diff --git a/json-api/src/invites.rs b/json-api/src/invites.rs
index 4147033..d7f6a05 100644
--- a/json-api/src/invites.rs
+++ b/json-api/src/invites.rs
@@ -1,8 +1,7 @@
-use serde_json::{Value, json};
+use serde_json::json;
 
 use mysql_async;
-use mysql_async::{Conn, Pool};
-use mysql_async::prelude::{params, Queryable};
+use mysql_async::Pool;
 
 use hyper::{Response, Body, StatusCode};
 
@@ -10,11 +9,12 @@ use chrono::Utc;
 
 use std::collections::HashMap;
 
-use db::{UBigInt, BigInt};
+use db::BigInt;
 use db::common::FromDB;
 use db::member::Member;
 use db::invites::Invite;
 
+use crate::qs_param;
 use crate::http;
 
 
@@ -121,32 +121,6 @@ pub async fn join(pool: &Pool, response: &mut Response<Body>, params: HashMap<&s
 }
 
 
-async fn process_expires_parameter(p: &Pool, exp: &Value, id: UBigInt) -> bool {
-    // TODO: fix this somewhat unsafe code
-    // TODO: BRO THIS SHIT
-    // NOTE: its unsafe because of these lazy as heck unwraps everywhere
-    use crate::perms::{CREATE_PERM_INVITES, CREATE_TMP_INVITES};
-    let conn = p.get_conn().await.unwrap();
-    let db_tup: (Conn, Option<UBigInt>) = conn.first_exec(
-            "SELECT permissions FROM members WHERE id = :id", 
-            params!{"id" => id})
-            .await.unwrap();
-    // depending on what type of invite we requested we should make sure we have the 
-    // right permissions to do so
-    let real_perms = db_tup.1.unwrap(); // safe via auth module
-    if let Some(exp) = exp.as_bool() {
-        // perma?
-        if exp {
-            return (real_perms & CREATE_PERM_INVITES) == CREATE_PERM_INVITES;
-        }
-        else {
-            return (real_perms & CREATE_TMP_INVITES) == CREATE_TMP_INVITES;
-        }
-    }
-    else {
-        return false;
-    }
-}
 
 async fn allowed_perm_invite(pool: &Pool, uid: u64) -> bool {
     use crate::perms;
@@ -164,7 +138,7 @@ pub async fn create(pool: &Pool, response: &mut Response<Body>, params: HashMap<
      * expires: Option<bool>
      */
 
-    let id = http::extract_uid(&params);
+    let id = qs_param!(params, "id", u64).unwrap();
 
     let use_count = match params.get("uses")  {
         Some(val) => {
@@ -198,7 +172,7 @@ pub async fn create(pool: &Pool, response: &mut Response<Body>, params: HashMap<
         Ok(_) => {
             // return the id of the invite
             // Link format from here is basically hostname.io:4536/join?code=<some-code>
-            crate::http::set_json_body(response, serde_json::json!(invite))
+            http::set_json_body(response, serde_json::json!(invite))
         },
         Err(mysqle) => {
             println!("\tINVITES::CREATE::ERROR: {}", mysqle);