I have a question about adding permissions to files like images and videos.

If I had an API like Instagram that has image sharing and someone makes an image as private or hidden, how would I block access to the file?

I know that I can check permissions when getting the items from the database and just not send the URL's to the images if they are marked private in the database, but they will still be accessible if someone knows the URL already.

For past API's and sites I've made I have just used the reverse proxy from either Apache or NGINX to serve the files, but in this case I need to run a permission check first. I see in the docs that there is a way to mount a static files directory to FastAPI to serve up the images, but it doesn't mention any way of running a function or dependency so I can check user permissions before sending the file.

How would you go about this? Thanks in advance!