diff --git a/internal/utils/decoders/label_decoder_test.go b/internal/utils/decoders/label_decoder_test.go
index bf5d49fd..035dd1f3 100644
--- a/internal/utils/decoders/label_decoder_test.go
+++ b/internal/utils/decoders/label_decoder_test.go
@@ -3,7 +3,7 @@ package decoders_test
 import (
 	"testing"
 
-	"github.com/tinyauthapp/tinyauth/internal/config"
+	"github.com/tinyauthapp/tinyauth/internal/model"
 	"github.com/tinyauthapp/tinyauth/internal/utils/decoders"
 
 	"gotest.tools/v3/assert"
@@ -11,34 +11,34 @@ import (
 
 func TestDecodeLabels(t *testing.T) {
 	// Variables
-	expected := config.Apps{
-		Apps: map[string]config.App{
+	expected := model.Apps{
+		Apps: map[string]model.App{
 			"foo": {
-				Config: config.AppConfig{
+				Config: model.AppConfig{
 					Domain: "example.com",
 				},
-				Users: config.AppUsers{
+				Users: model.AppUsers{
 					Allow: "user1,user2",
 					Block: "user3",
 				},
-				OAuth: config.AppOAuth{
+				OAuth: model.AppOAuth{
 					Whitelist: "somebody@example.com",
 					Groups:    "group3",
 				},
-				IP: config.AppIP{
+				IP: model.AppIP{
 					Allow:  []string{"10.71.0.1/24", "10.71.0.2"},
 					Block:  []string{"10.10.10.10", "10.0.0.0/24"},
 					Bypass: []string{"192.168.1.1"},
 				},
-				Response: config.AppResponse{
+				Response: model.AppResponse{
 					Headers: []string{"X-Foo=Bar", "X-Baz=Qux"},
-					BasicAuth: config.AppBasicAuth{
+					BasicAuth: model.AppBasicAuth{
 						Username:     "admin",
 						Password:     "password",
 						PasswordFile: "/path/to/passwordfile",
 					},
 				},
-				Path: config.AppPath{
+				Path: model.AppPath{
 					Allow: "/public",
 					Block: "/private",
 				},
@@ -63,7 +63,7 @@ func TestDecodeLabels(t *testing.T) {
 	}
 
 	// Test
-	result, err := decoders.DecodeLabels[config.Apps](test, "apps")
+	result, err := decoders.DecodeLabels[model.Apps](test, "apps")
 	assert.NilError(t, err)
 	assert.DeepEqual(t, expected, result)
 }
diff --git a/internal/utils/tlog/log_wrapper_test.go b/internal/utils/tlog/log_wrapper_test.go
index 2db9e2a6..ecc68394 100644
--- a/internal/utils/tlog/log_wrapper_test.go
+++ b/internal/utils/tlog/log_wrapper_test.go
@@ -5,7 +5,7 @@ import (
 	"encoding/json"
 	"testing"
 
-	"github.com/tinyauthapp/tinyauth/internal/config"
+	"github.com/tinyauthapp/tinyauth/internal/model"
 	"github.com/tinyauthapp/tinyauth/internal/utils/tlog"
 
 	"github.com/rs/zerolog"
@@ -13,13 +13,13 @@ import (
 )
 
 func TestNewLogger(t *testing.T) {
-	cfg := config.LogConfig{
+	cfg := model.LogConfig{
 		Level: "debug",
 		Json:  true,
-		Streams: config.LogStreams{
-			HTTP:  config.LogStreamConfig{Enabled: true, Level: "info"},
-			App:   config.LogStreamConfig{Enabled: true, Level: ""},
-			Audit: config.LogStreamConfig{Enabled: false, Level: ""},
+		Streams: model.LogStreams{
+			HTTP:  model.LogStreamConfig{Enabled: true, Level: "info"},
+			App:   model.LogStreamConfig{Enabled: true, Level: ""},
+			Audit: model.LogStreamConfig{Enabled: false, Level: ""},
 		},
 	}
 
@@ -47,13 +47,13 @@ func TestLoggerInit(t *testing.T) {
 }
 
 func TestLoggerWithDisabledStreams(t *testing.T) {
-	cfg := config.LogConfig{
+	cfg := model.LogConfig{
 		Level: "info",
 		Json:  false,
-		Streams: config.LogStreams{
-			HTTP:  config.LogStreamConfig{Enabled: false},
-			App:   config.LogStreamConfig{Enabled: false},
-			Audit: config.LogStreamConfig{Enabled: false},
+		Streams: model.LogStreams{
+			HTTP:  model.LogStreamConfig{Enabled: false},
+			App:   model.LogStreamConfig{Enabled: false},
+			Audit: model.LogStreamConfig{Enabled: false},
 		},
 	}
 
@@ -67,13 +67,13 @@ func TestLoggerWithDisabledStreams(t *testing.T) {
 func TestLogStreamField(t *testing.T) {
 	var buf bytes.Buffer
 
