feat: add Body scope to ApisixRoute match expressions for request body matching

AlinsRan · AlinsRan · commit 3f1f3f0eb40c · 2026-05-09T13:54:07.000+08:00
Add ScopeBody to ApisixRouteHTTPMatchExprSubject.Scope, which maps to APISIX's post_arg.* variable. This supports request body matching for application/json, application/x-www-form-urlencoded, and multipart/form-data content types, and allows dot-notation JSON path expressions such as 'model.version' and 'messages[*].role'. Closes #399
diff --git a/api/v2/apisixroute_types.go b/api/v2/apisixroute_types.go
@@ -310,8 +310,10 @@ func (exprs ApisixRouteHTTPMatchExprs) ToVars() (result adc.Vars, err error) {
 			subj = "uri"
 		case ScopeVariable:
 			subj = expr.Subject.Name
+		case ScopeBody:
+			subj = "post_arg." + expr.Subject.Name
 		default:
-			return result, errors.New("invalid http match expr: subject.scope should be one of [query, header, cookie, path, variable]")
+			return result, errors.New("invalid http match expr: subject.scope should be one of [query, header, cookie, path, variable, body]")
 		}
 		this.SliceVal = append(this.SliceVal, adc.StringOrSlice{StrVal: subj})
 
@@ -411,8 +413,12 @@ type ApisixRouteAuthenticationLDAPAuth struct {
 
 // ApisixRouteHTTPMatchExprSubject describes the subject of a route matching expression.
 type ApisixRouteHTTPMatchExprSubject struct {
-	// Scope specifies the subject scope and can be `Header`, `Query`, or `Path`.
+	// Scope specifies the subject scope.
+	// Supported values: `Header`, `Query`, `Path`, `Cookie`, `Variable`, `Body`.
 	// When Scope is `Path`, Name will be ignored.
+	// When Scope is `Body`, Name supports dot-notation JSON path (e.g., "model.version",
+	// "messages[*].role") and maps to APISIX's post_arg.* variable, which works with
+	// application/json, application/x-www-form-urlencoded, and multipart/form-data.
 	Scope string `json:"scope" yaml:"scope"`
 	// Name is the name of the header or query parameter.
 	Name string `json:"name" yaml:"name"`
diff --git a/api/v2/apisixroute_types_test.go b/api/v2/apisixroute_types_test.go
@@ -0,0 +1,87 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+
+package v2
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func strPtr(s string) *string { return &s }
+
+func TestToVars_ScopeBody_SimpleField(t *testing.T) {
+	exprs := ApisixRouteHTTPMatchExprs{
+		{
+			Subject: ApisixRouteHTTPMatchExprSubject{
+				Scope: ScopeBody,
+				Name:  "action",
+			},
+			Op:    OpEqual,
+			Value: strPtr("login"),
+		},
+	}
+
+	vars, err := exprs.ToVars()
+	require.NoError(t, err)
+	require.Len(t, vars, 1)
+
+	// vars[0] is []StringOrSlice: [subject, op, value]
+	// Should map to post_arg.action
+	assert.Equal(t, "post_arg.action", vars[0][0].StrVal)
+	assert.Equal(t, "==", vars[0][1].StrVal)
+	assert.Equal(t, "login", vars[0][2].StrVal)
+}
+
+func TestToVars_ScopeBody_NestedJSONPath(t *testing.T) {
+	exprs := ApisixRouteHTTPMatchExprs{
+		{
+			Subject: ApisixRouteHTTPMatchExprSubject{
+				Scope: ScopeBody,
+				Name:  "model.version",
+			},
+			Op:    OpEqual,
+			Value: strPtr("gpt-4"),
+		},
+	}
+
+	vars, err := exprs.ToVars()
+	require.NoError(t, err)
+	require.Len(t, vars, 1)
+
+	// Should map to post_arg.model.version (dot-notation passthrough)
+	assert.Equal(t, "post_arg.model.version", vars[0][0].StrVal)
+}
+
+func TestToVars_ScopeBody_EmptyName_ReturnsError(t *testing.T) {
+	exprs := ApisixRouteHTTPMatchExprs{
+		{
+			Subject: ApisixRouteHTTPMatchExprSubject{
+				Scope: ScopeBody,
+				Name:  "",
+			},
+			Op:    OpEqual,
+			Value: strPtr("login"),
+		},
+	}
+
+	_, err := exprs.ToVars()
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "empty subject.name")
+}
diff --git a/api/v2/shared_types.go b/api/v2/shared_types.go
@@ -86,6 +86,11 @@ const (
 	ScopeCookie = "Cookie"
 	// ScopeVariable means the route match expression subject is in variable.
 	ScopeVariable = "Variable"
+	// ScopeBody means the route match expression subject is in the request body.
+	// Name supports dot-notation JSON path (e.g., "model.version", "messages[*].role"),
+	// and maps to APISIX's post_arg.* variable, which supports application/json,
+	// application/x-www-form-urlencoded, and multipart/form-data content types.
+	ScopeBody = "Body"
 )
 
 const (
