first commit

app/api/middlewares/__init__.py

@@ -0,0 +1,4 @@
+from .verify_api_key import require_api_key
+from .app_id_checker import require_app_id
+from .cors import enforce_json
+from .basic_auth import require_auth

app/api/middlewares/app_id_checker.py

@@ -0,0 +1,27 @@
+from functools import wraps
+from flask import request, jsonify
+from app.utils.logger import logger
+from app.config import Config
+
+
+
+VALID_APP_ID = Config.VALID_APP_ID
+
+def require_app_id(f):
+    """Decorator to enforce App-ID validation."""
+    @wraps(f)
+    def decorated_function(*args, **kwargs):
+        app_id = request.headers.get("App-ID")
+
+        if not app_id:
+            logger.error("Unauthorized access: Missing App-ID.")
+            return jsonify({"message": "Invalid request"}), 400
+
+
+        if app_id != VALID_APP_ID:
+            logger.error(f"Unauthorized access: Invalid App-ID {app_id}.")
+            return jsonify({"message": "Invalid request"}), 400
+
+        return f(*args, **kwargs)
+
+    return decorated_function

app/api/middlewares/basic_auth.py

@@ -0,0 +1,30 @@
+from functools import wraps
+from flask import request, jsonify
+import base64
+from app.config import Config
+
+USERNAME = Config.BASIC_AUTH_USERNAME
+PASSWORD = Config.BASIC_AUTH_PASSWORD
+
+def require_auth(f):
+    @wraps(f)
+    def decorated(*args, **kwargs):
+        auth = request.headers.get('Authorization')
+        if not auth or not check_auth(auth):
+            return jsonify({"message": "Invalid request"}), 401
+        return f(*args, **kwargs)
+    return decorated
+
+def check_auth(auth_header):
+    if not auth_header:
+        return False
+    try:
+        auth_type, credentials = auth_header.split()
+        if auth_type.lower() != "basic":
+            return False
+
+        decoded_credentials = base64.b64decode(credentials).decode("utf-8")
+        user, pwd = decoded_credentials.split(":", 1)
+        return user == USERNAME and pwd == PASSWORD
+    except Exception:
+        return False

app/api/middlewares/cors.py

@@ -0,0 +1,7 @@
+from flask import request, jsonify
+
+
+def enforce_json():
+    """Middleware to enforce JSON Content-Type for incoming requests"""
+    if request.method in ["POST", "PUT", "PATCH"] and request.content_type != "application/json":
+        return jsonify({"message": "Invalid request"}), 400

app/api/middlewares/verify_api_key.py

@@ -0,0 +1,25 @@
+from functools import wraps
+from flask import request, jsonify
+from app.utils.logger import logger
+from app.config import Config
+
+# Load valid API key from environment variables (fallback for testing)
+VALID_API_KEY = Config.VALID_API_KEY
+
+def require_api_key(f):
+    """Decorator to enforce API key authentication."""
+    @wraps(f)
+    def decorated_function(*args, **kwargs):
+        api_key = request.headers.get("X-API-KEY")
+
+        if not api_key:
+            logger.error("Unauthorized access: Missing API key.")
+            return jsonify({"message": "Invalid request"}), 400
+
+        if api_key != VALID_API_KEY:
+            logger.error("Unauthorized access: Invalid API key.")
+            return jsonify({"message": "Invalid request"}), 400
+
+        return f(*args, **kwargs)
+
+    return decorated_function