Client: Expose Engine API as a separate Server with a dedicated Port Number

[holgerd77]

Merge relevant, see Engine API, also take note of the priority and urgency label on the sideline (may change over time).

Feedback from Ryan required before starting on an implementation: recommended, but eventually also some "code can be copied over" case

---

The Merge engine API spec states:

Client software MUST expose Engine API at a port independent from JSON-RPC API. The default port for the Engine API is 8550 for HTTP and 8551 for WebSocket.

While I guess (but not 100% sure) things should at least work if the engine API would be exposed via the normal JSON-RPC server it will likely be better if we do this separation early on and start a separate server.

Implementation shouldn't be too difficult with some modification of the RPC server instantiation in bin/cli.ts runRpcServer (or by adding a separate small function), some modification of RPCManager.getMethods() (modules should then likely be passed in instead of read statically), maybe rename the modules folder to something like user and move engine.ts to a separate folder engine.

Also to consider:

• Tests need to be adopted
• There needs to be new flags to activate (--engineRPC, --engineRPCport, --engineRPCaddress) (not sure, the capitalized RPC is not completely consistent with e.g. --rpcport, I still like it a bit better though due to better readability. Absolutely no blocker though of course. 😋)

[holgerd77]

This is still relevant and we would need to address before a next client release, this would otherwise be too insecure to have the engined API exposed on the generic RPC port and address.

Wonder if we generally should restrict the engine API even more for security reasons and e.g. only allow to expose on localhost? Or is this too restrictive? 🤔 Or we might want to at least add a warning if address !== 'localhost'?

[ryanio]

working on this now :)

[ryanio]

added in #1530