Secure static files with flask [duplicate]

Question

I am building a flask application, and I want it to serve some static files only if the user is authenticated. It's a very low-traffic application (for internal use only). How would I go about this? One thing I was thinking of is using serve_static(), and putting that behind an authentication check but that uses the static directory which flask already serves content from.

Answer 1

Simply subclass flask.Flask and override the send_static_file method:

class SecuredStaticFlask(Flask):
    def send_static_file(self, filename):
        # Get user from session
        if user.is_authenticated():
            return super(SecuredStaticFlask, self).send_static_file(filename)
        else:
            abort(403) 
            # Or 401 (or 404), whatever is most appropriate for your situation

See also the definition of send_static_file and following