mirror of
https://github.com/getnora-io/nora.git
synced 2026-04-12 10:20:32 +00:00
docs: add CONTRIBUTING.md and SECURITY.md
This commit is contained in:
128
CONTRIBUTING.md
128
CONTRIBUTING.md
@@ -1,100 +1,68 @@
|
||||
# Contributing to NORA
|
||||
|
||||
Thanks for your interest in contributing to NORA!
|
||||
Thank you for your interest in contributing to NORA!
|
||||
|
||||
## Getting Started
|
||||
|
||||
1. **Fork** the repository
|
||||
2. **Clone** your fork:
|
||||
```bash
|
||||
git clone https://github.com/your-username/nora.git
|
||||
cd nora
|
||||
```
|
||||
3. **Create a branch**:
|
||||
```bash
|
||||
git checkout -b feature/your-feature-name
|
||||
```
|
||||
1. Fork the repository
|
||||
2. Clone your fork: `git clone https://github.com/YOUR_USERNAME/nora.git`
|
||||
3. Create a branch: `git checkout -b feature/your-feature`
|
||||
|
||||
## Development Setup
|
||||
|
||||
### Prerequisites
|
||||
|
||||
- Rust 1.75+ (`rustup update`)
|
||||
- Docker (for testing)
|
||||
- Git
|
||||
|
||||
### Build
|
||||
|
||||
```bash
|
||||
# Install Rust (if needed)
|
||||
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
|
||||
|
||||
# Build
|
||||
cargo build
|
||||
```
|
||||
|
||||
### Run
|
||||
|
||||
```bash
|
||||
cargo run --bin nora
|
||||
```
|
||||
|
||||
### Test
|
||||
|
||||
```bash
|
||||
# Run tests
|
||||
cargo test
|
||||
cargo clippy
|
||||
cargo fmt --check
|
||||
|
||||
# Run locally
|
||||
cargo run --bin nora -- serve
|
||||
```
|
||||
|
||||
## Making Changes
|
||||
|
||||
1. **Write code** following Rust conventions
|
||||
2. **Add tests** for new features
|
||||
3. **Update docs** if needed
|
||||
4. **Run checks**:
|
||||
```bash
|
||||
cargo fmt
|
||||
cargo clippy -- -D warnings
|
||||
cargo test
|
||||
```
|
||||
|
||||
## Commit Messages
|
||||
|
||||
Follow [Conventional Commits](https://www.conventionalcommits.org/):
|
||||
|
||||
- `feat:` - New feature
|
||||
- `fix:` - Bug fix
|
||||
- `docs:` - Documentation
|
||||
- `test:` - Tests
|
||||
- `refactor:` - Code refactoring
|
||||
- `chore:` - Maintenance
|
||||
|
||||
Example:
|
||||
```bash
|
||||
git commit -m "feat: add S3 storage migration"
|
||||
```
|
||||
|
||||
## Pull Request Process
|
||||
|
||||
1. **Push** to your fork:
|
||||
```bash
|
||||
git push origin feature/your-feature-name
|
||||
```
|
||||
|
||||
2. **Open a Pull Request** on GitHub
|
||||
|
||||
3. **Wait for review** - maintainers will review your PR
|
||||
|
||||
## Code Style
|
||||
|
||||
- Follow Rust conventions
|
||||
- Use `cargo fmt` for formatting
|
||||
- Pass `cargo clippy` with no warnings
|
||||
- Write meaningful commit messages
|
||||
- Run `cargo fmt` before committing
|
||||
- Run `cargo clippy` and fix warnings
|
||||
- Follow Rust naming conventions
|
||||
|
||||
## Questions?
|
||||
## Pull Request Process
|
||||
|
||||
- Open an [Issue](https://github.com/getnora-io/nora/issues)
|
||||
- Ask in [Discussions](https://github.com/getnora-io/nora/discussions)
|
||||
- Reach out on [Telegram](https://t.me/DevITWay)
|
||||
1. Update documentation if needed
|
||||
2. Add tests for new features
|
||||
3. Ensure all tests pass: `cargo test`
|
||||
4. Ensure code is formatted: `cargo fmt --check`
|
||||
5. Ensure no clippy warnings: `cargo clippy`
|
||||
|
||||
---
|
||||
## Commit Messages
|
||||
|
||||
Built with love by the NORA community
|
||||
Use conventional commits:
|
||||
|
||||
- `feat:` - new feature
|
||||
- `fix:` - bug fix
|
||||
- `docs:` - documentation
|
||||
- `style:` - formatting
|
||||
- `refactor:` - code refactoring
|
||||
- `test:` - adding tests
|
||||
- `chore:` - maintenance
|
||||
|
||||
Example: `feat: add OAuth2 authentication`
|
||||
|
||||
## Reporting Issues
|
||||
|
||||
- Use GitHub Issues
|
||||
- Include steps to reproduce
|
||||
- Include NORA version and OS
|
||||
|
||||
## License
|
||||
|
||||
By contributing, you agree that your contributions will be licensed under the MIT License.
|
||||
|
||||
## Contact
|
||||
|
||||
- Telegram: [@DevITWay](https://t.me/DevITWay)
|
||||
- GitHub Issues: [getnora-io/nora](https://github.com/getnora-io/nora/issues)
|
||||
|
||||
53
SECURITY.md
Normal file
53
SECURITY.md
Normal file
@@ -0,0 +1,53 @@
|
||||
# Security Policy
|
||||
|
||||
## Supported Versions
|
||||
|
||||
| Version | Supported |
|
||||
| ------- | ------------------ |
|
||||
| 0.2.x | :white_check_mark: |
|
||||
| < 0.2 | :x: |
|
||||
|
||||
## Reporting a Vulnerability
|
||||
|
||||
**Please do not report security vulnerabilities through public GitHub issues.**
|
||||
|
||||
Instead, please report them via:
|
||||
|
||||
1. **Email:** devitway@gmail.com
|
||||
2. **Telegram:** [@DevITWay](https://t.me/DevITWay) (private message)
|
||||
|
||||
### What to Include
|
||||
|
||||
- Type of vulnerability
|
||||
- Steps to reproduce
|
||||
- Potential impact
|
||||
- Suggested fix (if any)
|
||||
|
||||
### Response Timeline
|
||||
|
||||
- **Initial response:** within 48 hours
|
||||
- **Status update:** within 7 days
|
||||
- **Fix timeline:** depends on severity
|
||||
|
||||
### Severity Levels
|
||||
|
||||
| Severity | Description | Response |
|
||||
|----------|-------------|----------|
|
||||
| Critical | Remote code execution, auth bypass | Immediate fix |
|
||||
| High | Data exposure, privilege escalation | Fix within 7 days |
|
||||
| Medium | Limited impact vulnerabilities | Fix in next release |
|
||||
| Low | Minor issues | Scheduled fix |
|
||||
|
||||
## Security Best Practices
|
||||
|
||||
When deploying NORA:
|
||||
|
||||
1. **Enable authentication** - Set `NORA_AUTH_ENABLED=true`
|
||||
2. **Use HTTPS** - Put NORA behind a reverse proxy with TLS
|
||||
3. **Limit network access** - Use firewall rules
|
||||
4. **Regular updates** - Keep NORA updated to latest version
|
||||
5. **Secure credentials** - Use strong passwords, rotate tokens
|
||||
|
||||
## Acknowledgments
|
||||
|
||||
We appreciate responsible disclosure and will acknowledge security researchers who report valid vulnerabilities.
|
||||
Reference in New Issue
Block a user