RewriteEngine On
RewriteBase /api/

# Block direct access to application code
RewriteRule ^(bootstrap|shared|auth|owners|cabins|games|clues|sessions|stats|stripe|uploads|storage|database)/ - [F,L,NC]
RewriteRule ^dbconn\.php$ - [F,L,NC]
RewriteRule ^routes\.php$ - [F,L,NC]

# Serve existing files and pesterimages as static assets
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]

# Route all API requests to index.php
RewriteRule ^ index.php [QSA,L]
