SPA fallback : tout renvoyer vers index.html
  # sauf les fichiers et dossiers existants
  RewriteCond %{REQUEST_FILENAME} !-f
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule ^ index.html [L]
</IfModule>

# ── Compression Gzip ────────────────────────────────────────
<IfModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/html
  AddOutputFilterByType DEFLATE text/css
  AddOutputFilterByType DEFLATE text/javascript
  AddOutputFilterByType DEFLATE application/javascript
  AddOutputFilterByType DEFLATE application/json
  AddOutputFilterByType DEFLATE image/svg+xml
  AddOutputFilterByType DEFLATE font/woff2
</IfModule>

# ── Cache-Control ────────────────────────────────────────────
<IfModule mod_expires.c>
  ExpiresActive On

  # HTML : pas de cache (SPA, index change à chaque déploiement)
  ExpiresByType text/html                  "access plus 0 seconds"

  # Assets Vite (hash dans le nom) : cache long
  ExpiresByType text/css                   "access plus 1 year"
  ExpiresByType application/javascript     "access plus 1 year"
  ExpiresByType text/javascript            "access plus 1 year"

  # Images
  ExpiresByType image/png                  "access plus 6 months"
  ExpiresByType image/jpeg                 "access plus 6 months"
  ExpiresByType image/webp                 "access plus 6 months"
  ExpiresByType image/svg+xml              "access plus 6 months"
  ExpiresByType image/x-icon              "access plus 1 year"

  # Polices
  ExpiresByType font/woff2                 "access plus 1 year"
  ExpiresByType font/woff                  "access plus 1 year"
  ExpiresByType application/font-woff2     "access plus 1 year"
</IfModule>

# Cache-Control headers explicites
<IfModule mod_headers.c>
  # Assets hachés Vite
  <FilesMatch "\.(js|css|woff2|woff|png|jpg|jpeg|webp|svg)$">
    Header set Cache-Control "public, max-age=31536000, immutable"
  </FilesMatch>

  # HTML : toujours revalidé
  <FilesMatch "\.html$">
    Header set Cache-Control "no-cache, no-store, must-revalidate"
  </FilesMatch>
</IfModule>

# ── En-têtes de sécurité ─────────────────────────────────────
<IfModule mod_headers.c>
  Header always set X-Content-Type-Options    "nosniff"
  Header always set X-Frame-Options           "SAMEORIGIN"
  Header always set X-XSS-Protection         "1; mode=block"
  Header always set Referrer-Policy           "strict-origin-when-cross-origin"
  Header always set Permissions-Policy        "camera=(), microphone=(), geolocation=()"
  Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
</IfModule>

# ── Types MIME ───────────────────────────────────────────────
<IfModule mod_mime.c>
  AddType font/woff2       .woff2
  AddType font/woff        .woff
  AddType image/webp       .webp
  AddType image/svg+xml    .svg
</IfModule>

# ── Masquer les fichiers sensibles ───────────────────────────
<FilesMatch "(^\.htaccess|\.env|\.git|package\.json|package-lock\.json)">
  Require all denied
</FilesMatch>
