diff --git a/backend/app.py b/backend/app.py
index b8b9f05..b4b06a0 100644
--- a/backend/app.py
+++ b/backend/app.py
@@ -22,7 +22,7 @@ app.config["SQLALCHEMY_DATABASE_URI"] = DB_URI
 
 db.init_app(app)
 
-app.register_blueprint(profileBlueprint, url_prefix='/api')
+app.register_blueprint(profileBlueprint, url_prefix='/api/profile')
 
 
 @app.route('/', methods=['GET', 'POST'])
diff --git a/backend/utils/auth.py b/backend/utils/auth.py
index f28b5f9..fb490cd 100644
--- a/backend/utils/auth.py
+++ b/backend/utils/auth.py
@@ -20,7 +20,7 @@ def requires_role(roles: Union[None, UserRole] = None):
             except IndexError:
                 return jsonify({'error': 'Invalid authorization header format'}), 401
             session: Session = db.session.execute(
-                select(User).where(and_(Session.key == session_key, Session.isValid == True))
+                select(Session).where(and_(Session.key == session_key, Session.isValid == True))
             ).scalar()
             if not session:
                 return jsonify({'error': 'Invalid or expired session'}), 401