Download uploaded files that require auth via Apache or Python?

Hi guys,
In a site I'm writing, I'm allowing users to upload arbitrary files (part of a syncing service) to my site. The local Javascript client has to be able download via Ajax the files from the server running Python+Django. The user also has the ability to "export" files and directories by visiting a page which would send the Content-Disposition: attachment header and allow them to download the file/directory.

The problem is that any given file or directory isn't necessarily supposed to be public to other users. My concern is really memory constraints -- outputting each file via Python in the following fashion probably isn't very memory efficient, whereas Apache is probably very efficient. However, I can't directly perform any auth with Apache

    # Example code:
    response = HttpResponse()
    file = open("/path/to/users/file.html", "r")
    for line in file:
        response.write(line)
    return response
    

I figure I have two options here, since these are all going to be static files:

1. The files would be outputted by Apache. Each user would have a random url to which everything would be uploaded, and a request to download the file would redirect to the file path underneath the user's random url. The seems like it isn't super-secure and is kind of a mess.
2. The url would be the path to a Django request handler which would validate the the user's ability to download the file, and output via the code above. I don't think this is very memory-efficient though

Am I wrong in thinking that the above is not memory-efficient? Which would you guys go with?

(I know this is kinda of a long post. Sorry about that, and thanks in advance)