digifi-BankEmulator/app/middlewares/app_id_checker.py

from functools import wraps
from flask import request, jsonify
from app.utils.logger import logger
import os

# Load valid App-IDs from environment variables (comma-separated list)
VALID_APP_ID = os.getenv("VALID_APP_ID", "app1,app2,app3").split(",")

def require_app_id(f):
    """Decorator to enforce App-ID validation."""
    @wraps(f)
    def decorated_function(*args, **kwargs):
        app_id = request.headers.get("App-ID")

        if not app_id:
            logger.error("Unauthorized access: Missing App-ID.")
            return jsonify({"message": "Invalid request parameters"}), 400


        if app_id not in VALID_APP_ID:
            logger.error(f"Unauthorized access: Invalid App-ID {app_id}.")
            return jsonify({"message": "Invalid request parameters"}), 400

        return f(*args, **kwargs)

    return decorated_function