Gorilla securecookie behaviour change breaks buffalo

[dnnrly]

Steps to Reproduce the Problem

Please describe in painful detail what you did (so others can play along with you) to get to this point. This includes things like the exact command(s) you used, or the curl command you used, that sort of thing.

Assume you have buffalo in your PATH and Postgres up and running

mkdir -p $GOPATH/src/github.com/dnnrly
$GOPATH/src/github.com/dnnrly
buffalo new buffalo_react
buffalo dev

Go to http://localhost:3000

Expected Behavior

Here I would expect the a fully functioning buffalo based home page.

Actual Behavior

A buffalo error page with the following message:
securecookie: hash key is not set

An example of this can be found at:
https://ci.appveyor.com/project/markbates/buffalo/build/935

Info

Short version, the following commit to github.com/gorilla/securecookie broke things:
gorilla/securecookie@b009e17

Long version: New project as of 2018-05-21. Putting a `panic` in all places where this error text is generated reveals to following:

goroutine 1 [running]:
github.com/gorilla/securecookie.New(0xee41d8, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc42026f860)
        /home/dnnrly/projects/buffalo-react/src/github.com/gorilla/securecookie/securecookie.go:146 +0x2eb
github.com/gorilla/securecookie.CodecsFromPairs(0xc42026f980, 0x1, 0x1, 0xee41d8, 0x0, 0x0)
        /home/dnnrly/projects/buffalo-react/src/github.com/gorilla/securecookie/securecookie.go:552 +0xff
github.com/gorilla/sessions.NewCookieStore(0xc42026f980, 0x1, 0x1, 0xee41d8)
        /home/dnnrly/projects/buffalo-react/src/github.com/gorilla/sessions/store.go:55 +0x43
github.com/gobuffalo/buffalo.optionsWithDefaults(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc4200240a7, 0xb, 0x0, 0x0, ...)
        /home/dnnrly/projects/buffalo-react/src/github.com/gobuffalo/buffalo/options.go:137 +0x65a
github.com/gobuffalo/buffalo.New(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc4200240a7, 0xb, 0x0, 0x0, ...)
        /home/dnnrly/projects/buffalo-react/src/github.com/gobuffalo/buffalo/app.go:140 +0x6a
github.com/dnnrly/buffalo_react/actions.App(0x0)
        /home/dnnrly/projects/buffalo-react/src/github.com/dnnrly/buffalo_react/actions/app.go:27 +0xd7
main.main()
        /home/dnnrly/projects/buffalo-react/src/github.com/dnnrly/buffalo_react/main.go:10 +0x22
 ===

v0.11.1

### App Information
Pwd=/home/dnnrly/projects/buffalo-react/src/github.com/dnnrly/buffalo_react
Root=/home/dnnrly/projects/buffalo-react/src/github.com/dnnrly/buffalo_react
GoPath=/home/dnnrly/projects/buffalo-react
Name=buffalo_react
Bin=bin/buffalo_react
PackagePkg=github.com/dnnrly/buffalo_react
ActionsPkg=github.com/dnnrly/buffalo_react/actions
ModelsPkg=github.com/dnnrly/buffalo_react/models
GriftsPkg=github.com/dnnrly/buffalo_react/grifts
VCS=git
WithPop=true
WithDep=false
WithWebpack=true
WithYarn=true
WithDocker=true
WithGrifts=true

### Go Version
go version go1.10 linux/amd64

### Go Env
GOARCH="amd64"
GOBIN=""
GOCACHE="/home/dnnrly/.cache/go-build"
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="linux"
GOOS="linux"
GOPATH="/home/dnnrly/projects/buffalo-react"
GORACE=""
GOROOT="/usr/local/go"
GOTMPDIR=""
GOTOOLDIR="/usr/local/go/pkg/tool/linux_amd64"
GCCGO="gccgo"
CC="gcc"
CXX="g++"
CGO_ENABLED="1"
CGO_CFLAGS="-g -O2"
CGO_CPPFLAGS=""
CGO_CXXFLAGS="-g -O2"
CGO_FFLAGS="-g -O2"
CGO_LDFLAGS="-g -O2"
PKG_CONFIG="pkg-config"
GOGCCFLAGS="-fPIC -m64 -pthread -fmessage-length=0 -fdebug-prefix-map=/tmp/go-build003542475=/tmp/go-build -gno-record-gcc-switches"

### Node Version
v8.9.4

### NPM Version
5.6.0

### Yarn Version
1.5.1

### PostgreSQL Version
PostgreSQL Not Found

### MySQL Version
MySQL Not Found

### SQLite Version
SQLite Not Found

### Dep Version
dep:
 version     : devel
 build date  :
 git hash    :
 go version  : go1.10
 go compiler : gc
 platform    : linux/amd64

### Dep Status
could not find project Gopkg.toml, use dep init to initiate a manifest
Usage:
  buffalo info [flags]

Flags:
  -h, --help   help for info

[markbates]

Good find! Wow. Any ideas on how to fix this? Could be just as simple as using “development” in dev mode and let it raise an error in any other environment. I want it to error in prod if not set. But I agree that dev, there should be something.

[dnnrly]

Quick fix is to set SESSION_SECRET by default in .env - see ealier PR for part of that. Haven't got as far as solution-ising yet.

[bencarter78]

I'm brand new to Buffalo and Go, just working through the getting started documentation and the securecookie: hash key is not set is exactly the error message I'm getting. I tried setting SESSION_SECRET in .env but I'm still getting the error. Any other ideas?

[markbates]

What does your .env look like?

Gorilla changed something so until the next buffalo release you just need to have an environment variable SESSION_SECRET defined to anything other than an empty string.

I don’t use the .env file so I can’t speak to that. I just set all my dev vars in my bash/fish configs.

When dealing with environment variables it’s always best to restart any tools, or terminal windows, you have open that might not notice that the variable changed.

[UnQuaiz]

@bencarter78 by default there is no "SESSION_SECRET" variable, but there is "SESSIONS_SECRET" in .env file. I've changed SESSIONS_SECRET to SESSION_SECRET and it works now as expected.

[conradwt]

It would be helpful if the error said something like the following:

securecookie: hash key, "SESSION_SECRET", is not set