v1.apib

FORMAT: 1A
HOST: https://ghostmeme.api.hscc.bdpa.org/v1

# Ghostmeme API

> We're looking for feedback! If you have any opinions or ideas,
> [start a discussion](https://github.com/nhscc/problem-statements/discussions/new).

Based on [simple REST
principles](https://restfulapi.net),
the Ghostmeme API returns JSON data responses to requests. This is the API used
by teams and their apps for the 2021 BDPA National High School Computer
Competition. It holds all of the meme data teams' apps must interact with. The API
is live and will ideally remain online indefinitely.

The base address of Ghostmeme API is https://ghostmeme.api.hscc.bdpa.org/V where
`V` is the major version of the API you want to use. There is currently only one
major version, so `V = v1`. Each version of the API provides a set of endpoints
with their own unique paths and requirements.

[The source code behind the API is available on
GitHub](https://github.com/nhscc/ghostmeme.api.hscc.bdpa.org). If you have any
trouble, [open an issue
there](https://github.com/nhscc/ghostmeme.api.hscc.bdpa.org/issues/new) or
[start a
discussion](https://github.com/nhscc/problem-statements/discussions/new).

## Requesting a Key

To access the majority of this API's endpoints requires a key. If your team
needs a key, or to replace a lost or stolen key, please contact NHSCC
staff through Slack or [open an issue on
GitHub](https://github.com/nhscc/ghostmeme.api.hscc.bdpa.org).

When you get your key, include it in your requests' header as `key:
your-special-api-key-here` and you will be immediately authenticated into the
system.

## Rules of API Access

1. Do not bombard the API with requests or you risk permanent IP/subnet ban.
   **Limit your apps to no more than 10 requests per second per API key**. If
   your app ends up sending too many requests over some time period, you'll get
   a `HTTP 429` response along with a monotonically increasing soft ban
   (starting at 15 minutes). Similarly, the size of requests is strictly
   limited, so you must limit the amount of data you're sending. When you send a
   request that is too large (>10MB), it will fail with a `HTTP 413` response.

2. **Do not reveal your API key to anyone** not on your own team. It is how the
   API identifies your team. Do not upload it to GitHub or leave it lying around
   in your source code. Save it to a file and `.gitignore` it or save it to an
   environment variable.

3. Since the API is live, you might be able to see or interact
   with content posted by other teams. If this is the case, please do not post
   anything inappropriate.

4. If you have a relevant feature request or you encounter any vulnerabilities,
   errors, or other issues, don't hesitate to contact NHSCC staff via Slack or
   [open an issue on
   GitHub](https://github.com/nhscc/ghostmeme.api.hscc.bdpa.org). For significant
   enough finds, bonus points may be awarded. On the other hand, abusing any
   vulnerability or bug may result in disqualification.

5. **The API was built to randomly return errors every so often**. That means
   your app must be prepared to deal with `HTTP 555` and other bad responses.
   However, if you're consistently getting `HTTP 5xx` errors back to back, then
   something is wrong. Please report this if it happens.

6. All responses are raw JSON. All request payloads must be sent as raw JSON.
   `JSON.stringify()` and `JSON.parse()` or whatever language equivalent is
   available to you is your friend!

## Request Methods

This API is based on [simple REST
principles](https://restfulapi.net).
Resources are accessed via standard HTTPS requests in UTF-8 format to an API
endpoint. This API understands the following HTTP request methods:

| METHOD | MEANING |
|-----   |-----    |
| GET    | Return data about something |
| POST   | Create something new        |
| PUT    | Modify something            |
| DELETE | Delete something            |

## Rate Limits

As said earlier, do not bombard the API with requests. If you do, the API will
soft ban you for fifteen minutes the first time before accepting requests from
your API key or IP address again. Each following time this happens within a
certain period, your ban time will quadruple.

So **limit your apps to no more than 10 requests per second per API key**. You
know you've been soft banned if you receive an `HTTP 429` response. Check the
JSON response for the `retryAfter` key, which represents for how long your API
key and/or IP are banned from making further requests (in milliseconds).

## Pagination

Endpoints that might return a lot of data are paginated (via [range
queries](https://en.wikipedia.org/wiki/Range_query_(database))). Such endpoints
optionally accept an `after` parameter, which is a *meme_id* that determines
which meme is returned first. That is: the first meme will be the first
*meme_id* in the database subsequent to the `after` *meme_id*. Omitting the
`after` parameter returns the first 100 memes in the system.

For example, given the following dataset and an API with a default result size
(or "page" size) of 3:

```JavaScript
[
    { item_id: 0xabc123, name: 'Item 1 name' },
    { item_id: 0xabc124, name: 'Item 2 name' },
    { item_id: 0xabc125, name: 'Item 3 name' },
    { item_id: 0xabc126, name: 'Item 4 name' },
    { item_id: 0xabc127, name: 'Item 5 name' },
]
```

Suppose we issued the following requests to an API:

`/api?after=0xabc123`: responds with an array of 3 items: *0xabc124* through *0xabc126*<br/>
`/api?after=0xabcXYZ`: responds with an array of 0 items since `item_id` *0xabcXYZ* doesn't exist<br/>
`/api?after=0xabc124`: responds with an array of 3 items: *0xabc125* through *0xabc127*<br/>
`/api?after=0xabc127`: responds with an array of 0 items since there is nothing after *0xabc127*<br/>
`/api?after=0xabc125`: responds with an array of 2 items: *0xabc126* and *0xabc127*<br/>

## Status Codes

This API will issue responses with one of the following status codes:

| STATUS | MEANING |
|-----   |-----    |
| 200    | Your request completed successfully. |
| 400    | Your request was malformed or otherwise bad. Check the requirements. |
| 401    | Session is not authenticated. Put your API key in the header! |
| 403    | Session is not authorized. You tried to do something you can't do. |
| 404    | The resource (or endpoint) was not found. Check your syntax. |
| 405    | Bad method. The endpoint does not support your request's method. |
| 413    | Your request was too large and was dropped. Max body size is 10MB. |
| 429    | You've been rate limited. Try your request again after a few minutes. |
| 4xx    | Your request was malformed in some way. |
| 5xx    | Something happened on the server that is outside your control. |

## Response Schema

All responses issued by the API will follow one of the two following schemas.

