First of all, I would like introduce myself as an enthusiastic beginner backend developer.

Right now, Im studying express by myself. Im working on a basic project which lets you log in via mariadb, displays the users type (e.g admin), getting informations about the selected type of users with the help of database connection. Im curious about how can i expand my project and i have some questions that is not clear for me.

I have made my progress almost all by myself except few lines, where I looked for help.

So there are still some questions spinning in my head.

const express = require("express");
const bodyPraser = require("body-parser");
const cors = require("cors");
const mariadb = require("mariadb");
const ironSession = require("iron-session");
const bcrypt = require("bcrypt");

const db = mariadb.createPool({
    host: "127.0.0.1",
    user: "root",
    password: "admin",
    database: "vue_session",
    port: 3306,
    connectionLimit: 5,
});

const app = express();

app.use(express.json());
app.use(bodyPraser.json());
app.use(
    cors({
        credentials: true,
        origin: "http://localhost:5173",
    }),
);

app.use(async (req, res, next) => {
    const session = await ironSession.getIronSession(req, res, {
        cookieName: "munkamenet",
        password: "yxbnpqwevrtzmuikoljhasdfghcxvbnm",
        cookieOptions: {
            httpOnly: true,
            secure: false,
            sameSize: "lax",
        },
    });

    req.session = session;

    next();
});

app.post("/login", async (req, res) => {
    const { user_name, password } = req.body;
    try {
        let conn = await db.getConnection();

        const results = await conn.query("SELECT * FROM users WHERE user_name = ?;", [user_name]);

        await conn.release();

        if (results.length < 1) {
            // Ha nincs felhasználó akkor hibát küldünk vissza
            return res.status(404).json({
                error: "Nincs ilyen felhasználó.",
            });
        }

        const user = results[0];
        // Jelszó tesztelése
        if (await bcrypt.compare(password, user.password_hash)) {
            const session = req.session; // app.use-os middleware hozza be
            session.user_id = user.id;
            session.user_name = user.user_name;

            await session.save();
            return res.status(200).json({
                session,
            });
        } else {
            return res.status(401).json({
                error: "Hibás jelszó.",
            });
        }
    } catch (error) {
        console.log(error);
        return res.status(500).json({
            error: error.message,
        });
    }
});

app.post("/logout", async (req, res) => {
    await req.session.destroy();

    return res.status(200).json({
        msg: "Sikeres kijelentkezés.",
    });
});

app.get("/me", async (req, res) => {
    const session = req.session;

    // Ha nincs bejelentkezve hibát dob
    if (!session.user_id) {
        return res.status(401).json({ error: "Nem vagy bejelentkezve." });
    }

    const type = await getUserType(session.user_id);
    res.status(200).json({ session, type });
});

app.get("/users", async (req, res) => {
    try {
        const conn = await db.getConnection();

        const results = await conn.query("SELECT id, user_name, type FROM users;");
        await conn.release();
        res.status(200).json({
            users: results.map((user) => {
                user.type = user.type ? "admin" : "user";
                return user;
            }),
        });
    } catch (error) {
        console.log(error);
        return res.status(500).json({
            error: error.message,
        });
    }
});

async function getUserType(user_id) {
    try {
        const conn = await db.getConnection();

        const results = await conn.query("SELECT type FROM users WHERE id = ?;", [user_id]);
        await conn.release();

        return results[0].type ? "admin" : "user";
    } catch (error) {
        console.log(error);
    }
}

app.get("/tasks", async (req, res) => {
    const session = req.session;

    if (!session.user_id) {
        return res.status(401).json({ error: "Nem vagy bejelentkezve." });
    }

    const type = await getUserType(session.user_id);
    try {
        let tasks;
        const conn = await db.getConnection();

        if (type == "admin") {
            tasks = await conn.query("SELECT tasks.id, users.user_name, task FROM tasks INNER JOIN users ON tasks.user_id = users.id;");
        }

        if (type == "user") {
            tasks = await conn.query("SELECT tasks.id, users.user_name, task FROM tasks INNER JOIN users ON tasks.user_id = users.id WHERE users.id = ?;", [session.user_id]);
        }

        await conn.release();

        res.status(200).json(tasks);
    } catch (error) {
        console.log(error);
        return res.status(500).json({
            error: error.message,
        });
    }
});

app.listen(3000, () => {
    console.log("Itt fut -->\t http://localhost:3000/");
});

As you can see /me section where something happens with the iron-session, that is the part where I looked for help. My classmate helped with this, but he can't clarify how to develop with your own knowledge so my question is how can I make it more understandable for myself?
Can some clarify these topics and how to make it more efficient?

I really don't want to code with any ai modells.
Ty <3