import json

SENSITIVE_KEYS = {
    "password",
    "oldPassword",
    "newPassword",
    "token",
    "access_token",
    "refresh_token"
}

def sanitize_data(value):
    if isinstance(value, dict):
        cleaned = {}
        for k, v in value.items():
            if k in SENSITIVE_KEYS:
                cleaned[k] = "***"
            else:
                cleaned[k] = sanitize_data(v)
        return cleaned

    if isinstance(value, list):
        return [sanitize_data(x) for x in value]

    return value

def parse_request_body(content_type: str, body_bytes: bytes):
    if not body_bytes:
        return None

    if "application/json" in content_type:
        try:
            raw = json.loads(body_bytes.decode("utf-8"))
            return sanitize_data(raw)
        except Exception:
            return {"raw": "Invalid JSON"}

    if "multipart/form-data" in content_type:
        return {"note": "multipart/form-data omitted"}

    return {"note": "unsupported body type"}

def outcome_from_status(status_code: int):
    if 200 <= status_code < 300:
        return "success"
    if status_code == 401:
        return "unauthorized"
    if status_code == 403:
        return "forbidden"
    if status_code == 404:
        return "not_found"
    if status_code == 422:
        return "validation_error"
    if status_code >= 500:
        return "server_error"
    return "failed"