buildApp function

Handler buildApp(
  1. ServerDependencies deps
)

Composes the full request handler: CORS, JSON error mapping, then the router.

CORS is the outermost layer so every response carries the headers — including the JSON error responses jsonErrors renders for an auth failure. If CORS sat inside, a bearerAuth 401 would unwind past it and reach the browser without Access-Control-Allow-Origin, surfacing a real 401 as a misleading CORS error.

This is the testable seam — drive it with shelf Requests, no socket.

Implementation

Handler buildApp(ServerDependencies deps) => const Pipeline()
    .addMiddleware(corsHeaders(deps.config.corsAllowOrigins))
    .addMiddleware(jsonErrors())
    .addHandler(buildRouter(deps).call);