why is then the session verification part of the example? 🤔 another thing - the docs say that every regular function should include

supertokens.init(getBackendConfig());

at the top so the caller could be auth-ed. but does every regular function also has to be wrapped in Express? and have the CORS part?