diff --git a/backend/apis/nodejs/api_controller.js b/backend/apis/nodejs/api_controller.js
index 3febd0b..eca0640 100644
--- a/backend/apis/nodejs/api_controller.js
+++ b/backend/apis/nodejs/api_controller.js
@@ -93,7 +93,7 @@ async function login(req, res){
 
   if (person){
     const token = generateToken(person.id);
-    res.status(200).json({ token });
+    res.status(200).json({token: token });
   }
   else{ 
     res.status(401).json({error : "Unauthorized"});
@@ -109,6 +109,7 @@ async function getPerson(req, res){
       .first();
     
     if(user){
+      // TODO: Check first whether req.jwt.person_id matches req.params.id before requesting the user from the database
       if(user.id == req.jwt.person_id || user.enabled){
         delete user['password']; // remove password field for security reasons
         return res.status(200).send(user);
@@ -467,6 +468,7 @@ async function checkUserCredentials(email, password){
 }
 
 function generateToken(person_id) {
+  // The payload the JWT will carry within itself
   const payload = {
     person_id: person_id
   };
diff --git a/tutorials/3_async-await.js b/tutorials/3_async-await.js
index cd92a07..96a1306 100644
--- a/tutorials/3_async-await.js
+++ b/tutorials/3_async-await.js
@@ -15,14 +15,14 @@ async function f1() {
 // and then resumes it with the promise result.
 async function f2() {
 
-    let promise = new Promise((resolve, reject) => {
-      setTimeout(() => resolve("done!"), 1000)
-    });
+  let promise = new Promise((resolve, reject) => {
+    setTimeout(() => resolve("done!"), 1000)
+  });
   
-    let result = await promise; // wait until the promise resolves (*)
+  let result = await promise; // wait until the promise resolves (*)
   
-    console.log(result); // "done!"
-  }
+  console.log(result); // "done!"
+}
   
   f2();