export function sanitizeAuthRedirect(target: string | null | undefined, fallback: string = '/dashboard'): string {
  const value = (target || '').trim()
  if (!value.startsWith('/') || value.startsWith('//')) {
    return fallback
  }
  return value
}

export function buildOAuthCallbackReturnTo(redirectPath: string): string {
  const callbackUrl = new URL('/login/oauth/callback', window.location.origin)
  if (redirectPath && redirectPath !== '/dashboard') {
    callbackUrl.searchParams.set('redirect', redirectPath)
  }
  return callbackUrl.toString()
}

export function parseOAuthCallbackHash(hash: string): Record<string, string> {
  const normalized = hash.startsWith('#') ? hash.slice(1) : hash
  const values = new URLSearchParams(normalized)

  return {
    status: values.get('status') || '',
    code: values.get('code') || '',
    provider: values.get('provider') || '',
    message: values.get('message') || '',
  }
}