@stellar/typescript-wallet-sdk 1.10.0 → 2.0.0

package/lib/walletSdk/Auth/index.d.ts

@@ -7,7 +7,7 @@ type Sep10Params = {
     webAuthEndpoint: string;
     homeDomain: string;
     httpClient: AxiosInstance;
-    serverSigningKey?: string;
+    serverSigningKey: string;
 };
 /**
  * @alias Auth alias for Sep10 class.
@@ -24,7 +24,7 @@ export declare class Sep10 {
     private webAuthEndpoint;
     private homeDomain;
     private httpClient;
-    private serverSigningKey?;
+    private serverSigningKey;
     /**
      * Creates a new instance of the Sep10 class.
      *

package/lib/walletSdk/Exceptions/index.d.ts

@@ -103,6 +103,9 @@ export declare class NoAccountAndNoSponsorError extends Error {
 export declare class Sep38PriceOnlyOneAmountError extends Error {
     constructor();
 }
+export declare class MissingSigningKeyError extends Error {
+    constructor();
+}
 export declare class ChallengeValidationFailedError extends Error {
     constructor(cause: Error);
 }

package/lib/walletSdk/Types/recovery.d.ts

@@ -56,7 +56,7 @@ export type RecoveryServer = {
     endpoint: string;
     authEndpoint: string;
     homeDomain: string;
-    signingKey?: string;
+    signingKey: string;
     walletSigner?: WalletSigner;
     clientDomain?: string;
 };

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "@stellar/typescript-wallet-sdk",
-  "version": "1.10.0",
+  "version": "2.0.0",
   "engines": {
-    "node": ">=18"
+    "node": ">=20"
   },
   "browser": "./lib/bundle_browser.js",
   "main": "./lib/bundle.js",
@@ -47,7 +47,7 @@
   "dependencies": {
     "@stablelib/base64": "^2.0.0",
     "@stablelib/utf8": "^2.0.0",
-    "@stellar/stellar-sdk": "13.0.0-beta.1",
+    "@stellar/stellar-sdk": "14.5.0",
     "axios": "^1.4.0",
     "base64url": "^3.0.1",
     "https-browserify": "^1.0.0",

package/src/walletSdk/Anchor/index.ts

@@ -7,6 +7,7 @@ import { Customer, Sep12 } from "../Customer";
 import {
   ServerRequestFailedError,
   KYCServerNotFoundError,
+  MissingSigningKeyError,
 } from "../Exceptions";
 import { Sep6, Transfer } from "./Sep6";
 import { Interactive, Sep24 } from "./Sep24";
@@ -104,6 +105,9 @@ export class Anchor {
    */
   async sep10(): Promise<Sep10> {
     const tomlInfo = await this.sep1();
+    if (!tomlInfo.signingKey) {
+      throw new MissingSigningKeyError();
+    }
     return new Sep10({
       cfg: this.cfg,
       webAuthEndpoint: tomlInfo.webAuthEndpoint,

package/src/walletSdk/Auth/index.ts

@@ -1,10 +1,5 @@
 import { AxiosInstance } from "axios";
-import {
-  TransactionBuilder,
-  Transaction,
-  FeeBumpTransaction,
-  WebAuth,
-} from "@stellar/stellar-sdk";
+import { TransactionBuilder, Transaction, WebAuth } from "@stellar/stellar-sdk";
 import { decode } from "jws";
 
 import { Config } from "../";
@@ -38,7 +33,7 @@ type Sep10Params = {
   webAuthEndpoint: string;
   homeDomain: string;
   httpClient: AxiosInstance;
-  serverSigningKey?: string;
+  serverSigningKey: string;
 };
 
 /**
@@ -57,7 +52,7 @@ export class Sep10 {
   private webAuthEndpoint: string;
   private homeDomain: string;
   private httpClient: AxiosInstance;
-  private serverSigningKey?: string;
+  private serverSigningKey: string;
 
   /**
    * Creates a new instance of the Sep10 class.
@@ -176,22 +171,13 @@ export class Sep10 {
     try {
       const webAuthDomain = new URL(this.webAuthEndpoint).hostname;
 
