Api headers error with nodejs

[nodemon] restarting due to changes...
[nodemon] starting `node index.js`
rodando na porta 3000, Ctrl+C para parar
/Users/jeffersonrodrigues/Dev/nodeProjects/minhaescola_api/node_modules/mysql/lib/protocol/Parser.js:437
      throw err; // Rethrow non-MySQL errors
      ^

Error [ERR_HTTP_HEADERS_SENT]: Cannot set headers after they are sent to the client
    at ServerResponse.setHeader (_http_outgoing.js:526:11)
    at Query.<anonymous> (/Users/jeffersonrodrigues/Dev/nodeProjects/minhaescola_api/routes/user/login.js:24:13)
    at Query.<anonymous> (/Users/jeffersonrodrigues/Dev/nodeProjects/minhaescola_api/node_modules/mysql/lib/Connection.js:526:10)
    at Query._callback (/Users/jeffersonrodrigues/Dev/nodeProjects/minhaescola_api/node_modules/mysql/lib/Connection.js:488:16)
    at Query.Sequence.end (/Users/jeffersonrodrigues/Dev/nodeProjects/minhaescola_api/node_modules/mysql/lib/protocol/sequences/Sequence.js:83:24)
    at Query._handleFinalResultPacket (/Users/jeffersonrodrigues/Dev/nodeProjects/minhaescola_api/node_modules/mysql/lib/protocol/sequences/Query.js:149:8)
    at Query.EofPacket (/Users/jeffersonrodrigues/Dev/nodeProjects/minhaescola_api/node_modules/mysql/lib/protocol/sequences/Query.js:133:8)
    at Protocol._parsePacket (/Users/jeffersonrodrigues/Dev/nodeProjects/minhaescola_api/node_modules/mysql/lib/protocol/Protocol.js:291:23)
    at Parser._parsePacket (/Users/jeffersonrodrigues/Dev/nodeProjects/minhaescola_api/node_modules/mysql/lib/protocol/Parser.js:433:10)
    at Parser.write (/Users/jeffersonrodrigues/Dev/nodeProjects/minhaescola_api/node_modules/mysql/lib/protocol/Parser.js:43:10) {
  code: 'ERR_HTTP_HEADERS_SENT'
}
[nodemon] app crashed - waiting for file changes before starting...

Here’s my API code:

require('dotenv-safe').config();

const express = require('express');
const jwt = require('jsonwebtoken');
const db = require('../../model/bd');

//config express
const router = express.Router();

router.post('/', (req, res) => {
    var matricula = req.body.matricula;
    var senha = req.body.senha;

    db.query(`select * from aluno where mat_aluno='${matricula}' and senha='${senha}' `, (error, results) => {
        if (error || results.lenght === 0) {
            res.status(401).json({
                message: 'Falha na autenticacao',
            });
        }
        const token = jwt.sign({ 
            id_aluno : results[0].mat_aluno 
        },
        process.env.SECRET, { expiresIn: '1h' });
        res.setHeader({'Content-Type': 'application/json'})
        res.status(200)
            .json({
                message: 'Autenticado',
                token,    
                data: results
            }
        );
        return;
    });
    res.status(404).json({
       message: 'Usuario nao encontrado',
    });
    return;
});

module.exports = router;