Create a separate process with a single worker

- To handle service-to-service communication which must be kept HTTP/1.1
- Since only internal communication is possible we restrict allowed
  paths in requests to use the API only
  - /up is also included for healthchecking the process

Author: TheOneFromNorway

falcon.rb

@@ -39,3 +39,41 @@
     Async::HTTP::Endpoint.parse("#{scheme}://0.0.0.0:#{port}").with(**options)
   end
 end
+
+if ENV["SERVICE_CONNECT_PORT"]
+  service "#{hostname}-http" do
+    include Falcon::Environment::Rack
+
+    preload "preload.rb"
+
+    count 1
+
+    protocol { Async::HTTP::Protocol::HTTP11 }
+    scheme { "http" }
+
+    rack_app do
+      app = super()
+      allowed_paths = %w[/api/reporting/ /up]
+
+      ->(env) do
+        if allowed_paths.any? { |path| env["PATH_INFO"].start_with?(path) }
+          app.call(env)
+        else
+          [
+            403,
+            { "content-type" => "text/plain" },
+            [
+              "Path #{env["PATH_INFO"]} is not allowed. Allowed paths: #{allowed_paths.join(", ")}"
+            ]
+          ]
+        end
+      end
+    end
+
+    endpoint do
+      Async::HTTP::Endpoint.parse(
+        "http://0.0.0.0:#{ENV["SERVICE_DIRECT_PORT"]}"
+      ).with(protocol: protocol)
+    end
+  end
+end