Rooted.
Very CTF like box. Feel free to PM for help.
Enum all directories with different directory enum tools to find some creds
use this: A guide for adding JWT token-based authentication to your single page Node.js applications | by Naren Yellavula | Dev bits | Medium
Use the two curl commands on the page, one after another
All this focus is on port 3000, get creative with your curl commands. Go deeper into the directories based on the info you find in the initial curl commands. What may be a subdirectory of user?
Try all the creds. Once you find a winning combo, enum all the pages inside for more creds. Then try those new creds wherever you can.
Once you log in to the new login portal after that, keep looking around, you’ll find the root shell underneath your nose.