first commit

2026-04-26 02:23:11 +02:00
commit 153c83f7fa
31 changed files with 3804 additions and 0 deletions
--- a/.htaccess
+++ b/.htaccess
@@ -0,0 +1,32 @@
+Options -Indexes
+
+# Block direct access to PHP config and internal files
+<FilesMatch "^(config\.php|db\.php|schema\.sql)$">
+    Require all denied
+</FilesMatch>
+
+RewriteEngine On
+RewriteBase /
+
+# Skip rewrite if file physically exists
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteCond %{REQUEST_FILENAME} !-d
+
+# API routing
+RewriteRule ^api/auth/?$        api/auth.php  [QSA,L]
+RewriteRule ^api/streamers/?$   api/streamers.php [QSA,L]
+RewriteRule ^api/live/?$        api/live.php  [QSA,L]
+RewriteRule ^api/comments/?$    api/comments.php [QSA,L]
+RewriteRule ^api/oauth/?$              api/oauth.php [QSA,L]
+RewriteRule ^api/settings/?$           api/settings.php [QSA,L]
+RewriteRule ^api/moderators/?$         api/moderators.php [QSA,L]
+RewriteRule ^api/rater_groups/?$       api/rater_groups.php [QSA,L]
+RewriteRule ^api/community_ratings/?$  api/community_ratings.php [QSA,L]
+
+# Security headers
+<IfModule mod_headers.c>
+    Header always set X-Content-Type-Options "nosniff"
+    Header always set X-Frame-Options "ALLOW-FROM https://nb.garoshi.eu https://naughtybulldogs.eu"
+    Header always set Content-Security-Policy "frame-ancestors 'self' https://nb.garoshi.eu https://naughtybulldogs.eu"
+    Header always set Referrer-Policy "strict-origin-when-cross-origin"
+</IfModule>