The main difference between using `HttpMiddleware.make` and creating a middleware through a layer...

const cookieValidator = HttpMiddleware.make((app) =>
  Effect.gen(function* () {
    const req = yield* HttpServerRequest.HttpServerRequest
    yield* externallyValidateCookie(req.cookies.testCookie)
    return yield* app
  }).pipe(
    Effect.catchTag("CookieError", () =>
      HttpServerResponse.text("Invalid cookie")
    )
  )
)

export const cookieValidator = Layer.effect(
  CookieSecurity,
  Effect.gen(function* () {
    const cookieService = yield* CookieService;
    return Effect.gen(function* () {
      const req = yield* HttpServerRequest.HttpServerRequest;
      yield* Effect.logDebug("Handling cookie security");
      // yield* verifyRequestOriginHeaders;
      if (!req.cookies.auth_session)
        return yield* new HttpApiError.Unauthorized();
      const session = yield* cookieService
        .validateSession(req.cookies.auth_session)
        .pipe(Effect.orDie);
      if (!session.session) {
        yield* Effect.logDebug("Invalid or expired session, clearing cookie");
        return yield* new ClearCookie({ cookie_name: "auth_session" });
      }
      //   if (session.session.fresh) {
      //     yield* HttpServerResponse.setCookie("session", session.session.id);
      //   }
      return session.user;
    }).pipe(
      Effect.catchTags({
        "@app/ClearCookie": ({ cookie_name }) =>
          HttpServerResponse.empty().pipe(
            HttpServerResponse.setCookie(
              cookie_name,
              cookieService.lucia.createBlankSessionCookie().serialize()
            )
          ),
      })
    );
  })
);