### Success Schema

When a request you've issued succeeds, the response will look like the
following:

```json
{
    "success": "true",
    // any other data you requested
}
```

Note that all time data is represented as the number of milliseconds elapsed
since January 1, 1970 00:00:00 UTC, or the same thing that is returned by
JavaScript's `Date.now()` method.

### Error Schema

When a request you've issued fails, along with the non-200 status code, the
response will look like the following:

```json
{
    "error": "an error message describing what went wrong",
    // any other relevant data (like retryAfter)
}
```

## CORS Support

The API has full support for Cross Origin Resource Sharing (CORS) for AJAX requests.

## Tips for Debugging

- Are you using the right method?
- Use this documentation (click "see example," then click "Try console") or use [Postman](https://www.postman.com/downloads) to play with the API.
- Expect a raw JSON response body that you must parse manually, not raw text or something else.
- Are you sending properly formatted JSON payloads in your request body when necessary?
- Try outputting to stdout, use `console.log`, or output to some log file when API requests are made and responses received.
- All time data is represented as [the number of milliseconds elapsed since January 1, 1970 00:00:00 UTC](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/now).
- Are you sending the correct headers? You need to specify the `key: your-special-api-key-here` header for all requests and the `'content-type': 'application/json'` header when making POST and PUT requests.
- Are you [encoding your URI components](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent) properly, especially when you're trying to send the API [JSON objects](https://developer.mozilla.org/en-US/docs/Learn/JavaScript/Objects/JSON) via [GET request](https://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol#Request_methods)?

## Globally Unique IDs

To retrieve data about one or more memes or users or other unique items, you
must know that item's `<item>_id`. These and other IDs are globally unique
within the API. That is: no two items will ever have the same ID in any
instance. Use this fact to your advantage.

## Metadata Endpoints [/info]

These endpoints deal with summary metadata about the system.

- [/info (GET)](#/reference/0/metadata-endpoints/info-get)

### /info (GET) [GET /info]

Returns summary system metadata.

+ Request

    + Headers

            key: your-special-api-key-here
            content-type: application/json

+ Response 200 (application/json)
See an example

    + Attributes (object)
        + success (boolean) - If the request succeeded. Always `true` when status code is 200 and `false` or `undefined` otherwise.
        + totalMemes (number) - Total number of memes in the system.
        + totalUsers (number) - Total number of users in the system.

    + Body

            {
                "totalMemes": 115,
                "totalUsers": 42,
                "success": true
            }

## Meme Endpoints [/memes]

These endpoints deal with [CRUD operations](https://nordicapis.com/crud-vs-rest-whats-the-difference) on one or more memes.

- [/memes (GET)](#/reference/0/meme-endpoints/memes-get)
- [/memes (POST)](#/reference/0/meme-endpoints/memes-post)
- [/memes/:meme_id1/:meme_id2/.../:meme_idN (GET)](#/reference/0/meme-endpoints/memes-meme-id-1-meme-id-2-meme-id-n-get)
- [/memes/:meme_id1/:meme_id2/.../:meme_idN (PUT)](#/reference/0/meme-endpoints/memes-meme-id-1-meme-id-2-meme-id-n-put)
- [/memes/:meme_id/likes (GET)](#/reference/0/meme-endpoints/memes-meme-id-likes-get)
- [/memes/:meme_id/likes/:user_id (GET)](#/reference/0/meme-endpoints/memes-meme-id-likes-user-id-get)
- [/memes/:meme_id/likes/:user_id (DELETE)](#/reference/0/meme-endpoints/memes-meme-id-likes-user-id-delete)
- [/memes/:meme_id/likes/:user_id (PUT)](#/reference/0/meme-endpoints/memes-meme-id-likes-user-id-put)
- [/memes/search (GET)](#/reference/0/meme-endpoints/memes-search-get)

### /memes (GET) [GET /memes{?after}]

Returns all memes in the system in chronological order beginning with the most recent.

+ Parameters
    + after (optional, meme_id) - <span style="color: gray">[optional]</span> Return only those memes that occur *after* `meme_id` in the result list.

+ Request

    + Headers

            key: your-special-api-key-here
            content-type: application/json

+ Response 200 (application/json)
See an example

    + Attributes (object)
        + success (boolean) - If the request succeeded. Always `true` when status code is 200 and `false` or `undefined` otherwise.
        + memes (array[Meme]) - An array of meme objects. Empty if there are no memes left to show.

    + Body

            {
                "success": true,
                "memes": [
                    {
                        "meme_id": "5ec8adf06e38137ff2e58998",
                        "owner": "5ec8adf06e38137ff2e58770",
                        "receiver": null,
                        "createdAt": 1621893619835,
                        "expiredAt": 1621894785097,
                        "description": "No memes here, just a cool logo!",
                        "likes": 0,
                        "private": false,
                        "replyTo": null,
                        "imageUrl": "https://bdpa.org/wp-content/uploads/2020/07/bdpa_logo_medium.png"
                    },
                    {
                        "meme_id": "5ec8adf06e38137ff2e58998",
                        "owner": "5ec8adf06e38137ff2e58770",
                        "receiver": null,
                        "createdAt": 1621893619835,
                        "expiredAt": 1621894785097,
                        "description": null,
                        "likes": 0,
                        "private": false,
                        "replyTo": null,
                        "imageUrl": "https://media1.tenor.com/images/d591623c9a16e971268f60e375aa82de/tenor.gif"
                    },
                    {
                        "meme_id": "5ec8adf06e38137f651f654",
                        "owner": "5ec8adf06e381370306e8178",
                        "receiver": "5ec8adf06e38137ff2e58770",
                        "createdAt": 1621893619835,
                        "expiredAt": 1621894785097,
                        "description": "Rule of cool #1: the best memes are just text",
                        "likes": 0,
                        "private": false,
                        "replyTo": null,
                        "imageUrl": null
                    }
                ]
            }

### /memes (POST) [POST /memes]

Creates a new meme object.

