diff --git a/api/app/api.py b/api/app/api.py
index 61ee57f..d343252 100644
--- a/api/app/api.py
+++ b/api/app/api.py
@@ -3,6 +3,7 @@ import sys
 from contextlib import asynccontextmanager
 
 from fastapi import FastAPI
+from fastapi.middleware.cors import CORSMiddleware
 
 from database.utils import create_admin_user
 from routes import users, flights, auth
@@ -23,6 +24,10 @@ async def lifespan(app: FastAPI):
 # Initialize FastAPI
 app = FastAPI(lifespan=lifespan)
 
+# Allow CORS
+app.add_middleware(CORSMiddleware, allow_origins=["*"], allow_credentials=True, allow_methods=["*"],
+                   allow_headers=["*"])
+
 # Add subroutes
 app.include_router(users.router, tags=["Users"], prefix="/users")
 app.include_router(flights.router, tags=["Flights"], prefix="/flights")
diff --git a/api/app/deps.py b/api/app/deps.py
index 6ed732f..3c18247 100644
--- a/api/app/deps.py
+++ b/api/app/deps.py
@@ -9,7 +9,8 @@ from pydantic import ValidationError
 from app.config import get_settings, Settings
 from database.tokens import is_blacklisted
 from database.users import get_user_system_info, get_user_system_info_id
-from schemas.user import TokenPayload, AuthLevel, UserDisplaySchema
+
+from schemas.user import TokenPayload, AuthLevel, UserDisplaySchema, TokenSchema
 
 reusable_oath = OAuth2PasswordBearer(
     tokenUrl="/auth/login",
@@ -42,7 +43,7 @@ async def get_current_user(settings: Annotated[Settings, Depends(get_settings)],
 
 
 async def get_current_user_token(settings: Annotated[Settings, Depends(get_settings)],
-                                 token: str = Depends(reusable_oath)) -> (UserDisplaySchema, str):
+                                 token: str = Depends(reusable_oath)) -> (UserDisplaySchema, TokenSchema):
     try:
         payload = jwt.decode(
             token, settings.jwt_secret_key, algorithms=[settings.jwt_algorithm]
@@ -58,11 +59,11 @@ async def get_current_user_token(settings: Annotated[Settings, Depends(get_setti
     if blacklisted:
         raise HTTPException(403, "Token expired", {"WWW-Authenticate": "Bearer"})
 
-    user = await get_user_system_info(id=token_data.sub)
+    user = await get_user_system_info_id(id=token_data.sub)
     if user is None:
         raise HTTPException(404, "Could not find user")
 
-    return user
+    return user, token
 
 
 async def admin_required(user: Annotated[UserDisplaySchema, Depends(get_current_user)]):
diff --git a/api/routes/flights.py b/api/routes/flights.py
index 4070f1d..fc005b2 100644
--- a/api/routes/flights.py
+++ b/api/routes/flights.py
@@ -50,7 +50,7 @@ async def get_flight(flight_id: str, user: UserDisplaySchema = Depends(get_curre
     :return: Flight details
     """
     flight = await db.retrieve_flight(flight_id)
-    if flight.user != user.id and AuthLevel(user.level) != AuthLevel.ADMIN:
+    if str(flight.user) != user.id and AuthLevel(user.level) != AuthLevel.ADMIN:
         logger.info("Attempted access to unauthorized flight by %s", user.username)
         raise HTTPException(403, "Unauthorized access")
 
diff --git a/api/schemas/flight.py b/api/schemas/flight.py
index a37ef78..c370a53 100644
--- a/api/schemas/flight.py
+++ b/api/schemas/flight.py
@@ -86,6 +86,7 @@ class FlightCreateSchema(BaseModel):
 
 
 class FlightDisplaySchema(FlightCreateSchema):
+    user: PyObjectId
     id: PyObjectId