From 9425f2aa0e30394232d6e83a9039a85b8a387b76 Mon Sep 17 00:00:00 2001
From: Jannat Patel <pateljannat2308@gmail.com>
Date: Mon, 19 Jan 2026 18:56:39 +0530
Subject: [PATCH] fix: allow custom app endpoints

---
 lms/auth.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/lms/auth.py b/lms/auth.py
index 7fc9be03..6cc652c6 100644
--- a/lms/auth.py
+++ b/lms/auth.py
@@ -64,6 +64,9 @@ def authenticate():
 	if is_server_script_path(path):
 		return
 
+	if is_custom_app_endpoint(path):
+		return
+
 	if path in ALLOWED_PATHS:
 		return
 	frappe.throw(f"Access not allowed for this URL: {path}", frappe.PermissionError)
@@ -74,3 +77,11 @@ def is_server_script_path(path):
 	if frappe.db.exists("Server Script", {"script_type": "API", "api_method": endpoint, "disabled": 0}):
 		return True
 	return False
+
+
+def is_custom_app_endpoint(path):
+	allowed_custom_endpoints = frappe.conf.get("allowed_custom_endpoints", [])
+	for endpoint in allowed_custom_endpoints:
+		if endpoint in path:
+			return True
+	return False