get it testing

data/rand.go

@@ -1,5 +1,7 @@
 package data
 
+import "crypto/rand"
+
 const saltLength = 32
 
 func Salt() ([]byte, error) {

data/user.go

@@ -1,35 +1,49 @@
 package data
 
+import (
+	"crypto/subtle"
+	"errors"
+	"fmt"
+	"time"
+
+	"github.com/oklog/ulid/v2"
+	"golang.org/x/crypto/scrypt"
+)
+
 const (
 	scryptN = 32768
-	scriptR = 8
+	scryptR = 8
 	scryptP = 1
 )
 
 type User struct {
-	ID string
-	Created int64
-	User string
+	ID       string
+	Created  int64
+	User     string
 	Password []byte
-	Salt []byte
+	Salt     []byte
+	Roles    []string
 }
 
 type Login struct {
-	User string `json:"user"`
+	User     string `json:"user"`
 	Password string `json:"password,omitzero"`
-	Token string `json:"token,omitzero"`
+	Token    string `json:"token,omitzero"`
 }
 
-func derive(password string, salt []byte) []byte {
-	return scrypt.Key(login.Password, u.Salt, scryptN, scryptR, scryptN, 32)
+func derive(password string, salt []byte) ([]byte, error) {
+	return scrypt.Key([]byte(password), salt, scryptN, scryptR, scryptN, 32)
 }
 
 func (u *User) Check(login *Login) bool {
 	if u.User != login.User {
 		return false
 	}
-	
-	derived := derive(login.Password, u.Salt)
+
+	derived, err := derive(login.Password, u.Salt)
+	if err != nil {
+		return false
+	}
 
 	if subtle.ConstantTimeCompare(derived, u.Password) != 0 {
 		return false
@@ -40,13 +54,13 @@ func (u *User) Check(login *Login) bool {
 
 func (u *User) Register(login *Login) error {
 	var err error
-	
+
 	if u.User != "" && u.User != login.User {
 		return errors.New("invalid user")
 	}
 
 	if u.ID == "" {
-		u.ID = ulid.Make()
+		u.ID = ulid.Make().String()
 	}
 
 	u.User = login.User
@@ -55,7 +69,11 @@ func (u *User) Register(login *Login) error {
 		return fmt.Errorf("failed to register user: %w", err)
 	}
 
-	u.Password = derive(login.Password, u.Salt)
+	u.Password, err = derive(login.Password, u.Salt)
+	if err != nil {
+		return fmt.Errorf("key derivation failed: %w", err)
+	}
+
+	u.Created = time.Now().Unix()
 	return nil
 }
-