Information Security

How to restrict access to a file by a direct link?

Firework!
Flask has a site site.ru , and there is a static folder, it contains img/ userid in which there are already user pictures.
So, if you know the userid, and the name of the picture, then you can even see it for an unauthorized user at site.ru/img/userid/img.jpg ,
as well as with any other files in other folders in static.
I have two solutions, but they are some kind of crutches:

1)добавить между img и userid , какую нибудь папку типа "09410fd6-e764-4c6a-a9e1"
2)отдавать браузеру картинку в base64, но это не решить проблему с файлами

UPD
Images are needed to display in the .html template, BUT only to certain authorized users who have userid == userid(directories) .
Is there a normal way?