> Notice: due to financial constraints, the oldest memes in the system will be dropped from the API to make room for the new. That is: `meme_id`s are not guaranteed to exist forever.

+ Request

    + Headers

            key: your-special-api-key-here
            content-type: application/json

    + Attributes
        + owner: `5ec8adf06e38137ff2e58770` (string) - The `user_id` of the user that uploaded this meme.
        + receiver (string, nullable) - The `user_id` of a non-owner user authorized to access this meme or `null`.
        + expiredAt: `1579489874164` (number) - When this meme expired (or will expire) [in milliseconds since the unix epoch](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/now).
        + description (string, nullable) - Additional data associated with this meme or `null`.
        + private (boolean) - `true` if this meme is private or `false` otherwise.
        + replyTo: `5ec8adf06e38137ff2e58769` (string, nullable) - The `meme_id` of the meme to which this meme is responding or `null` if it is not a reply.
        + imageUrl (string, nullable) - The HTTP url of a PNG, JPEG, or GIF image file or `null` if there is no image.
        + imageBase64: `"data:image/jpeg;base64,/9j/4AAQ"` (string, nullable) - A valid [base64](https://en.wikipedia.org/wiki/Base64) [data uri](https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URIs) or `null`.

    + Body

            {
                "owner": "5ec8adf06e38137ff2e58770",
                "receiver": null,
                "expiredAt": 621894785097,
                "description": null,
                "private": false,
                "replyTo": null,
                "imageUrl": "https://media1.tenor.com/images/d591623c9a16e971268f60e375aa82de/tenor.gif",
                "imageBase64": null
            }

+ Response 200 (application/json)
See an example

    + Attributes (object)
        + success (boolean) - If the request succeeded. Always `true` when status code is 200 and `false` or `undefined` otherwise.
        + meme (Meme) - The newly created meme object.

    + Body

            {
                "success": true,
                "meme": {
                    "meme_id": "5ec8adf06e38137ff2e58555",
                    "owner": "5ec8adf06e38137ff2e58770",
                    "receiver": null,
                    "createdAt": 1621893619835,
                    "expiredAt": 1621894785097,
                    "description": null,
                    "likes": 0,
                    "private": false,
                    "replyTo": null,
                    "imageUrl": "https://media1.tenor.com/images/d591623c9a16e971268f60e375aa82de/tenor.gif"
                }
            }

### /memes/:meme_id1/:meme_id2/.../:meme_idN (GET) [GET /memes/{meme_id}]

Returns one or more memes identified by the `meme_id` parameter(s). You can pass multiple `meme_id`s to this endpoint, each separated by a `/`.

+ Parameters
    + `meme_id`: `5eee34b3ca37750008547371` (meme_id) - <span style="color: darkred">[required]</span> ID of the meme to return.

+ Request

    + Headers

            key: your-special-api-key-here
            content-type: application/json

+ Response 200 (application/json)
See an example

    + Attributes (object)
        + success (boolean) - If the request succeeded. Always `true` when status code is 200 and `false` or `undefined` otherwise.
        + memes (array[Meme]) - An array of meme objects.

    + Body

            {
                "success": true,
                "memes": [
                    {
                        "meme_id": "5ec8adf06e38137ff2e58998",
                        "owner": "5ec8adf06e38137ff2e58770",
                        "receiver": null,
                        "createdAt": 1621893619835,
                        "expiredAt": 1621894785097,
                        "description": "No memes here, just a cool logo!",
                        "likes": 0,
                        "private": false,
                        "replyTo": null,
                        "imageUrl": "https://bdpa.org/wp-content/uploads/2020/07/bdpa_logo_medium.png"
                    },
                    {
                        "meme_id": "5ec8adf06e38137ff2e58998",
                        "owner": "5ec8adf06e38137ff2e58770",
                        "receiver": null,
                        "createdAt": 1621893619835,
                        "expiredAt": 1621894785097,
                        "description": null,
                        "likes": 0,
                        "private": false,
                        "replyTo": null,
                        "imageUrl": "https://media1.tenor.com/images/d591623c9a16e971268f60e375aa82de/tenor.gif"
                    }
                ]
            }

### /memes/:meme_id1/:meme_id2/.../:meme_idN (PUT) [PUT /memes/{meme_id}]

Sets the specified meme's `expiredAt` property. All the attributes listed below must be present in the request body.

You can also pass multiple `meme_id`s to this endpoint, each separated by a `/`.

+ Parameters
    + `meme_id`: `5eee34b3ca37750008547371` (meme_id) - <span style="color: darkred">[required]</span> ID of the meme to return.

+ Request

    + Headers

            key: your-special-api-key-here
            content-type: application/json

    + Attributes (object)
        + expiredAt: `1579489874164` (number) - When this meme expired (or will expire) [in milliseconds since the unix epoch](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/now) or `-1` if it should never expire.

    + Body

            {
                "expiredAt": 0
            }

+ Response 200 (application/json)
See an example

    + Attributes (object)
        + success (boolean) - If the request succeeded. Always `true` when status code is 200 and `false` or `undefined` otherwise.

    + Body

            {
                "success": true
            }

### /memes/:meme_id/likes (GET) [GET /memes/{meme_id}/likes{?after}]

Returns a list of `user_id`s that have liked a specific meme. If you're just looking for the _number_ of likes a meme has, use the [`GET /memes/:meme_id`](#/reference/0/meme-endpoints/memes-meme-id-1-meme-id-2-meme-id-n-get) endpoint instead.

+ Parameters
    + after (optional, user_id) - <span style="color: gray">[optional]</span> Return only those users that occur *after* `user_id` in the result list.
    + `meme_id`: `5eee34b3ca37750008547371` (meme_id) - <span style="color: darkred">[required]</span> ID of the specific meme.

+ Request

    + Headers

            key: your-special-api-key-here
            content-type: application/json

+ Response 200 (application/json)
See an example

    + Attributes (object)
        + success (boolean) - If the request succeeded. Always `true` when status code is 200 and `false` or `undefined` otherwise.
        + users (array[string]) - An array of `user_id`s. Empty if there are no users left to show.

