Add origin field and filter for ban sources (Tasks 1 & 2)

- Task 1: Mark imported blocklist IP addresses
  - Add BanOrigin type and _derive_origin() to ban.py model
  - Populate origin field in ban_service list_bans() and bans_by_country()
  - BanTable and MapPage companion table show origin badge column
  - Tests: origin derivation in test_ban_service.py and test_dashboard.py

- Task 2: Add origin filter to dashboard and world map
  - ban_service: _origin_sql_filter() helper; origin param on list_bans()
    and bans_by_country()
  - dashboard router: optional origin query param forwarded to service
  - Frontend: BanOriginFilter type + BAN_ORIGIN_FILTER_LABELS in ban.ts
  - fetchBans / fetchBansByCountry forward origin to API
  - useBans / useMapData accept and pass origin; page resets on change
  - BanTable accepts origin prop; DashboardPage adds segmented filter
  - MapPage adds origin Select next to time-range picker
  - Tests: origin filter assertions in test_ban_service and test_dashboard

backend/app/routers/config.py

@@ -30,6 +30,8 @@ from app.models.config import (
     JailConfigUpdate,
     LogPreviewRequest,
     LogPreviewResponse,
+    MapColorThresholdsResponse,
+    MapColorThresholdsUpdate,
     RegexTestRequest,
     RegexTestResponse,
 )
@@ -380,3 +382,83 @@ async def preview_log(
         :class:`~app.models.config.LogPreviewResponse` with per-line results.
     """
     return await config_service.preview_log(body)
+
+
+# ---------------------------------------------------------------------------
+# Map color thresholds
+# ---------------------------------------------------------------------------
+
+
+@router.get(
+    "/map-color-thresholds",
+    response_model=MapColorThresholdsResponse,
+    summary="Get map color threshold configuration",
+)
+async def get_map_color_thresholds(
+    request: Request,
+    _auth: AuthDep,
+) -> MapColorThresholdsResponse:
+    """Return the configured map color thresholds.
+
+    Args:
+        request: FastAPI request object.
+        _auth: Validated session.
+
+    Returns:
+        :class:`~app.models.config.MapColorThresholdsResponse` with
+        current thresholds.
+    """
+    from app.services import setup_service
+
+    high, medium, low = await setup_service.get_map_color_thresholds(
+        request.app.state.db
+    )
+    return MapColorThresholdsResponse(
+        threshold_high=high,
+        threshold_medium=medium,
+        threshold_low=low,
+    )
+
+
+@router.put(
+    "/map-color-thresholds",
+    response_model=MapColorThresholdsResponse,
+    summary="Update map color threshold configuration",
+)
+async def update_map_color_thresholds(
+    request: Request,
+    _auth: AuthDep,
+    body: MapColorThresholdsUpdate,
+) -> MapColorThresholdsResponse:
+    """Update the map color threshold configuration.
+
+    Args:
+        request: FastAPI request object.
+        _auth: Validated session.
+        body: New threshold values.
+
+    Returns:
+        :class:`~app.models.config.MapColorThresholdsResponse` with
+        updated thresholds.
+
+    Raises:
+        HTTPException: 400 if validation fails (thresholds not
+        properly ordered).
+    """
+    from app.services import setup_service
+
+    try:
+        await setup_service.set_map_color_thresholds(
+            request.app.state.db,
+            threshold_high=body.threshold_high,
+            threshold_medium=body.threshold_medium,
+            threshold_low=body.threshold_low,
+        )
+    except ValueError as exc:
+        raise _bad_request(str(exc)) from exc
+
+    return MapColorThresholdsResponse(
+        threshold_high=body.threshold_high,
+        threshold_medium=body.threshold_medium,
+        threshold_low=body.threshold_low,
+    )

backend/app/routers/dashboard.py

@@ -18,6 +18,7 @@ from fastapi import APIRouter, Query, Request
 
 from app.dependencies import AuthDep
 from app.models.ban import (
+    BanOrigin,
     BansByCountryResponse,
     DashboardBanListResponse,
     TimeRange,
@@ -77,6 +78,10 @@ async def get_dashboard_bans(
     range: TimeRange = Query(default=_DEFAULT_RANGE, description="Time-range preset."),
     page: int = Query(default=1, ge=1, description="1-based page number."),
     page_size: int = Query(default=_DEFAULT_PAGE_SIZE, ge=1, le=500, description="Items per page."),
+    origin: BanOrigin | None = Query(
+        default=None,
+        description="Filter by ban origin: 'blocklist' or 'selfblock'. Omit for all.",
+    ),
 ) -> DashboardBanListResponse:
     """Return a paginated list of bans within the selected time window.
 
@@ -91,6 +96,7 @@ async def get_dashboard_bans(
             ``"365d"``.
         page: 1-based page number.
         page_size: Maximum items per page (1–500).
+        origin: Optional filter by ban origin.
 
     Returns:
         :class:`~app.models.ban.DashboardBanListResponse` with paginated
@@ -108,6 +114,7 @@ async def get_dashboard_bans(
         page=page,
         page_size=page_size,
         geo_enricher=_enricher,
+        origin=origin,
     )
 
 
@@ -120,6 +127,10 @@ async def get_bans_by_country(
     request: Request,
     _auth: AuthDep,
     range: TimeRange = Query(default=_DEFAULT_RANGE, description="Time-range preset."),
+    origin: BanOrigin | None = Query(
+        default=None,
+        description="Filter by ban origin: 'blocklist' or 'selfblock'. Omit for all.",
+    ),
 ) -> BansByCountryResponse:
     """Return ban counts aggregated by ISO country code.
 
@@ -131,6 +142,7 @@ async def get_bans_by_country(
         request: The incoming request.
         _auth: Validated session dependency.
         range: Time-range preset.
+        origin: Optional filter by ban origin.
 
     Returns:
         :class:`~app.models.ban.BansByCountryResponse` with per-country
@@ -146,5 +158,6 @@ async def get_bans_by_country(
         socket_path,
         range,
         geo_enricher=_enricher,
+        origin=origin,
     )