Allow set token config in antiCsrf service

Author: natanfelles

guide/index.rst

@@ -345,6 +345,8 @@ Anti-CSRF Config Options
             'default' => [
                 'enabled' => true,
                 'token_name' => 'csrf_token',
+                'token_bytes_length' => 8,
+                'generate_token_function' => 'base64_encode',
                 'session_instance' => 'default',
                 'request_instance' => 'default',
             ],
@@ -361,6 +363,18 @@ token_name
 
 Sets the token name. The default is ``csrf_token``.
 
+token_bytes_length
+""""""""""""""""""
+
+Sets the length of random bytes used to generate the token. The default is
+``8``.
+
+generate_token_function
+"""""""""""""""""""""""
+
+Sets the function to generate the token. Available values are:
+``base64_encode``, ``bin2hex``, ``md5``. The default is ``base64_encode``.
+
 session_instance
 """"""""""""""""
 

src/App.php

@@ -663,7 +663,11 @@ protected static function setAntiCsrf(string $instance) : AntiCSRF
     {
         $config = static::config()->get('antiCsrf', $instance);
         static::session($config['session_instance'] ?? 'default');
-        $service = new AntiCSRF(static::request($config['request_instance'] ?? 'default'));
+        $service = new AntiCSRF(
+            static::request($config['request_instance'] ?? 'default'),
+            $config['token_bytes_length'] ?? null,
+            $config['generate_token_function'] ?? null,
+        );
         if (isset($config['token_name'])) {
             $service->setTokenName($config['token_name']);
         }

tests/configs/antiCsrf.config.php

@@ -11,5 +11,7 @@
     'default' => [
         'enabled' => false,
         'token_name' => 'csrf_token',
+        'token_bytes_length' => 8,
+        'generate_token_function' => 'base64_encode',
     ],
 ];