GET /images/uuid.filetype
 -> returns the image with the correct filetype - uuid.png would return the image in png format, etc

GET /images/by-user {user: "username"}
 -> gets all of the images made by {user}, if you are {user}, unless you have admin.

POST /images/create {image: "image data"}
 -> returns the uuid of the image, which it saves to the folder and database

DELETE /images/uuid
 -> if you're the owner of the image or an admin, deletes the image. returns basic success/faliure

images are stored in /images/uuid.png. Image::get_by_uuid(uuid) just gets the image from the folder, verifies that it is an image, and returns it. Image::get_by_username(username) gets all database images from the database and returns the uuids. the client is responsible for getting the images.