    + Body

            {
                "success": true,
                "users": [
                    "5eee34b3ca37750008547372",
                    "5eee34b3ca37750008547373",
                    "5eee34b3ca37750008547374"
                ]
            }

### /memes/:meme_id/likes/:user_id (GET) [GET /memes/{meme_id}/likes/{user_id}]

Responds with a `200` status code if user `user_id` has liked `meme_id` or `404`
otherwise.

+ Parameters
    + `meme_id`: `5eee34b3ca37750008547371` (meme_id) - <span style="color: darkred">[required]</span> ID of the meme.
    + `user_id`: `5eee34b3ca37750008547372` (user_id) - <span style="color: darkred">[required]</span> ID of the user.

+ Request

    + Headers

            key: your-special-api-key-here
            content-type: application/json

+ Response 200 (application/json)
See an example

    + Attributes (object)
        + success (boolean) - If the request succeeded. Always `true` when status code is 200 and `false` or `undefined` otherwise.

    + Body

            {
                "success": true
            }

### /memes/:meme_id/likes/:user_id (DELETE) [DELETE /memes/{meme_id}/likes/{user_id}]

Removes a user's like from (or "unlike") a meme.

+ Parameters
    + `meme_id`: `5eee34b3ca37750008547371` (meme_id) - <span style="color: darkred">[required]</span> ID of the meme.
    + `user_id`: `5eee34b3ca37750008547372` (user_id) - <span style="color: darkred">[required]</span> ID of the user.

+ Request

    + Headers

            key: your-special-api-key-here
            content-type: application/json

+ Response 200 (application/json)
See an example

    + Attributes (object)
        + success (boolean) - If the request succeeded. Always `true` when status code is 200 and `false` or `undefined` otherwise.

    + Body

            {
                "success": true
            }

### /memes/:meme_id/likes/:user_id (PUT) [PUT /memes/{meme_id}/likes/{user_id}]

Adds a user's like to a meme.

+ Parameters
    + `meme_id`: `5eee34b3ca37750008547371` (meme_id) - <span style="color: darkred">[required]</span> ID of the meme.
    + `user_id`: `5eee34b3ca37750008547372` (user_id) - <span style="color: darkred">[required]</span> ID of the user.

+ Request

    + Headers

            key: your-special-api-key-here
            content-type: application/json

+ Response 200 (application/json)
See an example

    + Attributes (object)
        + success (boolean) - If the request succeeded. Always `true` when status code is 200 and `false` or `undefined` otherwise.

    + Body

            {
                "success": true
            }

### /memes/search (GET) [GET /memes/search{?after,match,regexMatch}]

This endpoint allows you to search through all memes in the system. Without any parameters, functionality is identical to [`GET /memes`](#/reference/0/meme-endpoints/memes-get).

Returns at most 100 results per query. Supports [range queries](https://en.wikipedia.org/wiki/Range_query_(database)) using `after`. The other available parameters are `match` and `regexMatch`, which let you filter which memes are returned via query matching.

Note that the values of `match` and `regexMatch` **must be [URI encoded](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent) [JSON objects](https://developer.mozilla.org/en-US/docs/Learn/JavaScript/Objects/JSON)**! If they aren't, you'll receive an error.

Examples:

Suppose you want to find all the memes belonging to a specific user. There are several ways this might be accomplished, _some more performant than others_. One way is by using this endpoint to perform a [brute-force search](https://en.wikipedia.org/wiki/Brute-force_search):

1. Come up with the JSON object to describe your query:

```JavaScript
let myQueryObject = { "owner": "5ec8adf06e38137ff2e58769" }
```

2. Stringify the JSON object and then URI encode it in whatever language you're using.

```JavaScript
let myQuery = encodeURIComponent(JSON.stringify(myQueryObject))
```

3. Add the stringified JSON to your request URL and send it

```JavaScript
let myURL = "https://ghostmeme.api.hscc.bdpa.org/v1/memes/search?match=" + myQuery

sendRequestToAPI(myURL)
```

You can also use `match` queries to search for memes where some numerical property is greater than or less than some threshold. For example:

```JavaScript
let myQueryObject = {
    "createdAt": {
        "$gt": (new Date('6/1/2021 3:00:00 PM PST')).getTime()
    }
}
```

This means _return all the memes that were created after 6/1/2021 3:00:00 PM PST_. Along with `"$gt"` for "greater than," there's also `"$gte"` for "greater than or equal to," `"$lt"` for "less than," and `"$lte"` for "less than or equal to". These operations can also be combined using `"$or"` (see example). If you've used MongoDB before, note that `"$or"` here works differently.

Note that any `match` filters are applied **in a case sensitive manner**, meaning `"hello world"` won't match `"Hello World"`, so watch out! If you want case-insensitive searching or you're an otherwise advanced programmer, you can use [regular expressions](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions) via `regexMatch`. Unlike `match`, `regexMatch` does not allow for less than/greater than queries.

You can also search by ID using `match` or `regexMatch`, using the `|` operator
to search for multiple IDs at once; e.g.: `{ "receiver":
"5f04f0607a927fab9cfbddfd|5f04f0607a927fab9cfbddfe" }`. Note that no regex
operators other than `|` can be used when searching by ID-related fields.
Searchable ID-related fields are: `owner`, `receiver`, `replyTo`. If instead
you want to get an item by its `meme_id` or `user_id`, use the appropriate
endpoint.

