# --- BASIC 認証（任意・要設定） ---
# 設置サーバーで Basic 認証を有効にする場合は、以下をコメント解除し、AuthUserFile に .htpasswd の絶対パスを指定してください。
# AuthUserFile "/path/to/.htpasswd"
# AuthName "Member Site"
# AuthType BASIC
# require valid-user

RewriteEngine On

# 相対パス置換時の基準ディレクトリを明示してください
RewriteBase /

DirectoryIndex index.php
# /data/ 配下への直接アクセスを全拒否（SQLite DB 本体・秘密鍵ファイル等の保護）
RewriteRule ^data(/|$) - [F,L]
# /includes/ 配下（内部 require 専用）への直接アクセス拒否
RewriteRule ^includes(/|$) - [F,L]
# 認証ガード（includes/auth_web.php）や内部ブートストラップへの直接アクセスは不要・有害なので拒否。
# ※各画面は server-side の require で読み込むため、HTTP 経由で直接叩けないようにしておく。
RewriteRule ^auth_web\.php$ - [F,L]
RewriteRule ^api/bootstrap\.php$ - [F,L]
RewriteRule ^api/auth_helpers\.php$ - [F,L]
RewriteRule ^api/routes\.php$ - [F,L]
RewriteRule ^api/ga4_handlers\.php$ - [F,L]
RewriteRule ^api/catalog_handlers\.php$ - [F,L]

# 旧 .html ブックマーク → .php
RewriteRule ^index\.html$ index.php [L,R=301]
RewriteRule ^login\.html$ auth/login.php [L,R=301]
RewriteRule ^admin\.html$ admin/admin.php [L,R=301]
RewriteRule ^settings\.html$ admin/admin.php [L,R=301]
RewriteRule ^forgot_password\.html$ auth/forgot_password.php [L,R=301]
RewriteRule ^reset_password\.html$ auth/reset_password.php [L,R=301]

# 旧 URL（ルート直下の *.php）→ 新 URL（機能別サブディレクトリ）への 301 リダイレクト。
# 既存ブックマーク・外部からのリンク・メール内リンク（パスワード リセットなど）を維持するため。
RewriteRule ^login\.php$ auth/login.php [L,R=301,QSA]
RewriteRule ^forgot_password\.php$ auth/forgot_password.php [L,R=301,QSA]
RewriteRule ^reset_password\.php$ auth/reset_password.php [L,R=301,QSA]
RewriteRule ^initial_setup\.php$ auth/initial_setup.php [L,R=301,QSA]
RewriteRule ^profile\.php$ auth/profile.php [L,R=301,QSA]
RewriteRule ^products\.php$ admin/products.php [L,R=301,QSA]
RewriteRule ^keywords\.php$ manage/keywords.php [L,R=301,QSA]
RewriteRule ^keywords_edit\.php$ manage/keywords_edit.php [L,R=301,QSA]
RewriteRule ^keywords_list\.php$ products/keywords_list.php [L,R=301,QSA]
RewriteRule ^matrix_rank\.php$ products/matrix_rank.php [L,R=301,QSA]
RewriteRule ^matrix_brands\.php$ products/matrix_brands.php [L,R=301,QSA]
RewriteRule ^survey\.php$ manage/survey.php [L,R=301,QSA]
RewriteRule ^survey_admin\.php$ manage/survey_admin.php [L,R=301,QSA]
RewriteRule ^admin\.php$ admin/admin.php [L,R=301,QSA]
RewriteRule ^users\.php$ admin/users.php [L,R=301,QSA]
RewriteRule ^dataforseo_admin\.php$ admin/dataforseo_admin.php [L,R=301,QSA]
RewriteRule ^ga4_analytics\.php$ products/ga4_analytics.php [L,R=301,QSA]
RewriteRule ^ga4_brand_correlation\.php$ products/extended_reports/ga4_brand_correlation.php [L,R=301,QSA]
RewriteRule ^products/ga4_brand_correlation\.php$ products/extended_reports/ga4_brand_correlation.php [L,R=301,QSA]
RewriteRule ^ga4_connect\.php$ admin/ga4_connect.php [L,R=301,QSA]
RewriteRule ^ga4_cv_settings\.php$ manage/ga4_cv_settings.php [L,R=301,QSA]
RewriteRule ^ga4_product_connect\.php$ manage/ga4_product_connect.php [L,R=301,QSA]

# サイドバー分類に沿った再編（/reports・/ga4・一部 /products → /products /manage /admin）
RewriteRule ^reports/matrix_rank\.php$ products/matrix_rank.php [L,R=301,QSA]
RewriteRule ^reports/matrix_brands\.php$ products/matrix_brands.php [L,R=301,QSA]
RewriteRule ^reports/survey\.php$ manage/survey.php [L,R=301,QSA]
RewriteRule ^reports/survey_admin\.php$ manage/survey_admin.php [L,R=301,QSA]
RewriteRule ^ga4/ga4_analytics\.php$ products/ga4_analytics.php [L,R=301,QSA]
RewriteRule ^ga4/ga4_brand_correlation\.php$ products/extended_reports/ga4_brand_correlation.php [L,R=301,QSA]
RewriteRule ^ga4/ga4_cv_settings\.php$ manage/ga4_cv_settings.php [L,R=301,QSA]
RewriteRule ^ga4/ga4_product_connect\.php$ manage/ga4_product_connect.php [L,R=301,QSA]
RewriteRule ^ga4/ga4_connect\.php$ admin/ga4_connect.php [L,R=301,QSA]
RewriteRule ^products/keywords\.php$ manage/keywords.php [L,R=301,QSA]
RewriteRule ^products/keywords_edit\.php$ manage/keywords_edit.php [L,R=301,QSA]
RewriteRule ^products/products\.php$ admin/products.php [L,R=301,QSA]

# 任意: mod_rewrite が使える場合のみ /api/login 形式を api/router.php へ渡す。
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^api/ api/router.php [L,QSA]
# セキュリティヘッダ（利用可能なら）
<IfModule mod_headers.c>
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set Referrer-Policy "strict-origin-when-cross-origin"
</IfModule>

