fix(contorller): env corrections on where to look for the file when running

app/src/pkg/middleware/restrictToHosts.ts

@@ -0,0 +1,30 @@
+import type { Request, Response, NextFunction } from "express";
+
+/**
+ * Middleware to restrict access only to localhost or a whitelist of hosts.
+ */
+export function restrictToHosts(allowedHosts: string[] = []) {
+    return (req: Request, res: Response, next: NextFunction) => {
+        // `req.ip` gives the remote IP
+        const ip = req.ip!.replace("::ffff:", ""); // strip IPv6 prefix if present
+
+        // Express sets req.hostname from the Host header
+        const hostname = req.hostname;
+
+        const isLocal =
+            ip === "127.0.0.1" || ip === "::1" || hostname === "localhost";
+
+        const isAllowed =
+            isLocal ||
+            allowedHosts.includes(ip) ||
+            allowedHosts.includes(hostname);
+
+        if (!isAllowed) {
+            return res
+                .status(403)
+                .json({ error: "Access not allowed from this host" });
+        }
+
+        next();
+    };
+}