As an example: if you wanted to find _all memes from the past week_ (`match`) that are _owned by the users "luke" or "mary"_ (either `match` or `regexMatch`), were _created in reply to a specific meme owned by the user "ryan"_ (`match` again), and have a _description containing a word beginning with "bat"_ (`regexMatch`):

```JavaScript
const lukeUserId        = "5ec8adf06e38137ff2e58869"
const maryUserId        = "5ec8adf06e38137ff2e58870"
const ryanLatestMemeId  = "5ec8adf06e38137ff2e58888"

const lastWeek = new Date()
lastWeek.setDate((new Date()).getDate() - 7)

const myNormalQueryObject = {
    "createdAt": {
        "$gt": lastWeek.getTime()
    },
    "replyTo": ryanLatestMemeId,
    // We also need to filter out any ghost memes
    // (0 <= expiredAt < Date.now())
    "expiredAt": {
        // "$or" can only be used with the four numerical comparison
        // operators like so:
        "$or": [{ "$gte": Date.now() }, { "$lt": 0 }]
    }
}

const myRegexQueryObject = {
    "owner": `${lukeUserId}|${maryUserId}`,
    // Regex explained interactively: https://regex101.com/r/BJJTR8/1
    // Also: all the normal JS string escaping rules apply (i.e. \ becomes \\)
    "description": "(?<=^| )\\$(bat[a-z0-9]*)(?=\\b|$)"
}

const myNormalQuery = encodeURIComponent(JSON.stringify(myNormalQueryObject))
const myRegexQuery = encodeURIComponent(JSON.stringify(myRegexQueryObject))

const myURL = "https://ghostmeme.api.hscc.bdpa.org/v1/memes/search?match=" + myNormalQuery + "&regexMatch=" + myRegexQuery

sendRequestToAPI(myURL)
```

> Notice: when testing using this Apiary documentation, they are nice enough to handle the URI encode and JSON stringify steps for you! All you have to do is type in a proper JSON object for the request to succeed. You can even copy and paste the `myXQueryObject`s from the examples above directly into the Try Console! Try it out by clicking "See an example" and then "Try console".

+ Parameters
    + after (optional, meme_id) - <span style="color: gray">[optional]</span> Return only those memes that occur *after* `meme_id` in the result list.
    + match (optional, string) - <span style="color: gray">[optional]</span> A URI encoded JSON object describing the meme properties you're looking for. Case sensitive. Can also do greater than/less than queries as well. **If you're using the Apiary Try Console, you do not have to URI encode or stringify the JSON object, just type it in directly!**
    + regexMatch (optional, string) - <span style="color: gray">[optional]</span> A URI encoded JSON object describing the meme properties that you're looking for. Case-*insensitive* regular expressions can be used here. You **cannot** do greater than/less than queries and **all regexes must be strings** (no numbers). **If you're using the Apiary Try Console, you do not have to URI encode or stringify the JSON object, just type it in directly!**

+ Request

    + Headers

            key: your-special-api-key-here
            content-type: application/json

+ Response 200 (application/json)
See an example

    + Attributes (object)
        + success (boolean) - If the request succeeded. Always `true` when status code is 200 and `false` or `undefined` otherwise.
        + memes (array[Meme]) - An array of meme objects matching your query. Empty if there are no memes left to show or your query returned no results.

    + Body

            {
                "success": true,
                "memes": [
                    {
                        "meme_id": "5ec8adf06e38137ff2e58998",
                        "owner": "5ec8adf06e38137ff2e58770",
                        "receiver": null,
                        "createdAt": 1621893619835,
                        "expiredAt": 1621894785097,
                        "description": "No memes here, just a cool logo!",
                        "likes": 0,
                        "private": false,
                        "replyTo": null,
                        "imageUrl": "https://bdpa.org/wp-content/uploads/2020/07/bdpa_logo_medium.png"
                    },
                    {
                        "meme_id": "5ec8adf06e38137ff2e58998",
                        "owner": "5ec8adf06e38137ff2e58770",
                        "receiver": null,
                        "createdAt": 1621893619835,
                        "expiredAt": 1621894785097,
                        "description": null,
                        "likes": 0,
                        "private": false,
                        "replyTo": null,
                        "imageUrl": "https://media1.tenor.com/images/d591623c9a16e971268f60e375aa82de/tenor.gif"
                    }
                ]
            }

## User Endpoints [/users]

These endpoints deal with [CRUD operations](https://nordicapis.com/crud-vs-rest-whats-the-difference) on a user.

- [/users (GET)](#/reference/0/user-endpoints/users-get)
- [/users (POST)](#/reference/0/user-endpoints/users-post)
- [/users/:user_id (GET)](#/reference/0/user-endpoints/users-user-id-get)
- [/users/:username (GET)](#/reference/0/user-endpoints/users-username-get)
- [/users/:user_id (DELETE)](#/reference/0/user-endpoints/users-user-id-delete)
- [/users/:user_id (PUT)](#/reference/0/user-endpoints/users-user-id-put)
- [/users/:user_id/liked (GET)](#/reference/0/user-endpoints/users-user-id-liked-get)
- [/users/:user_id/liked/:meme_id (GET)](#/reference/0/user-endpoints/users-user-id-liked-meme-id-get)
- [/users/:user_id/friends (GET)](#/reference/0/user-endpoints/users-user-id-friends-get)
- [/users/:user_id/friends/:friend_id (GET)](#/reference/0/user-endpoints/users-user-id-friends-friend-id-get)
- [/users/:user_id/friends/:friend_id (DELETE)](#/reference/0/user-endpoints/users-user-id-friends-friend-id-delete)
- [/users/:user_id/friends/:friend_id (PUT)](#/reference/0/user-endpoints/users-user-id-friends-friend-id-put)
- [/users/:user_id/requests/:request_type (GET)](#/reference/0/user-endpoints/users-user-id-requests-request-type-get)
- [/users/:user_id/requests/:request_type/:target_id (GET)](#/reference/0/user-endpoints/users-user-id-requests-request-type-target-id-get)
- [/users/:user_id/requests/:request_type/:target_id (DELETE)](#/reference/0/user-endpoints/users-user-id-requests-request-type-target-id-delete)
- [/users/:user_id/requests/:request_type/:target_id (PUT)](#/reference/0/user-endpoints/users-user-id-requests-request-type-target-id-put)

### /users (GET) [GET /users{?after}]

Returns all users in the system in chronological order beginning with the most recent.

Returns are limited to at most 100 results per query. Supports [range queries](https://en.wikipedia.org/wiki/Range_query_(database)) using `after`.

+ Parameters
    + after (optional, user_id) - <span style="color: gray">[optional]</span> Return only those users that occur *after* `user_id` in the result list.

+ Request

    + Headers

            key: your-special-api-key-here
            content-type: application/json

+ Response 200 (application/json)
See an example

    + Attributes (object)
        + success (boolean) - If the request succeeded. Always `true` when status code is 200 and `false` or `undefined` otherwise.
        + users (array[User]) - An array of user objects. Empty if there are no users left to show.

