diff --git a/src/main.rs b/src/main.rs
index 6df4299..ed8cb38 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -174,7 +174,10 @@ async fn main() {
                 routes::posts::create,
             ],
         )
-        .mount("/api", routes![routes::users::api_perms])
+        .mount(
+            "/api",
+            routes![routes::users::api_perms, routes::posts::get_post],
+        )
         .mount("/css", FileServer::from("/srv/web/css"))
         .register("/", catchers![default_catcher])
         .launch()
diff --git a/src/routes/images.rs b/src/routes/images.rs
index 6f0e2d1..bd339b2 100644
--- a/src/routes/images.rs
+++ b/src/routes/images.rs
@@ -181,24 +181,35 @@ pub async fn get_images_by_username(
     mut db: Connection<Db>,
     cookies: &CookieJar<'_>,
     username: String,
-) -> Result<Json<Vec<String>>, String> {
-    let token = cookies.get_private("token");
-    match token {
-        Some(t) => match User::get_by_token(&mut db, t).await {
-            Some(user) => match user.admin || user.username == username {
-                true => match Image::get_by_username(&mut db, &username).await {
-                    Ok(images) => Ok(Json::from(
+) -> status::Custom<Result<Json<Vec<String>>, String>> {
+    match User::login_status(&mut db, cookies).await {
+        LoginStatus::LoggedIn(user) => match user.admin || user.username == username {
+            true => match Image::get_by_username(&mut db, &username).await {
+                Ok(images) => status::Custom(
+                    Status::Ok,
+                    Ok(Json::from(
                         images.into_iter().map(|i| i.uuid).collect::<Vec<String>>(),
                     )),
-                    Err(why) => {
-                        eprintln!("{why:?}");
-                        Err("Couldn't get that user's images".to_string())
-                    }
-                },
-                false => Err("You don't have permission to do this".to_string()),
+                ),
+                Err(why) => {
+                    eprintln!("{why:?}");
+                    status::Custom(
+                        Status::NotFound,
+                        Err("Couldn't get that user's images".to_string()),
+                    )
+                }
             },
-            None => Err("Invalid login token".to_string()),
+            false => status::Custom(
+                Status::Unauthorized,
+                Err("You don't have permission to do this".to_string()),
+            ),
         },
-        None => Err("Not logged in".to_string()),
+        LoginStatus::InvalidToken => status::Custom(
+            Status::Unauthorized,
+            Err("Invalid login token.".to_string()),
+        ),
+        LoginStatus::NotLoggedIn => {
+            status::Custom(Status::Unauthorized, Err("Not logged in.".to_string()))
+        }
     }
 }
diff --git a/src/routes/posts.rs b/src/routes/posts.rs
index 1c17664..2ed7141 100644
--- a/src/routes/posts.rs
+++ b/src/routes/posts.rs
@@ -12,12 +12,13 @@ use crate::tables::posts::Post;
 use crate::tables::{users::LoginStatus, users::User, Db};
 use rocket::http::CookieJar;
 use rocket::http::Status;
-use rocket::post;
 use rocket::response::status;
 use rocket::serde::json::Json;
 use rocket::serde::Deserialize;
+use rocket::{get, post};
 use rocket_db_pools::Connection;
 use uuid::Uuid;
+use rocket::serde::Serialize;
 
 #[derive(Deserialize)]
 #[serde(crate = "rocket::serde")]
@@ -80,3 +81,22 @@ pub async fn create(
         }
     }
 }
+#[derive(Serialize)]
+#[serde(crate = "rocket::serde")]
+pub struct ApiPost {
+    title: String,
+    author: String,
+    text_id: String,
+    body: String,
+    timestamp: String,
+    uuid: String,
+    published: bool
+}
+
+#[get("/posts/<id>")]
+pub async fn get_post(mut db: Connection<Db>, id: String) -> status::Custom<Result<Json<ApiPost>, String>> {
+    // get post by uuid
+    // if none, get post by text id
+    // if none, return none
+    status::Custom(Status::NotImplemented, Err("Not implemented yet.".to_string()))
+}