-      if (this.serverSigningKey) {
-        WebAuth.readChallengeTx(
-          challengeResponse.transaction,
-          this.serverSigningKey,
-          networkPassphrase,
-          this.homeDomain,
-          webAuthDomain,
-        );
-      } else {
-        readChallengeTx(
-          challengeResponse.transaction,
-          networkPassphrase,
-          this.homeDomain,
-          webAuthDomain,
-        );
-      }
+      WebAuth.readChallengeTx(
+        challengeResponse.transaction,
+        this.serverSigningKey,
+        networkPassphrase,
+        this.homeDomain,
+        webAuthDomain,
+      );
     } catch (e) {
       throw new ChallengeValidationFailedError(
         e instanceof Error ? e : new Error(String(e)),
@@ -255,136 +241,6 @@ export const validateToken = (token: string) => {
   }
 };
 
-/*
- * Validates a SEP-10 challenge transaction without requiring the server's
- * signing key. This performs all structural validations from the SEP-10 spec
- * (sequence number, operation types, timebounds, home domain, web_auth_domain,
- * nonce format) but skips the server account and signature checks.
- *
- * Used as a fallback when the anchor's stellar.toml does not publish a
- * SIGNING_KEY, providing strong protection against malformed or malicious
- * challenge transactions.
- *
- * @internal
- * @see {@link https://github.com/stellar/js-stellar-sdk/blob/v13.0.0-beta.1/src/webauth/utils.ts#L188 | WebAuth.readChallengeTx}
- */
-const readChallengeTx = (
-  challengeTx: string,
-  networkPassphrase: string,
-  homeDomain: string,
-  webAuthDomain: string,
-): { tx: Transaction; clientAccountID: string } => {
-  let transaction: Transaction;
-  try {
-    transaction = new Transaction(challengeTx, networkPassphrase);
-  } catch {
-    try {
-      // eslint-disable-next-line no-new
-      new FeeBumpTransaction(challengeTx, networkPassphrase);
-    } catch {
-      throw new Error(
-        "Invalid challenge: unable to deserialize challengeTx transaction string",
-      );
-    }
-    throw new Error(
-      "Invalid challenge: expected a Transaction but received a FeeBumpTransaction",
-    );
-  }
-
-  // verify sequence number
-  const sequence = Number.parseInt(transaction.sequence, 10);
-  if (sequence !== 0) {
-    throw new Error("The transaction sequence number should be zero");
-  }
-
-  // verify operations
-  if (transaction.operations.length < 1) {
-    throw new Error("The transaction should contain at least one operation");
-  }
-
-  const [operation, ...subsequentOperations] = transaction.operations;
-
-  if (!operation.source) {
-    throw new Error(
-      "The transaction's operation should contain a source account",
-    );
-  }
-  const clientAccountID: string = operation.source;
-
-  // verify memo
-  if (transaction.memo.type !== "none") {
-    if (clientAccountID.startsWith("M")) {
-      throw new Error(
-        "The transaction has a memo but the client account ID is a muxed account",
-      );
-    }
-    if (transaction.memo.type !== "id") {
-      throw new Error("The transaction's memo must be of type `id`");
-    }
-  }
-
-  if (operation.type !== "manageData") {
-    throw new Error("The transaction's operation type should be 'manageData'");
-  }
-
-  // verify timebounds
-  if (!transaction.timeBounds) {
-    throw new Error("The transaction requires timebounds");
-  }
-
-  if (Number.parseInt(transaction.timeBounds.maxTime, 10) === 0) {
-    throw new Error("The transaction requires non-infinite timebounds");
-  }
-
-  const now = Math.floor(Date.now() / 1000);
-  const gracePeriod = 60 * 5;
-  const minTime = Number.parseInt(transaction.timeBounds.minTime, 10) || 0;
-  const maxTime = Number.parseInt(transaction.timeBounds.maxTime, 10) || 0;
-  if (now < minTime - gracePeriod || now > maxTime + gracePeriod) {
-    throw new Error("The transaction has expired");
-  }
-
-  // verify nonce value
-  if (operation.value === undefined || !operation.value) {
-    throw new Error("The transaction's operation value should not be null");
-  }
-
-  if (Buffer.from(operation.value.toString(), "base64").length !== 48) {
-    throw new Error(
-      "The transaction's operation value should be a 64 bytes base64 random string",
-    );
-  }
-
-  // verify home domain
-  if (`${homeDomain} auth` !== operation.name) {
-    throw new Error(
-      "Invalid homeDomains: the transaction's operation key name " +
-        "does not match the expected home domain",
-    );
-  }
-
-  // verify subsequent operations are all manageData
-  for (const op of subsequentOperations) {
-    if (op.type !== "manageData") {
-      throw new Error(
-        "The transaction has operations that are not of type 'manageData'",
-      );
-    }
-    if (op.name === "web_auth_domain") {
-      if (op.value === undefined) {
-        throw new Error("'web_auth_domain' operation value should not be null");
-      }
-      if (op.value.compare(Buffer.from(webAuthDomain)) !== 0) {
-        throw new Error(
-          `'web_auth_domain' operation value does not match ${webAuthDomain}`,
-        );
-      }
-    }
-  }
-
-  return { tx: transaction, clientAccountID };
-};
-
 const createAuthSignToken = async (
   account: AccountKeypair,
   claims: AuthHeaderClaims,