    + Body

            {
                "success": true,
                "users": [
                    {
                        "user_id": "5eee34b3ca37750008547372",
                        "name": "Dummy User One",
                        "email": "dummy@email.com",
                        "phone": "123-456-7890",
                        "username": "dummyuser1",
                        "friends": 1,
                        "liked": 5,
                        "deleted": false,
                        "imageUrl": null
                    },
                    {
                        "user_id": "5eee34b3ca37750008547372",
                        "name": "Dummy User Two",
                        "email": "dummy2@email.com",
                        "phone": "123-654-5555",
                        "username": "dummy-user-2",
                        "friends": 14,
                        "liked": 9,
                        "deleted": false,
                        "imageUrl": null
                    }
                ]
            }

### /users (POST) [POST /users]

Creates a new user. Phone number is optional.

> Notice: due to financial constraints, the oldest users in the system will be dropped from the API to make room for the new. That is: `user_id`s are not guaranteed to exist forever.

> Note that the API does not manage user credentials. Passwords must be stored locally.

+ Request

    + Headers

            key: your-special-api-key-here
            content-type: application/json

    + Attributes
        + name: `"Hillary Clinton"` (string) - The full name of the user.
        + email: `"h@hillaryclinton.com"` (string) - The user's email address.
        + phone: `"312-555-5555"` (string, nullable) - The user's well-formatted phone number.
        + username: `"thehill"` (string) - The user's unique username within the system.
        + imageBase64: `"data:image/jpeg;base64,/9j/4AAQ"` (string, nullable) - A valid [base64](https://en.wikipedia.org/wiki/Base64) [data uri](https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URIs) or `null`.

    + Body

            {
                "name": "Hillary Clinton",
                "email": "h@hillaryclinton.com",
                "phone": "312-555-5555",
                "username": "thehill",
                "imageBase64": null
            }

+ Response 200 (application/json)
See an example

    + Attributes (object)
        + success (boolean) - If the request succeeded. Always `true` when status code is 200 and `false` or `undefined` otherwise.
        + user (User) - The newly created user object.

    + Body

            {
                "success": true,
                "user": {
                    "user_id": "5eee34b3ca37750008547372",
                    "name": "Hillary Clinton",
                    "email": "h@hillaryclinton.com",
                    "phone": "312-555-5555",
                    "username": "thehill",
                    "friends": 0,
                    "liked": 0,
                    "deleted": false,
                    "imageUrl": null
                }
            }

### /users/:user_id (GET) [GET /users/{user_id}]

Returns the user identified by the `user_id` parameter.

+ Parameters
    + `user_id`: `5eee34b3ca37750008547372` (user_id) - <span style="color: darkred">[required]</span> ID of the user.

+ Request

    + Headers

            key: your-special-api-key-here
            content-type: application/json

+ Response 200 (application/json)
See an example

    + Attributes (object)
        + success (boolean) - If the request succeeded. Always `true` when status code is 200 and `false` or `undefined` otherwise.
        + user (User) - The requested user object.

    + Body

            {
                "success": true,
                "user": {
                    "user_id": "5eee34b3ca37750008547372",
                    "name": "Dummy User One",
                    "email": "dummy@email.com",
                    "phone": "123-456-7890",
                    "username": "dummyuser1",
                    "friends": 1,
                    "liked": 5,
                    "deleted": false,
                    "imageUrl": null
                }
            }

### /users/:username (GET) [GET /users/{username}]

Returns the user identified by the `username` parameter.

+ Parameters
    + `username`: `bernie4All` (username) - <span style="color: darkred">[required]</span> ID of the user.

+ Request

    + Headers

            key: your-special-api-key-here
            content-type: application/json

+ Response 200 (application/json)
See an example

    + Attributes (object)
        + success (boolean) - If the request succeeded. Always `true` when status code is 200 and `false` or `undefined` otherwise.
        + user (User) - The requested user object.

    + Body

            {
                "success": true,
                "user": {
                    "user_id": "5eee34b3ca37750008547372",
                    "name": "Bernie Sanders",
                    "email": "wrote@thedamnbill.com",
                    "phone": "333-444-5555",
                    "username": "bernie4All",
                    "friends": 42,
                    "liked": 15,
                    "deleted": false,
                    "imageUrl": null
                }
            }

### /users/:user_id (DELETE) [DELETE /users/{user_id}]

Sets the specified user's `deleted` flag to `true`. Deleting a user via the API
does not affect their meme objects.

+ Parameters
    + `user_id`: `5eee34b3ca37750008547372` (user_id) - <span style="color: darkred">[required]</span> ID of the specified user.

+ Request

    + Headers

            key: your-special-api-key-here
            content-type: application/json

+ Response 200 (application/json)
See an example

    + Attributes (object)
        + success (boolean) - If the request succeeded. Always `true` when status code is 200 and `false` or `undefined` otherwise.

    + Body

            {
                "success": true
            }

### /users/:user_id (PUT) [PUT /users/{user_id}]

Sets the specified user's `name`, `email`, `phone`, and other properties. Besides `imageBase64`, all the attributes listed below must be present in the request body _even if they're not changed_. `imageBase64` is optional and can be omitted if it's not being updated.

+ Parameters
    + `user_id`: `5eee34b3ca37750008547372` (user_id) - <span style="color: darkred">[required]</span> ID of the specified user.

+ Request

    + Headers

            key: your-special-api-key-here
            content-type: application/json

    + Attributes (object)
        + name: `"Elizabeth Warren"` (string) - The full name of the user.
        + email: `"liz@ewarren.com"` (string) - The user's email address.
        + phone: `"978-555-5555"` (string, nullable) - The user's well-formatted phone number.
        + imageBase64: `"data:image/jpeg;base64,/9j/4AAQ"` (string, nullable, optional) - A valid [base64](https://en.wikipedia.org/wiki/Base64) [data uri](https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/Data_URIs) or `null`.

