Compare user password during request

I’m getting a 404 not found error when trying to initiate a request by making the user input his password first, compare if it matches the password in the backend and then return the payload. It’s basically a get single item with id endpoint but with password as a request body.

enter image description here

Here’s my backend:

export const revealCard = async (req: Request, res: Response) => {
  const { cardId } = req.params;

  const { password } = req.body

  const userId = req.user?.userId;

  try {
    const user = await prismaClient.user.findUnique({
      where: { id: userId },
    });

    if (!user) {
      return res.status(404).json({
        error: true,
        message: "User not found.",
      });
    }

    // Compare the provided password with the user's password
    const isPasswordValid = await bcrypt.compare(password, user.password);

    if (!isPasswordValid) {
      return res.status(403).json({
        error: true,
        message: "Invalid password. Access denied.",
      });
    }

    // Proceed to retrieve the card only if the password is valid
    const card = await prismaClient.card.findUnique({
      where: { id: cardId },
    });

    res.json({
      card,
      message: "Card retrieved successfully!",
      error: false,
    });
  } catch (error) {
    console.error("Error retrieving event:", error);
    res.status(500).json({ error: true, message: "Internal server error" });
  }
};
import { Router } from "express";
import { revealCard } from "../controllers/card";

const cardRoutes: Router = Router();

cardRoutes.post("/reveal-card/:cardId", revealCard);

export default cardRoutes;

Here’s my frontend

export const cardAPI = createApi({
  reducerPath: "cards",
  baseQuery: axiosBaseQuery({ baseUrl: import.meta.env.VITE_BASE_URL }),
  tagTypes: ["Card"],
  endpoints: (builder) => ({
    revealCard: builder.mutation({
      query: ({ body, cardId }: { body: any; cardId: string }) => ({
        url: `card/reveal-card/${cardId}`,
        method: "POST",
        data: body,
      }),
      invalidatesTags: ["Card"],
    }),
  }),
});

export const { useRevealCardMutation } = cardAPI;
  const onSubmit = async (data: FormValues) => {
    try {
      const response = await revealCard({
        body: { password: data.password },
        cardId: item.id,
      }).unwrap();
  
      if (response) {
        toast.success("Authentication approved");
      }
    } catch (error) {
      const typedError = error as Error;
      toast.error(typedError.message);
    }
  };