check for api key, getLogin() returns user object if is already exists

restapi/index.php

@@ -20,6 +20,18 @@ if(USE_PHP_SESSION) {
         exit;
     $dms->setUser($userobj);
 } else {
+    $headers = apache_request_headers();
+    if(isset($headers['Authorization'])) {
+        if($apikey = $dms->getApiKeyByApiKey($headers['Authorization'])) {
+            if(!($userobj = $apikey->getUser())) {
+                http_response_code(403);
+                exit;
+            }
+        } else {
+            http_response_code(403);
+            exit;
+        }
+    } else {
     require_once("../inc/inc.ClassSession.php");
     $session = new SeedDMS_Session($db);
     if (isset($_COOKIE["mydms_session"])) {
@@ -50,6 +62,7 @@ if(USE_PHP_SESSION) {
         }
         $dms->setUser($userobj);
     }
+    }
 }
 
 require "vendor/autoload.php";
@@ -159,6 +172,9 @@ function doLogin($request, $response) { /* {{{ */
     $username = $params['user'];
     $password = $params['pass'];
 
+    if($userobj)
+        return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>__getUserData($userobj)), 200);
+
 //    $userobj = $dms->getUserByLogin($username);
     $userobj = null;