RewriteEngine On

# require https
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/api/update
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

#token to HTTP_AUTHORIZATION
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule . - [e=HTTP_AUTHORIZATION:%1]

# serve all files from public subfolder
RewriteCond %{REQUEST_FILENAME} !.php
RewriteCond %{REQUEST_FILENAME} !.log
RewriteCond %{REQUEST_FILENAME} !.ttfnot
RewriteCond %{REQUEST_FILENAME} \.
RewriteRule (.*) ./public/$1 [L]

# serve all other request as query parameters
RewriteRule (.*) ./public/index.php?url=$1 [L,QSA]

AddType application/x-httpd-php .php .phtml