taiars/nora
1
0
Fork 0
mirror of https://github.com/getnora-io/nora.git synced 2026-04-12 13:50:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: add CONTRIBUTING.md and SECURITY.md

Browse Source
This commit is contained in:
DevITWay
2026-01-31 11:59:18 +00:00
parent 7763b85b94
commit f82e252e39
2 changed files with 101 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

128
CONTRIBUTING.md
View File

@@ -1,100 +1,68 @@
# Contributing to NORA # Contributing to NORA
Thanks for your interest in contributing to NORA! Thank you for your interest in contributing to NORA!
## Getting Started ## Getting Started
1. **Fork** the repository 1. Fork the repository
2. **Clone** your fork: 2. Clone your fork: `git clone https://github.com/YOUR_USERNAME/nora.git`
```bash 3. Create a branch: `git checkout -b feature/your-feature`
git clone https://github.com/your-username/nora.git
cd nora
```
3. **Create a branch**:
```bash
git checkout -b feature/your-feature-name
```
## Development Setup ## Development Setup
### Prerequisites
- Rust 1.75+ (`rustup update`)
- Docker (for testing)
- Git
### Build
```bash ```bash
# Install Rust (if needed)
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
# Build
cargo build cargo build
```
### Run # Run tests
```bash
cargo run --bin nora
```
### Test
```bash
cargo test cargo test
cargo clippy
cargo fmt --check # Run locally
cargo run --bin nora -- serve
``` ```
## Making Changes
1. **Write code** following Rust conventions
2. **Add tests** for new features
3. **Update docs** if needed
4. **Run checks**:
```bash
cargo fmt
cargo clippy -- -D warnings
cargo test
```
## Commit Messages
Follow [Conventional Commits](https://www.conventionalcommits.org/):
- `feat:` - New feature
- `fix:` - Bug fix
- `docs:` - Documentation
- `test:` - Tests
- `refactor:` - Code refactoring
- `chore:` - Maintenance
Example:
```bash
git commit -m "feat: add S3 storage migration"
```
## Pull Request Process
1. **Push** to your fork:
```bash
git push origin feature/your-feature-name
```
2. **Open a Pull Request** on GitHub
3. **Wait for review** - maintainers will review your PR
## Code Style ## Code Style
- Follow Rust conventions - Run `cargo fmt` before committing
- Use `cargo fmt` for formatting - Run `cargo clippy` and fix warnings
- Pass `cargo clippy` with no warnings - Follow Rust naming conventions
- Write meaningful commit messages
## Questions? ## Pull Request Process
- Open an [Issue](https://github.com/getnora-io/nora/issues) 1. Update documentation if needed
- Ask in [Discussions](https://github.com/getnora-io/nora/discussions) 2. Add tests for new features
- Reach out on [Telegram](https://t.me/DevITWay) 3. Ensure all tests pass: `cargo test`
4. Ensure code is formatted: `cargo fmt --check`
5. Ensure no clippy warnings: `cargo clippy`
--- ## Commit Messages
Built with love by the NORA community Use conventional commits:
- `feat:` - new feature
- `fix:` - bug fix
- `docs:` - documentation
- `style:` - formatting
- `refactor:` - code refactoring
- `test:` - adding tests
- `chore:` - maintenance
Example: `feat: add OAuth2 authentication`
## Reporting Issues
- Use GitHub Issues
- Include steps to reproduce
- Include NORA version and OS
## License
By contributing, you agree that your contributions will be licensed under the MIT License.
## Contact
- Telegram: [@DevITWay](https://t.me/DevITWay)
- GitHub Issues: [getnora-io/nora](https://github.com/getnora-io/nora/issues)

53
SECURITY.md Normal file
View File

@@ -0,0 +1,53 @@
# Security Policy
## Supported Versions
| Version | Supported |
| ------- | ------------------ |
| 0.2.x | :white_check_mark: |
| < 0.2 | :x: |
## Reporting a Vulnerability
**Please do not report security vulnerabilities through public GitHub issues.**
Instead, please report them via:
1. **Email:** devitway@gmail.com
2. **Telegram:** [@DevITWay](https://t.me/DevITWay) (private message)
### What to Include
- Type of vulnerability
- Steps to reproduce
- Potential impact
- Suggested fix (if any)
### Response Timeline
- **Initial response:** within 48 hours
- **Status update:** within 7 days
- **Fix timeline:** depends on severity
### Severity Levels
| Severity | Description | Response |
|----------|-------------|----------|
| Critical | Remote code execution, auth bypass | Immediate fix |
| High | Data exposure, privilege escalation | Fix within 7 days |
| Medium | Limited impact vulnerabilities | Fix in next release |
| Low | Minor issues | Scheduled fix |
## Security Best Practices
When deploying NORA:
1. **Enable authentication** - Set `NORA_AUTH_ENABLED=true`
2. **Use HTTPS** - Put NORA behind a reverse proxy with TLS
3. **Limit network access** - Use firewall rules
4. **Regular updates** - Keep NORA updated to latest version
5. **Secure credentials** - Use strong passwords, rotate tokens
## Acknowledgments
We appreciate responsible disclosure and will acknowledge security researchers who report valid vulnerabilities.