diff --git a/idp/src/account/router.ts b/idp/src/account/router.ts
index e64ea5a00..2613bcb99 100644
--- a/idp/src/account/router.ts
+++ b/idp/src/account/router.ts
@@ -67,8 +67,7 @@ router.post(
   async (c) => {
     const body = c.req.valid('json') as AccountResetPasswordOptions
     await resetPassword(body)
-    c.status(200)
-    return c.body(null)
+    return c.body(null, 200)
   },
 )
 
@@ -82,8 +81,7 @@ router.post(
   async (c) => {
     const body = c.req.valid('json') as AccountConfirmEmailOptions
     await confirmEmail(body)
-    c.status(200)
-    return c.body(null)
+    return c.body(null, 200)
   },
 )
 
@@ -97,8 +95,7 @@ router.post(
   async (c) => {
     const body = c.req.valid('json') as AccountSendResetPasswordEmailOptions
     await sendResetPasswordEmail(body)
-    c.status(204)
-    return c.body(null)
+    return c.body(null, 204)
   },
 )
 
diff --git a/idp/src/app.ts b/idp/src/app.ts
index 86ac0a35b..40ea8c21d 100644
--- a/idp/src/app.ts
+++ b/idp/src/app.ts
@@ -10,6 +10,7 @@
 import '@/infra/env.ts'
 import { Hono } from 'hono'
 import { jwt } from 'hono/jwt'
+import { logger } from 'hono/logger'
 import accountRouter from '@/account/router.ts'
 import { getConfig } from '@/config/config.ts'
 import healthRouter from '@/health/router.ts'
@@ -29,6 +30,8 @@ import { User } from '@/user/model.ts'
 
 const app = new Hono()
 
+app.use(logger())
+
 app.onError((error, c) => {
   if (error.message === 'Unauthorized') {
     return c.json(
@@ -66,15 +69,16 @@ app.use('*', async (c, next) => {
 
 app.use('/v3/*', async (c, next) => {
   const jwtMiddleware = jwt({ secret: getConfig().token.jwtSigningKey })
-  switch (c.req.path) {
-    case '/v3/token':
-    case '/v3/users/me/picture:extension':
-    case '/v3/health':
-    case '/v3/accounts':
-    case '/version':
-      return await next()
-    default:
-      return await jwtMiddleware(c, next)
+  if (
+    c.req.path.startsWith('/v3/users/me/picture') ||
+    c.req.path === '/v3/token' ||
+    c.req.path === '/v3/health' ||
+    c.req.path === '/v3/accounts' ||
+    c.req.path === '/version'
+  ) {
+    return await next()
+  } else {
+    return await jwtMiddleware(c, next)
   }
 })
 
diff --git a/idp/src/health/router.ts b/idp/src/health/router.ts
index d03acb6c5..efa73a715 100644
--- a/idp/src/health/router.ts
+++ b/idp/src/health/router.ts
@@ -15,12 +15,10 @@ const router = new Hono()
 
 router.get('', async (c) => {
   if (!postgres.connected) {
-    c.status(503)
-    return c.body(null)
+    return c.body(null, 503)
   }
   if (!(await meilisearch.isHealthy())) {
-    c.status(503)
-    return c.body(null)
+    return c.body(null, 503)
   }
   return c.text('OK')
 })
diff --git a/idp/src/user/router.ts b/idp/src/user/router.ts
index 2e9658ced..daa51b21b 100644
--- a/idp/src/user/router.ts
+++ b/idp/src/user/router.ts
@@ -49,32 +49,34 @@ import {
   UserUpdateFullNameOptions,
   UserUpdatePasswordOptions,
 } from '@/user/service.ts'
-import { extname, join } from 'node:path'
+import { basename, extname, join } from 'node:path'
 import { Buffer } from 'node:buffer'
 import { UserListOptions } from '@/user/service.ts'
 
 const router = new Hono()
 
 router.get('/me', async (c) => {
-  c.json(await getUser(c.get('user').id))
+  return c.json(await getUser(c.get('user').id))
 })
 
-router.get('/me/picture:extension', async (c) => {
+router.get('/me/:filename', async (c) => {
+  const { filename } = c.req.param()
+  if (basename(filename, extname(filename)) !== 'picture') {
+    return c.body(null, 404)
+  }
   const accessToken = c.req.query('access_token')
   if (!accessToken) {
     throw newMissingQueryParamError('access_token')
   }
   const userId = await getUserIdFromAccessToken(accessToken)
   const { buffer, extension, mime } = await getUserPicture(userId)
-  if (extension !== c.req.param('extension')) {
+  if (extension !== extname(c.req.param('filename'))) {
     throw newPictureNotFoundError()
   }
-  c.res.headers.append(
-    'Content-Disposition',
-    `attachment; filename=picture.${extension}`,
-  )
-  c.res.headers.append('Content-Type', mime)
-  return c.body(buffer)
+  return c.body(buffer, 200, {
+    'Content-Type': mime,
+    'Content-Disposition': `attachment; filename=picture${extension}`,
+  })
 })
 
 router.post(
@@ -182,8 +184,7 @@ router.delete(
   async (c) => {
     const body = c.req.valid('json') as UserDeleteOptions
     await deleteUser(c.get('user').id, body)
-    c.status(204)
-    return c.body(null)
+    return c.body(null, 204)
   },
 )
 
@@ -221,8 +222,7 @@ router.post(
     const { id } = c.req.param()
     const body = c.req.valid('json') as UserSuspendOptions
     await suspendUser(id, body)
-    c.status(200)
-    return c.body(null)
+    return c.body(null, 200)
   },
 )
 
@@ -238,8 +238,7 @@ router.post(
     const { id } = c.req.param()
     const body = c.req.valid('json') as UserMakeAdminOptions
     await makeAdminUser(id, body)
-    c.status(200)
-    return c.body(null)
+    return c.body(null, 200)
   },
 )