Fix 404 error when saving user preferences

Routes using withAuth were creating new unauthenticated PocketBase
clients, causing 404 errors when trying to update records. Modified
withAuth to pass the authenticated pb client to handlers so they can
use it for database operations.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

src/app/api/user/route.ts

@@ -4,7 +4,6 @@ import type { NextRequest } from "next/server";
 import { NextResponse } from "next/server";
 
 import { withAuth } from "@/lib/auth-middleware";
-import { createPocketBaseClient } from "@/lib/pocketbase";
 
 // Validation constants
 const CYCLE_LENGTH_MIN = 21;
@@ -16,7 +15,7 @@ const TIME_FORMAT_REGEX = /^([01]\d|2[0-3]):([0-5]\d)$/;
  * Returns the authenticated user's profile.
  * Excludes sensitive fields like encrypted tokens.
  */
-export const GET = withAuth(async (_request, user) => {
+export const GET = withAuth(async (_request, user, _pb) => {
   // Format date for consistent API response
   const lastPeriodDate = user.lastPeriodDate
     ? user.lastPeriodDate.toISOString().split("T")[0]
@@ -81,7 +80,7 @@ function validateTimezone(value: unknown): string | null {
  * Updates the authenticated user's profile.
  * Allowed fields: cycleLength, notificationTime, timezone
  */
-export const PATCH = withAuth(async (request: NextRequest, user) => {
+export const PATCH = withAuth(async (request: NextRequest, user, pb) => {
   const body = await request.json();
 
   // Build update object with only valid, updatable fields
@@ -132,7 +131,6 @@ export const PATCH = withAuth(async (request: NextRequest, user) => {
   }
 
   // Update the user record in PocketBase
-  const pb = createPocketBaseClient();
   await pb.collection("users").update(user.id, updates);
 
   // Build updated user profile for response