# XC IPTV API - Apache Configuration

# CORS (Cross-Origin Resource Sharing)
<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "*"
    Header set Access-Control-Allow-Methods "GET, POST, OPTIONS"
    Header set Access-Control-Allow-Headers "Content-Type, Authorization"
</IfModule>

# GZIP Compression
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/javascript application/json
</IfModule>

# Cache Control
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType application/json "access plus 5 minutes"
</IfModule>

# Security Headers
<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "DENY"
    Header set X-XSS-Protection "1; mode=block"
</IfModule>

# Disable Directory Listing
Options -Indexes

# Protect Config and Sensitive Files
<FilesMatch "^(config\.php|rate_limit\.json|.*\.log|.*\.md)$">
    Order Allow,Deny
    Deny from all
</FilesMatch>

# Protect Tokens Directory
<IfModule mod_rewrite.c>
    RewriteRule ^tokens/ - [F,L]
</IfModule>

# Error Pages
ErrorDocument 404 /404.html
ErrorDocument 500 /500.html

# Rewrite Rules (opsiyonel - SEF URLs için)
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    
    # API endpoint'i temizle
    # /api/v1 yerine /api
    RewriteRule ^api/?$ api_secured.php [L]
    
    # Maintenance check
    RewriteCond %{REQUEST_URI} !maintenance.html
    RewriteCond %{DOCUMENT_ROOT}/maintenance.flag -f
    RewriteRule .* /maintenance.html [R=503,L]
</IfModule>

# PHP Settings (eğer izin veriliyorsa)
<IfModule mod_php.c>
    php_value upload_max_filesize 10M
    php_value post_max_size 10M
    php_value memory_limit 128M
    php_value max_execution_time 30
</IfModule>