RewriteEngine On

# Deny direct access to sensitive files
<FilesMatch "(^\.|composer\.(json|lock)|artisan|phpunit\.xml|README(\.md)?|readme(\.md)?|env|\.env)">
    Require all denied
</FilesMatch>

# Route /storage/* to the public symlink when DocumentRoot is project root
RewriteRule ^storage/(.*)$ public/storage/$1 [L]

# If the request is not for an existing file or directory,
# rewrite everything to the public/ directory (fallback when you cannot set DocumentRoot)
RewriteCond %{REQUEST_URI} !^/public/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ public/$1 [L]

