refactor(backend): clean up models setup, improve ip utils, add adr docs

- Extract ADR documents for architectural decisions (SQLite, FastAPI, React, APScheduler, Scheduler)
- Refactor setup.py: improve code structure and readability
- Add IP validation utilities with test coverage
- Update frontend components (BanTable, HistoryPage)
- Add pre-commit hooks and CONTRIBUTING.md
- Add .editorconfig for consistent coding standards

backend/app/models/setup.py

@@ -7,6 +7,75 @@ from pydantic import Field, field_validator
 
 from app.models.response import BanGuiBaseModel
 
+# Top-50 most-common plaintext passwords (lower-case).
+# Source: aggregated public breach compilations (Have I Been Pwned, Wikipedia).
+# Covers passwords that pass structural checks (uppercase + digit + special char)
+# but are trivial to guess.
+_COMMON_PASSWORDS: frozenset[str] = frozenset(
+    {
+        "password",
+        "password1",
+        "password123",
+        "password1234",
+        "password!",
+        "letmein",
+        "welcome",
+        "admin",
+        "admin123",
+        "administrator",
+        "qwerty",
+        "qwerty123",
+        "qwerty1234",
+        "abc123",
+        "abcdef",
+        "123456",
+        "1234567",
+        "12345678",
+        "123456789",
+        "1234567890",
+        "iloveyou",
+        "iloveyou1",
+        "monkey",
+        "dragon",
+        "master",
+        "login",
+        "login123",
+        "passw0rd",
+        "passw0rd!",
+        "changeme",
+        "default",
+        "guest",
+        "guest123",
+        "fuckyou",
+        "fuckyou1",
+        "shit",
+        "asshole",
+        "hello",
+        "hello123",
+        "hello!",
+        "world",
+        "pass",
+        "test",
+        "test123",
+        "test!",
+        "root",
+        "root123",
+        "p@ssword",
+        "p@ssword1",
+        "p@ssw0rd",
+        "p@ssw0rd!",
+        "sunshine",
+        "princess",
+        "shadow",
+        "shadow123",
+        "access",
+        "access123",
+        "mypass",
+        "mypass123",
+    }
+)
+
+
 class SetupRequest(BanGuiBaseModel):
     """Payload for ``POST /api/setup``."""
 
@@ -29,9 +98,9 @@ class SetupRequest(BanGuiBaseModel):
         if not any(char.isdigit() for char in value):
             raise ValueError("Password must include at least one number.")
         if not any(char in "!@#$%^&*()" for char in value):
-            raise ValueError(
-                "Password must include at least one special character (!@#$%^&*())."
-            )
+            raise ValueError("Password must include at least one special character (!@#$%^&*()).")
+        if value.lower() in _COMMON_PASSWORDS:
+            raise ValueError("Password is too common. Choose something more unique.")
         return value
 
     database_path: str = Field(
@@ -52,6 +121,7 @@ class SetupRequest(BanGuiBaseModel):
         description="Number of minutes a user session remains valid.",
     )
 
+
 class SetupResponse(BanGuiBaseModel):
     """Response returned after a successful initial setup."""
 
@@ -59,11 +129,13 @@ class SetupResponse(BanGuiBaseModel):
         default="Setup completed successfully. Please log in.",
     )
 
+
 class SetupTimezoneResponse(BanGuiBaseModel):
     """Response for ``GET /api/setup/timezone``."""
 
     timezone: str = Field(..., description="Configured IANA timezone identifier.")
 
+
 class SetupStatusResponse(BanGuiBaseModel):
     """Response indicating whether setup has been completed."""