    + Body

            {
                "name": "Elizabeth Warren",
                "email": "liz@ewarren.com",
                "phone": "978-555-5555",
                "imageBase64": null
            }

+ Response 200 (application/json)
See an example

    + Attributes (object)
        + success (boolean) - If the request succeeded. Always `true` when status code is 200 and `false` or `undefined` otherwise.

    + Body

            {
                "success": true
            }

### /users/:user_id/liked (GET) [GET /users/{user_id}/liked{?after}]

Returns IDs of the memes a specific user (`user_id`) has liked. If you're just looking for the _number_ of memes liked by this user, use the [`GET /users/:user_id`](#/reference/0/user-endpoints/users-user-id-get) endpoint instead.

Returns are limited to at most 100 results per query. Supports [range queries](https://en.wikipedia.org/wiki/Range_query_(database)) using `after`.

+ Parameters
    + after (optional, meme_id) - <span style="color: gray">[optional]</span> Return only those memes that occur *after* `meme_id` in the result list.
    + `user_id`: `5eee34b3ca37750008547372` (user_id) - <span style="color: darkred">[required]</span> ID of the specific user.

+ Request

    + Headers

            key: your-special-api-key-here
            content-type: application/json

+ Response 200 (application/json)
See an example

    + Attributes (object)
        + success (boolean) - If the request succeeded. Always `true` when status code is 200 and `false` or `undefined` otherwise.
        + memes (array[string]) - An array of `meme_id`s. Empty if there are no memes left to show.

    + Body

            {
                "success": true,
                "memes": [
                    "5eee34b3ca37750008547372",
                    "5eee34b3ca37750008547373",
                    "5eee34b3ca37750008547374"
                ]
            }

### /users/:user_id/liked/:meme_id (GET) [GET /users/{user_id}/liked/{meme_id}]

Responds with a `200` status code if user `user_id` has liked `meme_id` or a
`404` otherwise.

+ Parameters
    + `user_id`: `5eee34b3ca37750008547372` (user_id) - <span style="color: darkred">[required]</span> ID of the user.
    + `meme_id`: `5eee34b3ca37750008547373` (meme_id) - <span style="color: darkred">[required]</span> ID of the supposedly liked meme.

+ Request

    + Headers

            key: your-special-api-key-here
            content-type: application/json

+ Response 200 (application/json)
See an example

    + Attributes (object)
        + success (boolean) - If the request succeeded. Always `true` when status code is 200 and `false` or `undefined` otherwise.

    + Body

            {
                "success": true
            }

### /users/:user_id/friends (GET) [GET /users/{user_id}/friends{?after}]

Returns IDs of the users a specific user (`user_id`) is friends with. If you're just looking for the _number_ of friends a user has, use the [`GET /users/:user_id`](#/reference/0/user-endpoints/users-user-id-get) endpoint instead.

Returns are limited to at most 100 results per query. Supports [range queries](https://en.wikipedia.org/wiki/Range_query_(database)) using `after`.

+ Parameters
    + after (optional, user_id) - <span style="color: gray">[optional]</span> Return only those users that occur *after* `user_id` in the result list.
    + `user_id`: `5eee34b3ca37750008547372` (user_id) - <span style="color: darkred">[required]</span> ID of the specific user.

+ Request

    + Headers

            key: your-special-api-key-here
            content-type: application/json

+ Response 200 (application/json)
See an example

    + Attributes (object)
        + success (boolean) - If the request succeeded. Always `true` when status code is 200 and `false` or `undefined` otherwise.
        + users (array[string]) - An array of `user_id`s. Empty if there are no users left to show.

    + Body

            {
                "success": true,
                "users": [
                    "5eee34b3ca37750008547372",
                    "5eee34b3ca37750008547373",
                    "5eee34b3ca37750008547374"
                ]
            }

### /users/:user_id/friends/:friend_id (GET) [GET /users/{user_id}/friends/{friend_id}]

Responds with a `200` status code if user `user_id` and `friend_id` are friends or a `404` otherwise.

+ Parameters
    + `user_id`: `5eee34b3ca37750008547372` (user_id) - <span style="color: darkred">[required]</span> ID of the first user.
    + `friend_id`: `5eee34b3ca37750008547373` (user_id) - <span style="color: darkred">[required]</span> ID of the user to check.

+ Request

    + Headers

            key: your-special-api-key-here
            content-type: application/json

+ Response 200 (application/json)
See an example

    + Attributes (object)
        + success (boolean) - If the request succeeded. Always `true` when status code is 200 and `false` or `undefined` otherwise.

    + Body

            {
                "success": true
            }

### /users/:user_id/friends/:friend_id (DELETE) [DELETE /users/{user_id}/friends/{friend_id}]

Removes a user (`user_id`) such that they are no longer friends with `friend_id`.

+ Parameters
    + `user_id`: `5eee34b3ca37750008547372` (user_id) - <span style="color: darkred">[required]</span> ID of the first user.
    + `friend_id`: `5eee34b3ca37750008547373` (user_id) - <span style="color: darkred">[required]</span> ID of the user to remove.

+ Request

    + Headers

            key: your-special-api-key-here
            content-type: application/json

+ Response 200 (application/json)
See an example

    + Attributes (object)
        + success (boolean) - If the request succeeded. Always `true` when status code is 200 and `false` or `undefined` otherwise.

    + Body

            {
                "success": true
            }

### /users/:user_id/friends/:friend_id (PUT) [PUT /users/{user_id}/friends/{friend_id}]

Adds a user (`user_id`) as a friend of another user (`friend_id`).

+ Parameters
    + `user_id`: `5eee34b3ca37750008547372` (user_id) - <span style="color: darkred">[required]</span> ID of the first user.
    + `friend_id`: `5eee34b3ca37750008547373` (user_id) - <span style="color: darkred">[required]</span> ID of the user to add.

+ Request

    + Headers

            key: your-special-api-key-here
            content-type: application/json

+ Response 200 (application/json)
See an example

    + Attributes (object)
        + success (boolean) - If the request succeeded. Always `true` when status code is 200 and `false` or `undefined` otherwise.

