create suspicious request detector and policy, add request to policy engine

passbook/core/policies.py

@@ -2,12 +2,22 @@
 from logging import getLogger
 
 from celery import group
+from django.http import HttpRequest
 
 from passbook.core.celery import CELERY_APP
 from passbook.core.models import Policy, User
 
 LOGGER = getLogger(__name__)
 
+
+def get_remote_ip(request: HttpRequest) -> str:
+    """Return the remote's IP"""
+    if not request:
+        return '0.0.0.0'  # nosec
+    if request.META.get('HTTP_X_FORWARDED_FOR'):
+        return request.META.get('HTTP_X_FORWARDED_FOR')
+    return request.META.get('REMOTE_ADDR')
+
 @CELERY_APP.task()
 def _policy_engine_task(user_pk, policy_pk, **kwargs):
     """Task wrapper to run policy checking"""
@@ -33,18 +43,33 @@ class PolicyEngine:
 
     policies = None
     _group = None
+    _request = None
+    _user = None
 
     def __init__(self, policies):
         self.policies = policies
+        self._request = None
+        self._user = None
 
     def for_user(self, user):
         """Check policies for user"""
+        self._user = user
+        return self
+
+    def with_request(self, request):
+        """Set request"""
+        self._request = request
+        return self
+
+    def build(self):
+        """Build task group"""
         signatures = []
         kwargs = {
-            '__password__': getattr(user, '__password__', None)
+            '__password__': getattr(self._user, '__password__', None),
+            'remote_ip': get_remote_ip(self._request)
         }
         for policy in self.policies:
-            signatures.append(_policy_engine_task.s(user.pk, policy.pk.hex, **kwargs))
+            signatures.append(_policy_engine_task.s(self._user.pk, policy.pk.hex, **kwargs))
         self._group = group(signatures)()
         return self