package/src/walletSdk/Exceptions/index.ts

@@ -280,6 +280,15 @@ export class Sep38PriceOnlyOneAmountError extends Error {
   }
 }
 
+export class MissingSigningKeyError extends Error {
+  constructor() {
+    super(
+      "Anchor's stellar.toml does not contain a SIGNING_KEY, which is required for SEP-10 authentication",
+    );
+    Object.setPrototypeOf(this, MissingSigningKeyError.prototype);
+  }
+}
+
 export class ChallengeValidationFailedError extends Error {
   constructor(cause: Error) {
     super(`SEP-10 challenge validation failed: ${cause.message}`);

package/src/walletSdk/Recovery/index.ts

@@ -76,7 +76,7 @@ export class Recovery extends AccountRecover {
       webAuthEndpoint: server.authEndpoint,
       homeDomain: server.homeDomain,
       httpClient: this.httpClient,
-      ...(server.signingKey && { serverSigningKey: server.signingKey }),
+      serverSigningKey: server.signingKey,
     });
   }
 

package/src/walletSdk/Types/recovery.ts

@@ -63,7 +63,7 @@ export type RecoveryServer = {
   endpoint: string;
   authEndpoint: string;
   homeDomain: string;
-  signingKey?: string;
+  signingKey: string;
   walletSigner?: WalletSigner;
   clientDomain?: string;
 };

package/test/auth.test.ts

@@ -11,7 +11,6 @@ import {
   TransactionBuilder as SdkTransactionBuilder,
   Operation,
   BASE_FEE,
-  xdr as StellarXdr,
 } from "@stellar/stellar-sdk";
 import { randomBytes } from "crypto";
 import axios from "axios";
@@ -30,6 +29,7 @@ import {
   ExpiredTokenError,
   ChallengeValidationFailedError,
   NetworkPassphraseMismatchError,
+  MissingSigningKeyError,
 } from "../src/walletSdk/Exceptions";
 
 const createToken = (payload: Record<string, unknown>): string => {
@@ -261,7 +261,7 @@ describe("Sep10 challenge validation", () => {
     token,
     responseNetworkPassphrase = networkPassphrase,
   }: {
-    serverSigningKey?: string;
+    serverSigningKey: string;
     challengeXdr: string;
     token: string;
     responseNetworkPassphrase?: string;
@@ -282,7 +282,7 @@ describe("Sep10 challenge validation", () => {
       webAuthEndpoint,
       homeDomain,
       httpClient,
-      ...(serverSigningKey ? { serverSigningKey } : {}),
+      serverSigningKey,
     });
 
     return { sep10, postStub };
@@ -618,301 +618,6 @@ describe("Sep10 challenge validation", () => {
     });
   });
 
