How to get safe url for image in Flask?

I see a couple of approaches

1) don't use predictable filenames, but save the file using some long random string instead and link it to the original filename in a database

2) make a custom route for static images, and only send the image if you verify the user has access:

@app.route('/send_file/<path:filename>')def send_file(filename):    image = Photo.query.filter_by(user_id=session['user_id'], filename=filename).first()    if  image:        return send_from_directory('image_folder', filename)    else:        return 'not allowed/found'

3 send the image as binary data in the JSON instead (more data + not elegant), see here.

If you have a session based user management system, create an authentication token (any random string / use bcrypt to generate encrypted tokens based on some session information) store it in your database / session.

For your images, do the following :

@app.route('/downloads/<auth_token>/<filename>')def downloads(auth_token, filename):    if session['auth_token'] == str(auth_token):        return send_from_directory(app.config['UPLOAD_FOLDER'], filename)    return 'You are not allowed to view this page'

The encrypted session tokens would be valid for a specific user for that specific session. If the auth_token does not match, the file would not be accessible on that url.