export const LOGIN_PATH = '/login';
export const DEFAULT_POST_LOGIN_PATH = '/overview';
export const REDIRECT_QUERY_KEY = 'redirect';

function isSafeRelativePath(target: string): boolean {
  return target.startsWith('/') && !target.startsWith('//');
}

export function normalizeRedirectTarget(
  target: string | null | undefined,
  fallback: string = DEFAULT_POST_LOGIN_PATH,
): string {
  if (!target) return fallback;

  const value = target.trim();
  if (!value) return fallback;
  if (!isSafeRelativePath(value)) return fallback;
  if (value.startsWith(LOGIN_PATH)) return fallback;

  return value;
}

export function getCurrentRelativePath(): string {
  if (typeof window === 'undefined') return '/';
  return `${window.location.pathname}${window.location.search}${window.location.hash}`;
}

export function buildLoginRedirectUrl(fromPath?: string): string {
  const redirectTarget = normalizeRedirectTarget(fromPath, '');
  if (!redirectTarget) return LOGIN_PATH;

  const encoded = encodeURIComponent(redirectTarget);
  return `${LOGIN_PATH}?${REDIRECT_QUERY_KEY}=${encoded}`;
}

export function getPostLoginRedirect(target: string | null | undefined): string {
  return normalizeRedirectTarget(target, DEFAULT_POST_LOGIN_PATH);
}