Current user endpoint

Getting current user is a common issue in JSON API frameworks. It is not possible to use any build-in CRUD endpoint to fetch current user data because we need to make a request to get single item operation which requires identifier in the URL. But we do not know the identifier of current user before request is done.

T3api resolves that issue using custom operation handlers. Firstly let’s register an endpoint as we do for any CRUD operation.

typo3conf/ext/users/Classes/Domain/Model/User.php
declare(strict_types=1);

namespace Vendor\Users\Domain\Model;

use SourceBroker\T3api\Annotation as T3api;

/**
 * @T3api\ApiResource (
 *     itemOperations={
 *          "get_current"={
 *              "path"="/users/current",
 *          },
 *     }
 * )
 */
class User extends \TYPO3\CMS\Extbase\Domain\Model\FrontendUser
{
}

Now let’s register our operation handler inside ext_localconf.php and create a handler class. Here you can read more about implementing your own operation handlers.

typo3conf/ext/users/ext_localconf.php
$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['t3api']['operationHandlers'][\Vendor\Users\OperationHandler\GetCurrentUserOperationHandler::class] = 500;
typo3conf/ext/users/Classes/OperationHandler/GetCurrentUserOperationHandler.php
declare(strict_types=1);

namespace Vendor\Users\OperationHandler;

use Vendor\Users\Domain\Model\User;
use Psr\Http\Message\ResponseInterface;
use SourceBroker\T3api\Domain\Model\OperationInterface;
use SourceBroker\T3api\OperationHandler\ItemGetOperationHandler;
use Symfony\Component\HttpFoundation\Request;
use TYPO3\CMS\Extbase\DomainObject\AbstractDomainObject;

class GetCurrentUserOperationHandler extends ItemGetOperationHandler
{
    public static function supports(OperationInterface $operation, Request $request): bool
    {
        return $operation->getApiResource()->getEntity() === User::class && $operation->getKey() === 'get_current';
    }

    public function handle(
        OperationInterface $operation,
        Request $request,
        array $route,
        ?ResponseInterface &$response
    ): AbstractDomainObject {
        if (empty($GLOBALS['TSFE']->fe_user->user['uid'])) {
            throw new \RuntimeException('Unknown current user ID. Are you logged in?', 1592570206680);
        }

        $route['id'] = $GLOBALS['TSFE']->fe_user->user['uid'];

        return parent::handle($operation, $request, $route, $response);
    }
}

And that’s it! Request to URL /users/current will return current user data depending on properties, getters and serialization configuration for Vendor\Users\Domain\Model\User. Current user will be authorized in exactly the same way as it is authorized on normal request to TYPO3 page (using cookie by default). If request is done by not logged in user exception Unknown current user ID. Are you logged in? will be thrown.