RewriteEngine On

# TODO: MOVE FROM PLUGIN TO CORE (Modules/RemoteData/Mcp/.htaccess) when proxy is ready
#
# Right now this redirects the following:
#  https://mcp-dan-tina.proxy.intern.dcsplus.net/.well-known/oauth-protected-resource
#  https://mcp-dan-tina.proxy.intern.dcsplus.net/.well-known/oauth-authorization-server
#  https://mcp-dan-tina.proxy.intern.dcsplus.net/.well-known/openid-configuration
#
# @see https://modelcontextprotocol.io/specification/2025-11-25/basic/authorization
#
# Breakdown:
# ^\.well-known/oauth-protected-resource$ — matches the exact .well-known path (the dot is escaped)
# /dan.baluta/tina3/project/disp.php?... — the internal PHP script that handles the request
# [L] — last rule, stop processing further rules
# [QSA] — Query String Append, in case any extra query params are passed to the .well-known URL
# Place this in the .htaccess at the root of php85.devel.tina.dcs (or whichever docroot covers the .well-known path).
# Result:
# A request to: https://mcp-dan-tina.proxy.intern.dcsplus.net/.well-known/oauth-protected-resource
# will be internally served by your PHP script, with no redirect visible to the client — which is what OAuth metadata discovery expects.
#

RewriteRule ^\.well-known/oauth-protected-resource$ /dan.baluta/tina3/project/disp.php?module=RemoteData/Mcp&action=oauthProtectedResource [L,QSA]
RewriteRule ^\.well-known/oauth-authorization-server$ /dan.baluta/tina3/project/disp.php?module=RemoteData/Mcp&action=oauthAuthorizationServer [L,QSA]
#RewriteRule ^\.well-known/openid-configuration$ /dan.baluta/tina3/project/disp.php?module=RemoteData/Mcp&action=openidConfiguration [L,QSA]

RewriteRule ^\.well-known/oauth-protected-resource/(.+)$ /dan.baluta/tina3/project/disp.php?module=RemoteData/Mcp&action=oauthProtectedResource&tenant=$1 [L,QSA]
RewriteRule ^\.well-known/oauth-authorization-server/(.+)$ /dan.baluta/tina3/project/disp.php?module=RemoteData/Mcp&action=oauthAuthorizationServer&tenant=$1 [L,QSA]

# OAUTH2 SERVER (TODO: MOVE FROM PLUGIN TO CORE (Modules/Authenticate/OAuth2/.htaccess) when proxy is ready)
RewriteRule ^authorize$ /dan.baluta/tina3/project/disp.php?module=Authenticate/OAuth2&action=authorize [L,QSA]
RewriteRule ^token$     /dan.baluta/tina3/project/disp.php?module=Authenticate/OAuth2&action=token [L,QSA]
RewriteRule ^register$  /dan.baluta/tina3/project/disp.php?module=Authenticate/OAuth2&action=register [L,QSA]

# TEMPORARY FIXES FOR  https://mcp-dan-tina.proxy.intern.dcsplus.net
RewriteRule ^dan.baluta/tina3/project/(.*)$ /dan.baluta/tina3/project/$1 [L,QSA]
RewriteRule ^dan.baluta/tina3/files/(.*)$ /dan.baluta/tina3/files/$1 [L,QSA]

# MCP URL IS: https://mcp-dan-tina.proxy.intern.dcsplus.net
RewriteRule ^(index\.php)?$ /dan.baluta/tina3/project/disp.php?module=RemoteData/Mcp&action=index [L,QSA]

# MCP URL IS: https://mcp-dan-tina.proxy.intern.dcsplus.net/public/mcp
#RewriteRule ^public/mcp(/index\.php)?$ /dan.baluta/tina3/project/disp.php?module=RemoteData/Mcp&action=index [L,QSA]