-  // ============================================================
-  // WITHOUT serverSigningKey — uses local readChallengeTx
-  // ============================================================
-  describe("without serverSigningKey (local readChallengeTx)", () => {
-    const authenticateWithoutKey = (
-      challengeXdr: string,
-      clientKeypair: Keypair,
-    ) => {
-      const accountKp = SigningKeypair.fromSecret(clientKeypair.secret());
-      const token = createJwt(clientKeypair);
-      const { sep10, postStub } = setupSep10({
-        challengeXdr,
-        token,
-      });
-      return { sep10, accountKp, postStub };
-    };
-
-    it("should accept a valid challenge", async () => {
-      const { xdr, clientKeypair } = buildChallenge();
-      const { sep10, accountKp } = authenticateWithoutKey(xdr, clientKeypair);
-      const authToken = await sep10.authenticate({ accountKp });
-      expect(authToken.account).toBe(clientKeypair.publicKey());
-    });
-
-    it("should reject invalid XDR", async () => {
-      const clientKeypair = Keypair.random();
-      const { sep10, accountKp, postStub } = authenticateWithoutKey(
-        "not-valid-xdr",
-        clientKeypair,
-      );
-      await expect(sep10.authenticate({ accountKp })).rejects.toThrow(
-        ChallengeValidationFailedError,
-      );
-      expect(postStub.notCalled).toBe(true);
-    });
-
-    it("should reject a FeeBumpTransaction", async () => {
-      const { xdr: innerXdr, serverKeypair, clientKeypair } = buildChallenge();
-      const innerTx = new Transaction(innerXdr, networkPassphrase);
-      const feeBump = SdkTransactionBuilder.buildFeeBumpTransaction(
-        serverKeypair,
-        BASE_FEE,
-        innerTx,
-        networkPassphrase,
-      );
-      feeBump.sign(serverKeypair);
-
-      const { sep10, accountKp, postStub } = authenticateWithoutKey(
-        feeBump.toXDR(),
-        clientKeypair,
-      );
-      await expect(sep10.authenticate({ accountKp })).rejects.toThrow(
-        ChallengeValidationFailedError,
-      );
-      expect(postStub.notCalled).toBe(true);
-    });
-
-    it("should reject non-zero sequence number", async () => {
-      const { xdr, clientKeypair } = buildChallenge({ sequence: "99" });
-      const { sep10, accountKp, postStub } = authenticateWithoutKey(
-        xdr,
-        clientKeypair,
-      );
-      await expect(sep10.authenticate({ accountKp })).rejects.toThrow(
-        ChallengeValidationFailedError,
-      );
-      expect(postStub.notCalled).toBe(true);
-    });
-
-    it("should reject a challenge with no operations", async () => {
-      const serverKeypair = Keypair.random();
-      const clientKeypair = Keypair.random();
-      const serverAccount = new Account(serverKeypair.publicKey(), "-1");
-      const tx = new SdkTransactionBuilder(serverAccount, {
-        fee: BASE_FEE,
-        networkPassphrase,
-      })
-        .setTimeout(300)
-        .build();
-      tx.sign(serverKeypair);
-
-      const { sep10, accountKp, postStub } = authenticateWithoutKey(
-        tx.toXDR(),
-        clientKeypair,
-      );
-      await expect(sep10.authenticate({ accountKp })).rejects.toThrow(
-        ChallengeValidationFailedError,
-      );
-      expect(postStub.notCalled).toBe(true);
-    });
-
-    it("should reject first operation without source account", async () => {
-      const { xdr, clientKeypair } = buildChallenge({
-        omitFirstOpSource: true,
-      });
-      const { sep10, accountKp, postStub } = authenticateWithoutKey(
-        xdr,
-        clientKeypair,
-      );
-      await expect(sep10.authenticate({ accountKp })).rejects.toThrow(
-        ChallengeValidationFailedError,
-      );
-      expect(postStub.notCalled).toBe(true);
-    });
-
-    it("should reject memo with muxed client account", async () => {
-      const clientKeypair = Keypair.random();
-      const baseAccount = new Account(clientKeypair.publicKey(), "0");
-      const muxed = new MuxedAccount(baseAccount, "123");
-
-      const { xdr } = buildChallenge({
-        clientKeypair,
-        clientSource: muxed.accountId(),
-        memo: Memo.id("456"),
-      });
-      const { sep10, accountKp, postStub } = authenticateWithoutKey(
-        xdr,
-        clientKeypair,
-      );
-      await expect(sep10.authenticate({ accountKp })).rejects.toThrow(
-        ChallengeValidationFailedError,
-      );
-      expect(postStub.notCalled).toBe(true);
-    });
-
-    it("should reject non-id memo type", async () => {
-      const { xdr, clientKeypair } = buildChallenge({
-        memo: Memo.text("test"),
-      });
-      const { sep10, accountKp, postStub } = authenticateWithoutKey(
-        xdr,
-        clientKeypair,
-      );
-      await expect(sep10.authenticate({ accountKp })).rejects.toThrow(
-        ChallengeValidationFailedError,
-      );
-      expect(postStub.notCalled).toBe(true);
-    });
-
-    it("should reject first operation that is not manageData", async () => {
-      const { xdr, clientKeypair } = buildChallenge({
-        firstOpType: "payment",
-      });
-      const { sep10, accountKp, postStub } = authenticateWithoutKey(
-        xdr,
-        clientKeypair,
-      );
-      await expect(sep10.authenticate({ accountKp })).rejects.toThrow(
