from django.contrib.auth.hashers import check_password
from django.shortcuts import get_object_or_404
from django.http import HttpResponseForbidden

from queues.models import Queue


def token_required(function):
    def _dec(request):
        queue = get_object_or_404(Queue, id=request.POST.get("queue"))
        if not check_password(request.POST.get("player_token"), queue.player_token):
            return HttpResponseForbidden()
        return function(request)

    return _dec