Options -Indexes
RewriteEngine On
RewriteBase /

# ── Seguridad: denegar acceso directo a config ──────────────────
<Files "config.php">
    Order Allow,Deny
    Deny from all
</Files>

# ── Rutas de páginas (sin extensión) ────────────────────────────
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^login$     login.php     [L,QSA]
RewriteRule ^dashboard$ dashboard.php [L,QSA]

# ── API routes (sin extensión, estilo Flask) ─────────────────────
RewriteRule ^api/login$             api/login.php             [L,QSA]
RewriteRule ^api/logout$            api/logout.php            [L,QSA]
RewriteRule ^api/indicators$        api/indicators.php        [L,QSA]
RewriteRule ^api/localidades/([0-9]+)$ api/localidades.php?id=$1 [L,QSA]
RewriteRule ^api/localidades$       api/localidades.php       [L,QSA]
RewriteRule ^api/users/([0-9]+)$    api/users.php?id=$1       [L,QSA]
RewriteRule ^api/users$             api/users.php             [L,QSA]
RewriteRule ^api/data/([0-9]+)$     api/data.php?id=$1        [L,QSA]
RewriteRule ^api/data$              api/data.php              [L,QSA]
RewriteRule ^api/metas$             api/metas.php             [L,QSA]
RewriteRule ^api/linea_base$        api/linea_base.php        [L,QSA]
RewriteRule ^api/report$            api/report.php            [L,QSA]
RewriteRule ^api/formato_p_data$    api/formato_p_data.php    [L,QSA]
RewriteRule ^api/formato_p_pdf$     api/formato_p_pdf.php     [L,QSA]
RewriteRule ^api/info$              api/info.php              [L,QSA]
RewriteRule ^api/audit$             api/audit.php             [L,QSA]

# ── Headers de seguridad ─────────────────────────────────────────
<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header set X-Frame-Options "SAMEORIGIN"
    Header set X-XSS-Protection "1; mode=block"
</IfModule>

# ── PHP settings recomendados ────────────────────────────────────
<IfModule mod_php.c>
    php_value session.gc_maxlifetime 28800
    php_value session.cookie_httponly 1
    php_value upload_max_filesize 10M
    php_value post_max_size 10M
</IfModule>