-        ChallengeValidationFailedError,
-      );
-      expect(postStub.notCalled).toBe(true);
-    });
-
-    it("should reject infinite timebounds (maxTime=0)", async () => {
-      const { xdr, clientKeypair } = buildChallenge({
-        useExplicitTimebounds: true,
-        minTime: 0,
-        maxTime: 0,
-      });
-      const { sep10, accountKp, postStub } = authenticateWithoutKey(
-        xdr,
-        clientKeypair,
-      );
-      await expect(sep10.authenticate({ accountKp })).rejects.toThrow(
-        ChallengeValidationFailedError,
-      );
-      expect(postStub.notCalled).toBe(true);
-    });
-
-    it("should reject expired timebounds", async () => {
-      const now = Math.floor(Date.now() / 1000);
-      const { xdr, clientKeypair } = buildChallenge({
-        useExplicitTimebounds: true,
-        minTime: now - 7200,
-        maxTime: now - 3600,
-      });
-      const { sep10, accountKp, postStub } = authenticateWithoutKey(
-        xdr,
-        clientKeypair,
-      );
-      await expect(sep10.authenticate({ accountKp })).rejects.toThrow(
-        ChallengeValidationFailedError,
-      );
-      expect(postStub.notCalled).toBe(true);
-    });
-
-    it("should reject missing nonce value", async () => {
-      const { xdr, clientKeypair } = buildChallenge({ omitNonce: true });
-      const { sep10, accountKp, postStub } = authenticateWithoutKey(
-        xdr,
-        clientKeypair,
-      );
-      await expect(sep10.authenticate({ accountKp })).rejects.toThrow(
-        ChallengeValidationFailedError,
-      );
-      expect(postStub.notCalled).toBe(true);
-    });
-
-    it("should reject wrong nonce length", async () => {
-      const { xdr, clientKeypair } = buildChallenge({
-        nonce: randomBytes(16).toString("base64"),
-      });
-      const { sep10, accountKp, postStub } = authenticateWithoutKey(
-        xdr,
-        clientKeypair,
-      );
-      await expect(sep10.authenticate({ accountKp })).rejects.toThrow(
-        ChallengeValidationFailedError,
-      );
-      expect(postStub.notCalled).toBe(true);
-    });
-
-    it("should reject wrong home domain", async () => {
-      const { xdr, clientKeypair } = buildChallenge({
-        challengeHomeDomain: "evil.example.com",
-      });
-      const { sep10, accountKp, postStub } = authenticateWithoutKey(
-        xdr,
-        clientKeypair,
-      );
-      await expect(sep10.authenticate({ accountKp })).rejects.toThrow(
-        ChallengeValidationFailedError,
-      );
-      expect(postStub.notCalled).toBe(true);
-    });
-
-    it("should reject subsequent non-manageData operation", async () => {
-      const serverKeypair = Keypair.random();
-      const { xdr, clientKeypair } = buildChallenge({
-        serverKeypair,
-        additionalOps: [
-          Operation.payment({
-            destination: serverKeypair.publicKey(),
-            asset: Asset.native(),
-            amount: "1",
-          }),
-        ],
-      });
-      const { sep10, accountKp, postStub } = authenticateWithoutKey(
-        xdr,
-        clientKeypair,
-      );
-      await expect(sep10.authenticate({ accountKp })).rejects.toThrow(
-        ChallengeValidationFailedError,
-      );
-      expect(postStub.notCalled).toBe(true);
-    });
-
-    it("should reject null web_auth_domain value", async () => {
-      const { xdr, clientKeypair } = buildChallenge({
-        webAuthDomainValue: null,
-      });
-      const { sep10, accountKp, postStub } = authenticateWithoutKey(
-        xdr,
-        clientKeypair,
-      );
-      await expect(sep10.authenticate({ accountKp })).rejects.toThrow(
-        ChallengeValidationFailedError,
-      );
-      expect(postStub.notCalled).toBe(true);
-    });
-
-    it("should reject mismatched web_auth_domain", async () => {
-      const { xdr, clientKeypair } = buildChallenge({
-        webAuthDomainValue: "evil.example.com",
-      });
-      const { sep10, accountKp, postStub } = authenticateWithoutKey(
-        xdr,
-        clientKeypair,
-      );
-      await expect(sep10.authenticate({ accountKp })).rejects.toThrow(
-        ChallengeValidationFailedError,
-      );
-      expect(postStub.notCalled).toBe(true);
-    });
-
-    it("should reject a challenge with missing timebounds", async () => {
-      const { xdr: txXdr, clientKeypair } = buildChallenge();
-
-      // Strip timebounds by setting preconditions to PRECOND_NONE in the XDR
-      const envelope = StellarXdr.TransactionEnvelope.fromXDR(txXdr, "base64");
-      envelope.v1().tx().cond(StellarXdr.Preconditions.precondNone());
-      const noTimeboundsXdr = envelope.toXDR().toString("base64");
-
-      const { sep10, accountKp, postStub } = authenticateWithoutKey(
-        noTimeboundsXdr,
-        clientKeypair,
-      );
-      await expect(sep10.authenticate({ accountKp })).rejects.toThrow(
-        ChallengeValidationFailedError,
-      );
-      expect(postStub.notCalled).toBe(true);
-    });
-  });
-
   describe("network passphrase mismatch", () => {
     it("should reject when server returns a different network passphrase", async () => {
       const { xdr, serverKeypair, clientKeypair } = buildChallenge();
@@ -983,7 +688,7 @@ describe("Anchor.sep10() signing key handling", () => {
     sinon.restore();
   });
 
