From 8d0e8634f7c0ed9603556fc598d2a47d177043e6 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Tue, 16 Jun 2020 12:08:08 +0200
Subject: [PATCH] check for api key, getLogin() returns user object if is
 already exists

---
 restapi/index.php | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/restapi/index.php b/restapi/index.php
index 01cdf96ef..9edf3ee95 100644
--- a/restapi/index.php
+++ b/restapi/index.php
@@ -20,6 +20,18 @@ if(USE_PHP_SESSION) {
         exit;
     $dms->setUser($userobj);
 } else {
+    $headers = apache_request_headers();
+    if(isset($headers['Authorization'])) {
+        if($apikey = $dms->getApiKeyByApiKey($headers['Authorization'])) {
+            if(!($userobj = $apikey->getUser())) {
+                http_response_code(403);
+                exit;
+            }
+        } else {
+            http_response_code(403);
+            exit;
+        }
+    } else {
     require_once("../inc/inc.ClassSession.php");
     $session = new SeedDMS_Session($db);
     if (isset($_COOKIE["mydms_session"])) {
@@ -50,6 +62,7 @@ if(USE_PHP_SESSION) {
         }
         $dms->setUser($userobj);
     }
+    }
 }
 
 require "vendor/autoload.php";
@@ -159,6 +172,9 @@ function doLogin($request, $response) { /* {{{ */
     $username = $params['user'];
     $password = $params['pass'];
 
+    if($userobj)
+        return $response->withJson(array('success'=>true, 'message'=>'', 'data'=>__getUserData($userobj)), 200);
+
 //    $userobj = $dms->getUserByLogin($username);
     $userobj = null;