Allow duplicate URL query parameters

Author: Marius Kleidl

tests/test_client.py

@@ -107,12 +107,12 @@ def test_get_signed_smart_cdn_url(self):
                 input="foo/input",
                 url_params={
                     "foo": "bar",
-                    "aaa": 42  # Should be sorted as first param
+                    "aaa": [42, 21]  # Should be sorted before `foo`
                 }
             )
 
         expected_url = (
-            "https://foo_workspace.tlcdn.com/foo_template/foo%2Finput?aaa=42&auth_key=foo_key&exp=1714525200000&foo=bar&sig=sha256:995dd1aae135fb77fa98b0e6946bd9768e0443a6028eba0361c03807e8fb68a5"
+            "https://foo_workspace.tlcdn.com/foo_template/foo%2Finput?aaa=42&aaa=21&auth_key=foo_key&exp=1714525200000&foo=bar&sig=sha256%3A9a8df3bb28eea621b46ec808a250b7903b2546be7e66c048956d4f30b8da7519"
         )
 
         self.assertEqual(url, expected_url)

transloadit/client.py

@@ -189,35 +189,43 @@ def get_signed_smart_cdn_url(
             - workspace (str): Workspace slug
             - template (str): Template slug or template ID
             - input (str): Input value that is provided as ${fields.input} in the template
-            - url_params (Optional[dict]): Additional parameters for the URL query string
+            - url_params (Optional[dict]): Additional parameters for the URL query string. Values can be strings, numbers, booleans or arrays thereof.
             - expires_in (Optional[int]): Expiration time of signature in milliseconds. Defaults to 1 hour.
 
         :Returns:
             str: The signed Smart CDN URL
+
+        :Raises:
+            ValueError: If url_params contains values that are not strings, numbers, booleans or arrays
         """
         workspace_slug = quote_plus(workspace)
         template_slug = quote_plus(template)
         input_field = quote_plus(input)
 
-        # Convert url_params values to strings
-        params = {}
+        params = []
         if url_params:
-            params.update({k: str(v) for k, v in url_params.items()})
+            for k, v in url_params.items():
+                if isinstance(v, (str, int, float, bool)):
+                    params.append((k, str(v)))
+                elif isinstance(v, (list, tuple)):
+                    params.append((k, [str(vv) for vv in v]))
+                else:
+                    raise ValueError(f"URL parameter values must be strings, numbers, booleans or arrays. Got {type(v)} for {k}")
 
-        params["auth_key"] = self.auth_key
-        params["exp"] = str(int(time.time() * 1000) + expires_in)
+        params.append(("auth_key", self.auth_key))
+        params.append(("exp", str(int(time.time() * 1000) + expires_in)))
 
-        # Sort params alphabetically
-        sorted_params = dict(sorted(params.items()))
-        query_string = urlencode(sorted_params)
+        # Sort params alphabetically by key
+        sorted_params = sorted(params, key=lambda x: x[0])
+        query_string = urlencode(sorted_params, doseq=True)
 
         string_to_sign = f"{workspace_slug}/{template_slug}/{input_field}?{query_string}"
         algorithm = "sha256"
 
-        signature = hmac.new(
+        signature = algorithm + ":" + hmac.new(
             self.auth_secret.encode("utf-8"),
             string_to_sign.encode("utf-8"),
             hashlib.sha256
         ).hexdigest()
 
-        return f"https://{workspace_slug}.tlcdn.com/{template_slug}/{input_field}?{query_string}&sig={algorithm}:{signature}"
+        return f"https://{workspace_slug}.tlcdn.com/{template_slug}/{input_field}?{query_string}&sig={quote_plus(signature)}"