from aiohttp import web

DEFAULT_APP_TOKEN = "supersecureapptoken"

@web.middleware
async def app_token_middleware(request, handler):
    """Middleware to enforce token authentication for /app."""
    if request.path.startswith("/app"):
        token = request.headers.get("App-Token")
        if token != DEFAULT_APP_TOKEN:
            raise web.HTTPUnauthorized(reason="Invalid or missing App-Token")
    return await handler(request)