RewriteEngine On
RewriteBase /api/

# Handle API versioning and routing
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^v1/(.*)$ index.php [QSA,L]

# Allow OPTIONS requests for CORS
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ index.php [QSA,L]

# Block access to internal files
RewriteRule ^controllers/ - [F,L]
RewriteRule ^models/ - [F,L]
RewriteRule ^helpers/ - [F,L]
RewriteRule ^middleware/ - [F,L]

# Set appropriate headers for API
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS"
Header always set Access-Control-Allow-Headers "Content-Type, Authorization, X-Requested-With"

# JSON content type for API responses
<Files "*.php">
    Header set Content-Type "application/json"
</Files>