Merge pull request #61 from GangGreenTemperTatum/ganggreentempertatum…

…/FilterAuthenticatedNonBearerTokens-bambda

feat: Bambda to filter authorization values not equal to jwt bearer

Proxy/HTTP/FilterAuthenticatedNonBearerTokens.bambda

@@ -0,0 +1,38 @@
+/**
+ * Filter when an Authorization header is present, not empty and does not include a traditional bearer token (beginning with "ey")
+ *
+ * @author GangGreenTemperTatum (https://github.com/GangGreenTemperTatum)
+ **/
+
+var configInScopeOnly = true; // If set to true, won't show out-of-scope items
+var sessionCookieName = ""; // If given, will look for a cookie with that name.
+var sessionCookieValue = ""; // If given, will check if cookie with sessionCookieName has this value.
+
+var request = requestResponse.request();
+var response = requestResponse.response();
+
+if (configInScopeOnly && !request.isInScope()) {
+    return false;
+}
+
+if (!requestResponse.hasResponse() || !response.isStatusCodeClass(StatusCodeClass.CLASS_2XX_SUCCESS)) {
+    return false;
+}
+
+var hasAuthHeader = request.hasHeader("Authorization");
+var authHeaderValue = hasAuthHeader ? String.valueOf(request.headerValue("Authorization")).toLowerCase() : null;
+
+if (!hasAuthHeader || (authHeaderValue == null || authHeaderValue.isEmpty())) {
+    return false;
+}
+
+var excludeAuthorization =
+    authHeaderValue.contains("bearer") &&
+    authHeaderValue.contains("ey");
+
+var sessionCookie = request.headerValue("Cookie") != null &&
+    !sessionCookieName.isEmpty() &&
+    request.hasParameter(sessionCookieName, HttpParameterType.COOKIE) &&
+    (sessionCookieValue.isEmpty() || sessionCookieValue.equals(String.valueOf(request.parameter(sessionCookieName, HttpParameterType.COOKIE).value())));
+
+return !excludeAuthorization || sessionCookie;