The solution I am going with:
- Pathname↔filename stored in database
- Metadata associated with filename (in the file name); providing namespacing (e.g.: for subsequent sharding between servers and data centres)
- Actual file stored on an nginx static file route (need to investigate security concerns here)
Still in need of suggestions on securing files from nginx without serving static files through e.g.: Python