diff --git a/app/api/account/route.ts b/app/api/account/route.ts
index 6543d119..48cf4833 100644
--- a/app/api/account/route.ts
+++ b/app/api/account/route.ts
@@ -5,44 +5,34 @@ import { NextResponse } from "next/server";
 import { requireBearer } from "@/app/api/_lib/auth";
 
 const API = (process.env.NEXT_PUBLIC_API_BASE_URL || "").replace(/\/$/, "");
-
 const bad = (m: string, c = 400) => NextResponse.json({ error: m }, { status: c });
 
-/**
- * GET: return current user's profile
- * shape: { ok: true, user: {...} } or { error }
- */
-export async function GET() {
+/** GET: current user's profile */
+export async function GET(req: Request) {
     try {
-        const bearer = requireBearer(); // reads cookie from NextRequest internally
+        const bearer = requireBearer(req); // ← pass req
         const fields =
         "id,username,first_name,last_name,email,location,avatar.id,avatar.filename_download";
 
-const res = await fetch(`${API}/users/me?fields=${encodeURIComponent(fields)}`, {
-    headers: { Authorization: bearer },
-    cache: "no-store",
-});
-
+const res = await fetch(
+    `${API}/users/me?fields=${encodeURIComponent(fields)}`,
+                        { headers: { Authorization: bearer }, cache: "no-store" }
+);
 const j = await res.json().catch(() => ({}));
 
 if (!res.ok) {
-    // propagate Directus status (401, 403, etc) instead of throwing
     const msg = j?.errors?.[0]?.message || "Failed to load profile";
     return NextResponse.json({ error: msg }, { status: res.status });
 }
 
 return NextResponse.json({ ok: true, user: j?.data ?? j });
     } catch (e: any) {
-        // if requireBearer threw due to missing cookie, present 401 cleanly
         const status = e?.status === 401 ? 401 : e?.status || 500;
         return bad(e?.message || "Unexpected error", status);
     }
 }
 
-/**
- * PATCH: update current user's editable fields
- * accepts any subset of: first_name, last_name, email (optional), location, avatar
- */
+/** PATCH: update editable fields for current user */
 export async function PATCH(req: Request) {
     try {
         const bearer = requireBearer(req);
@@ -53,7 +43,7 @@ export async function PATCH(req: Request) {
         if (typeof body.last_name === "string")  payload.last_name  = body.last_name.trim();
         if ("email" in body) {
             const e = String(body.email ?? "").trim();
-            payload.email = e ? e : null; // email optional; blank clears
+            payload.email = e ? e : null; // optional; blank clears
         }
         if (typeof body.location === "string")   payload.location   = body.location.trim();
         if (typeof body.avatar === "string")     payload.avatar     = body.avatar; // file id
@@ -65,7 +55,6 @@ export async function PATCH(req: Request) {
             headers: { Authorization: bearer, "Content-Type": "application/json" },
             body: JSON.stringify(payload),
         });
-
         const j = await res.json().catch(() => ({}));
 
         if (!res.ok) {