-  it("should succeed when TOML has no SIGNING_KEY", async () => {
+  it("should throw MissingSigningKeyError when TOML has no SIGNING_KEY", async () => {
     sinon.stub(StellarToml.Resolver, "resolve").resolves({
       WEB_AUTH_ENDPOINT: "https://testanchor.stellar.org/auth",
       DOCUMENTATION: {},
@@ -1001,8 +706,7 @@ describe("Anchor.sep10() signing key handling", () => {
       language: "en",
     });
 
-    const sep10 = await anchor.sep10();
-    expect(sep10).toBeDefined();
+    await expect(anchor.sep10()).rejects.toThrow(MissingSigningKeyError);
   });
 
   it("should succeed when TOML has SIGNING_KEY", async () => {

package/test/integration/anchorplatform.test.ts

@@ -6,14 +6,14 @@ let wallet;
 let stellar;
 let anchor;
 let accountKp;
-const anchorUrl = "https://anchor-sep-server-dev.stellar.org/";
+const anchorUrl = "anchor-sep-server-dev.stellar.org";
 
 describe("Anchor Platform Integration Tests", () => {
   beforeAll(async () => {
     // Setup
     wallet = Wallet.TestNet();
     stellar = wallet.stellar();
-    anchor = wallet.anchor({ homeDomain: anchorUrl, allowHttp: true });
+    anchor = wallet.anchor({ homeDomain: anchorUrl });
     accountKp = stellar.account().createKeypair();
     await stellar.fundTestnetAccount(accountKp.publicKey);
   }, 30000);

package/test/integration/recovery.test.ts

@@ -22,6 +22,7 @@ describe("Recovery Integration Tests", () => {
       endpoint: "http://localhost:8000",
       authEndpoint: "http://localhost:8001",
       homeDomain: "test-domain",
+      signingKey: "GA43H67KTOSLFDM5LPUSJGIJSPWV6WVQN6FUYQWZKWJE5EMHXWE5EGK5",
     };
 
     const server2Key: RecoveryServerKey = "server2";
@@ -29,6 +30,7 @@ describe("Recovery Integration Tests", () => {
       endpoint: "http://localhost:8002",
       authEndpoint: "http://localhost:8003",
       homeDomain: "test-domain",
+      signingKey: "GAZ2ITFWBXNT4SXSDEPM43IN72FQXOUCVXEXSHYX3VT2WZUI4E6UBSI2",
     };
 
     const servers: RecoveryServerMap = {