# public_html/app/public/.htaccess
RewriteEngine On
RewriteBase /app/public/

# (opcional) force HTTPS, mas não para OPTIONS
RewriteCond %{REQUEST_METHOD} !=OPTIONS
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

# assets reais passam direto
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]

# home -> login
RewriteRule ^$ login.php [L,QSA]

# rotas diretas
RewriteRule ^login/?$            login.php           [L,QSA]
RewriteRule ^logout/?$           logout.php          [L,QSA]
RewriteRule ^forgot_password/?$  forgot_password.php [L,QSA]
RewriteRule ^reset_password/?$   reset_password.php  [L,QSA]

# webhook dentro de /app/public (útil se você testar por aqui)
RewriteRule ^webhook/([a-f0-9]{32})/?$ api/webhook_ingress.php?token=$1 [L,QSA]

# páginas amigáveis
RewriteRule ^([a-z0-9-]+)/?$ index.php?page=$1 [L,QSA]
