refactor(matrix): share bootstrap policy presets

2026-04-02 19:48:23 -04:00 · 2026-04-02 19:48:23 -04:00 · 06b10f61eb
parent ebaffadeb8
commit 06b10f61eb
1 changed files with 36 additions and 14 deletions
--- a/extensions/matrix/src/matrix/sdk.ts
+++ b/extensions/matrix/src/matrix/sdk.ts
@ -15,7 +15,10 @@ import { resolveMatrixRoomKeyBackupReadinessError } from "./backup-health.js";
 import { FileBackedMatrixSyncStore } from "./client/file-sync-store.js";
 import { createMatrixJsSdkClientLogger } from "./client/logging.js";
 import { isMatrixNotFoundError } from "./errors.js";
-import type { MatrixCryptoBootstrapResult } from "./sdk/crypto-bootstrap.js";
+import type {
+  MatrixCryptoBootstrapOptions,
+  MatrixCryptoBootstrapResult,
+} from "./sdk/crypto-bootstrap.js";
 import type { MatrixCryptoFacade } from "./sdk/crypto-facade.js";
 import type { MatrixDecryptBridge } from "./sdk/decrypt-bridge.js";
 import { matrixEventToRaw, parseMxc } from "./sdk/event-helpers.js";
@ -119,6 +122,26 @@ export type MatrixVerificationBootstrapResult = {
  cryptoBootstrap: MatrixCryptoBootstrapResult | null;
 };

+const MATRIX_INITIAL_CRYPTO_BOOTSTRAP_OPTIONS = {
+  allowAutomaticCrossSigningReset: false,
+} satisfies MatrixCryptoBootstrapOptions;
+
+const MATRIX_AUTOMATIC_REPAIR_BOOTSTRAP_OPTIONS = {
+  forceResetCrossSigning: true,
+  allowSecretStorageRecreateWithoutRecoveryKey: true,
+  strict: true,
+} satisfies MatrixCryptoBootstrapOptions;
+
+function createMatrixExplicitBootstrapOptions(params?: {
+  forceResetCrossSigning?: boolean;
+}): MatrixCryptoBootstrapOptions {
+  return {
+    forceResetCrossSigning: params?.forceResetCrossSigning === true,
+    allowSecretStorageRecreateWithoutRecoveryKey: true,
+    strict: true,
+  };
+}
+
 export type MatrixOwnDeviceInfo = {
  deviceId: string;
  displayName: string | null;
@ -453,9 +476,10 @@ export class MatrixClient {
    if (!cryptoBootstrapper) {
      return;
    }
-    const initial = await cryptoBootstrapper.bootstrap(crypto, {
-      allowAutomaticCrossSigningReset: false,
-    });
+    const initial = await cryptoBootstrapper.bootstrap(
+      crypto,
+      MATRIX_INITIAL_CRYPTO_BOOTSTRAP_OPTIONS,
+    );
    if (!initial.crossSigningPublished || initial.ownDeviceVerified === false) {
      const status = await this.getOwnDeviceVerificationStatus();
      if (status.signedByOwner) {
@ -469,11 +493,10 @@ export class MatrixClient {
          // recreation so the new keys can be persisted. Without this, a device that
          // lost its recovery key enters a permanent failure loop because the new
          // cross-signing keys have nowhere to be stored.
-          const repaired = await cryptoBootstrapper.bootstrap(crypto, {
-            forceResetCrossSigning: true,
-            allowSecretStorageRecreateWithoutRecoveryKey: true,
-            strict: true,
-          });
+          const repaired = await cryptoBootstrapper.bootstrap(
+            crypto,
+            MATRIX_AUTOMATIC_REPAIR_BOOTSTRAP_OPTIONS,
+          );
          if (repaired.crossSigningPublished && repaired.ownDeviceVerified !== false) {
            LogService.info(
              "MatrixClientLite",
@ -1266,11 +1289,10 @@ export class MatrixClient {
      if (!cryptoBootstrapper) {
        throw new Error("Matrix crypto bootstrapper is not available");
      }
-      bootstrapSummary = await cryptoBootstrapper.bootstrap(crypto, {
-        forceResetCrossSigning: params?.forceResetCrossSigning === true,
-        allowSecretStorageRecreateWithoutRecoveryKey: true,
-        strict: true,
-      });
+      bootstrapSummary = await cryptoBootstrapper.bootstrap(
+        crypto,
+        createMatrixExplicitBootstrapOptions(params),
+      );
      await this.ensureRoomKeyBackupEnabled(crypto);
    } catch (err) {
      this.recoveryKeyStore.discardStagedRecoveryKey();