    + Body

            {
                "success": true
            }

### /users/:user_id/requests/:request_type (GET) [GET /users/{user_id}/requests/{request_type}{?after}]

Returns the IDs involved in unresolved friend requests of type `request_type` sent/received by a specific user (`user_id`). Possible values for `request_type` are: `incoming` and `outgoing`.

+ Parameters
    + after (optional, user_id) - <span style="color: gray">[optional]</span> Return only those users that occur *after* `user_id` in the result list.
    + `user_id`: `5eee34b3ca37750008547372` (user_id) - <span style="color: darkred">[required]</span> ID of the user.
    + `request_type`: `incoming` ("incoming" | "outgoing") - <span style="color: darkred">[required]</span> Type of friend request.

+ Request

    + Headers

            key: your-special-api-key-here
            content-type: application/json

+ Response 200 (application/json)
See an example

    + Attributes (object)
        + success (boolean) - If the request succeeded. Always `true` when status code is 200 and `false` or `undefined` otherwise.
        + users (array[string]) - An array of `user_id`s. Empty if there are no users left to show.

    + Body

            {
                "success": true,
                "users": [
                    "5eee34b3ca37750008547372",
                    "5eee34b3ca37750008547373",
                    "5eee34b3ca37750008547374"
                ]
            }

### /users/:user_id/requests/:request_type/:target_id (GET) [GET /users/{user_id}/requests/{request_type}/{target_id}]

Responds with a `200` status code if there exists an unresolved friend request of type `request_type` between users `user_id` and `target_id` or `404` otherwise. Possible values for `request_type` are: `incoming` and `outgoing`.

+ Parameters
    + `user_id`: `5eee34b3ca37750008547372` (user_id) - <span style="color: darkred">[required]</span> ID of the first user.
    + `request_type`: `incoming` ("incoming" | "outgoing") - <span style="color: darkred">[required]</span> Type of friend request.
    + `target_id`: `5eee34b3ca37750008547373` (user_id) - <span style="color: darkred">[required]</span> ID of the target user.

+ Request

    + Headers

            key: your-special-api-key-here
            content-type: application/json

+ Response 200 (application/json)
See an example

    + Attributes (object)
        + success (boolean) - If the request succeeded. Always `true` when status code is 200 and `false` or `undefined` otherwise.

    + Body

            {
                "success": true
            }

### /users/:user_id/requests/:request_type/:target_id (DELETE) [DELETE /users/{user_id}/requests/{request_type}/{target_id}]

Resolves (removes) a friend request between a specific user (`user_id`) and another (`target_id`). Possible values for `request_type` are: `incoming` and `outgoing`.

+ Parameters
    + `user_id`: `5eee34b3ca37750008547372` (user_id) - <span style="color: darkred">[required]</span> ID of the first user.
    + `request_type`: `incoming` ("incoming" | "outgoing") - <span style="color: darkred">[required]</span> Type of friend request.
    + `target_id`: `5eee34b3ca37750008547373` (user_id) - <span style="color: darkred">[required]</span> ID of the target user.

+ Request

    + Headers

            key: your-special-api-key-here
            content-type: application/json

+ Response 200 (application/json)
See an example

    + Attributes (object)
        + success (boolean) - If the request succeeded. Always `true` when status code is 200 and `false` or `undefined` otherwise.

    + Body

            {
                "success": true
            }

### /users/:user_id/requests/:request_type/:target_id (PUT) [PUT /users/{user_id}/requests/{request_type}/{target_id}]

Adds a new unresolved friend request between a specific user (`user_id`) and another (`target_id`). Possible values for `request_type` are: `incoming` and `outgoing`.

+ Parameters
    + `user_id`: `5eee34b3ca37750008547372` (user_id) - <span style="color: darkred">[required]</span> ID of the first user.
    + `request_type`: `incoming` ("incoming" | "outgoing") - <span style="color: darkred">[required]</span> Type of friend request.
    + `target_id`: `5eee34b3ca37750008547373` (user_id) - <span style="color: darkred">[required]</span> ID of the target user.

+ Request

    + Headers

            key: your-special-api-key-here
            content-type: application/json

+ Response 200 (application/json)
See an example

    + Attributes (object)
        + success (boolean) - If the request succeeded. Always `true` when status code is 200 and `false` or `undefined` otherwise.

    + Body

            {
                "success": true
            }

## Data Structures

### Meme (object)

+ meme_id: `5ec8adf06e38137ff2e58769` (string) - A unique immutable MongoDB ID representing this meme. Generated automatically by the server.
+ owner: `5ec8adf06e38137ff2e58770` (string) - The `user_id` of the user that uploaded this meme.
+ receiver (string, nullable) - The `user_id` of a non-owner user authorized to access this meme or `null`.
+ createdAt: `1579345900650` (number) - When this meme was created [in milliseconds since the unix epoch](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/now).
+ expiredAt: `1579489874164` (number) - When this meme expired (or will expire) [in milliseconds since the unix epoch](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Date/now) or `-1` if it should never expire.
+ description (string, nullable) - Additional data associated with this meme or `null`.
+ likes (number) - The current number of likes this meme has received.
+ private (boolean) - `true` if this meme is private or `false` otherwise.
+ replyTo: `5ec8adf06e38137ff2e58769` (string, nullable) - The `meme_id` of the meme to which this meme is responding or `null` if it is not a reply.
+ imageUrl (string, nullable) - The HTTP url of a PNG, JPEG, or GIF image file or `null` if there is no image.

### User (object)

+ user_id: `5ec8adf06e38137ff2e58770` (string) - A unique immutable MongoDB ID representing this user. Generated automatically by the server.
+ name: `"Barack Obama"` (string) - The full name of the user.
+ email: `"o@barackobama.com"` (string) - The user's email address.
+ phone: `"773-555-5555"` (string, nullable) - The user's well-formatted phone number.
+ username: `"Oforce1"` (string) - The user's unique username within the system.
+ friends (number) - The current number of friends this user has.
+ liked (number) - The current number of memes this user has liked.
+ deleted (boolean) - `true` if this user was deleted or `false` otherwise.
+ imageUrl (string, nullable) - The HTTP url of a PNG, JPEG, or GIF image file or `null` if there is no image.