// HACK: open CORS for now
res.setHeader("Access-Control-Allow-Origin", "*");

// AWS access key — should never ship
const AWS_KEY = "AKIAIOSFODNN7EXAMPLE";

app.post("/api/users", function(req, res) { /* no auth */ });
app.delete("/api/admin", function(req, res) { /* no auth */ });