RewriteEngine On
RewriteBase /

# Redirect API requests to the API index file
RewriteRule ^api/(.*)$ api/index.php [QSA,L]

# Block direct access to sensitive files
RewriteRule ^includes/ - [F,L]
RewriteRule ^database\.sql$ - [F,L]
RewriteRule ^config\.php$ - [F,L]

# Clean URLs for the main application
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?page=$1 [QSA,L]

# Handle API specific routes
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^api/v1/(.*)$ api/index.php?v=1&path=$1 [QSA,L]

# Allow access to assets
RewriteRule ^assets/ - [L]

# Error pages
ErrorDocument 404 index.php?page=404
ErrorDocument 500 index.php?page=500