<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.webServer>

    <!-- Default document -->
    <defaultDocument>
      <files>
        <clear />
        <add value="index.php" />
      </files>
    </defaultDocument>

    <!-- Permite acces anonim -->
    <security>
      <authorization>
        <add accessType="Allow" users="*" />
      </authorization>
    </security>

    <rewrite>
      <rules>
        <clear />

        <!-- 1️⃣ Dacă NU e logat → LOGIN -->
        <rule name="FORCE_LOGIN" stopProcessing="true">
          <match url="^$" />
          <conditions>
            <add input="{HTTP_COOKIE}" pattern="MAGISTER_AD_USER=" negate="true" />
          </conditions>
          <action type="Redirect" url="/login.php" redirectType="Found" />
        </rule>

        <!-- 2️⃣ login / logout local -->
        <rule name="LOCAL_AUTH" stopProcessing="true">
          <match url="^(login\.php|logout\.php)$" ignoreCase="true" />
          <action type="None" />
        </rule>

        <!-- 3️⃣ Proxy pentru TOT RESTUL -->
        <rule name="MAGISTER_PROXY_ALL" stopProcessing="true">
          <match url="(.*)" />
          <conditions>
            <add input="{REQUEST_URI}" pattern="^/(login\.php|logout\.php)$" negate="true" />
          </conditions>
          <action
            type="Rewrite"
            url="https://magister.aisuport.ro/{R:1}"
            appendQueryString="true" />
          <serverVariables>
            <set name="HTTP_X_PROXY_AUTH" value="MAGISTER_AD" />
          </serverVariables>
        </rule>

      </rules>
    </rewrite>

  </system.webServer>
</configuration>
