Create middleware API authentication

Basically, the client should never have access to the hashed password.

Instead, an apipassword should be hashed(on registration), and be used for auth. 

Currently, the api.check middleware function will always auth true.
