Initial commit.

marietje/playerapi/decorators.py

@@ -0,0 +1,15 @@
+from django.contrib.auth.hashers import check_password
+from django.shortcuts import get_object_or_404
+from django.http import HttpResponseForbidden
+
+from queues.models import Queue
+
+
+def token_required(function):
+    def _dec(request):
+        queue = get_object_or_404(Queue, id=request.POST.get('queue'))
+        if not check_password(request.POST.get('player_token'), queue.player_token):
+            return HttpResponseForbidden()
+        return function(request)
+
+    return _dec