-	cfg := config.LogConfig{
+	cfg := model.LogConfig{
 		Level: "info",
 		Json:  true,
-		Streams: config.LogStreams{
-			HTTP:  config.LogStreamConfig{Enabled: true},
-			App:   config.LogStreamConfig{Enabled: true},
-			Audit: config.LogStreamConfig{Enabled: true},
+		Streams: model.LogStreams{
+			HTTP:  model.LogStreamConfig{Enabled: true},
+			App:   model.LogStreamConfig{Enabled: true},
+			Audit: model.LogStreamConfig{Enabled: true},
 		},
 	}
 
diff --git a/internal/utils/user_utils.go b/internal/utils/user_utils.go
index 7a76f5ed..420c7e31 100644
--- a/internal/utils/user_utils.go
+++ b/internal/utils/user_utils.go
@@ -37,7 +37,7 @@ func GetUsers(usersCfg []string, usersPath string, userAttributes map[string]mod
 	var usersStr []string
 
 	if len(usersCfg) == 0 && usersPath == "" {
-		return &[]model.LocalUser{}, nil
+		return nil, nil
 	}
 
 	if len(usersCfg) > 0 {
diff --git a/internal/utils/user_utils_test.go b/internal/utils/user_utils_test.go
index dcbb75cf..190207ba 100644
--- a/internal/utils/user_utils_test.go
+++ b/internal/utils/user_utils_test.go
@@ -4,10 +4,9 @@ import (
 	"os"
 	"testing"
 
-	"github.com/tinyauthapp/tinyauth/internal/config"
+	"github.com/stretchr/testify/assert"
+	"github.com/tinyauthapp/tinyauth/internal/model"
 	"github.com/tinyauthapp/tinyauth/internal/utils"
-
-	"gotest.tools/v3/assert"
 )
 
 func TestGetUsers(t *testing.T) {
@@ -15,63 +14,63 @@ func TestGetUsers(t *testing.T) {
 
 	// Setup
 	file, err := os.Create("/tmp/tinyauth_users_test.txt")
-	assert.NilError(t, err)
+	assert.NoError(t, err)
 
 	_, err = file.WriteString("      user1:" + hash + "        \n         user2:" + hash + "                    ") // Spacing is on purpose
-	assert.NilError(t, err)
+	assert.NoError(t, err)
 
 	err = file.Close()
-	assert.NilError(t, err)
+	assert.NoError(t, err)
 	defer os.Remove("/tmp/tinyauth_users_test.txt")
 
-	noAttrs := map[string]config.UserAttributes{}
+	noAttrs := map[string]model.UserAttributes{}
 
 	// Test file only
 	users, err := utils.GetUsers([]string{}, "/tmp/tinyauth_users_test.txt", noAttrs)
 
-	assert.NilError(t, err)
+	assert.NoError(t, err)
+	assert.NotNil(t, users)
+	assert.Len(t, *users, 2)
 
-	assert.Equal(t, 2, len(users))
-
-	assert.Equal(t, "user1", users[0].Username)
-	assert.Equal(t, hash, users[0].Password)
-	assert.Equal(t, "user2", users[1].Username)
-	assert.Equal(t, hash, users[1].Password)
+	assert.Equal(t, "user1", (*users)[0].Username)
+	assert.Equal(t, hash, (*users)[0].Password)
+	assert.Equal(t, "user2", (*users)[1].Username)
+	assert.Equal(t, hash, (*users)[1].Password)
 
 	// Test inline config only
 	users, err = utils.GetUsers([]string{"user3:" + hash, "user4:" + hash}, "", noAttrs)
 
-	assert.NilError(t, err)
+	assert.NoError(t, err)
 
-	assert.Equal(t, 2, len(users))
-	assert.Equal(t, "user3", users[0].Username)
-	assert.Equal(t, "user4", users[1].Username)
+	assert.Len(t, *users, 2)
+	assert.Equal(t, "user3", (*users)[0].Username)
+	assert.Equal(t, "user4", (*users)[1].Username)
 
 	// Test both
 	users, err = utils.GetUsers([]string{"user5:" + hash}, "/tmp/tinyauth_users_test.txt", noAttrs)
 
-	assert.NilError(t, err)
+	assert.NoError(t, err)
 
-	assert.Equal(t, 3, len(users))
+	assert.Len(t, *users, 3)
 
 	usernames := map[string]bool{}
-	for _, u := range users {
+	for _, u := range *users {
 		usernames[u.Username] = true
 	}
-	assert.Assert(t, usernames["user1"])
-	assert.Assert(t, usernames["user2"])
-	assert.Assert(t, usernames["user5"])
+	assert.True(t, usernames["user1"])
+	assert.True(t, usernames["user2"])
+	assert.True(t, usernames["user5"])
 
 	// Test attributes applied from userAttributes map
-	attrs := map[string]config.UserAttributes{
+	attrs := map[string]model.UserAttributes{
 		"user1": {Name: "User One", Email: "user1@example.com"},
 	}
 	users, err = utils.GetUsers([]string{}, "/tmp/tinyauth_users_test.txt", attrs)
 
-	assert.NilError(t, err)
-	assert.Equal(t, 2, len(users))
+	assert.NoError(t, err)
+	assert.Len(t, *users, 2)
 
-	for _, u := range users {
+	for _, u := range *users {
 		if u.Username == "user1" {
 			assert.Equal(t, "User One", u.Attributes.Name)
 			assert.Equal(t, "user1@example.com", u.Attributes.Email)
@@ -84,16 +83,14 @@ func TestGetUsers(t *testing.T) {
 	// Test empty
 	users, err = utils.GetUsers([]string{}, "", noAttrs)
 
-	assert.NilError(t, err)
-
-	assert.Equal(t, 0, len(users))
+	assert.NoError(t, err)
+	assert.Nil(t, users)
 
 	// Test non-existent file
 	users, err = utils.GetUsers([]string{}, "/tmp/non_existent_file.txt", noAttrs)
 
 	assert.ErrorContains(t, err, "no such file or directory")
-
-	assert.Equal(t, 0, len(users))
+	assert.Nil(t, users)
 }
 
 func TestParseUser(t *testing.T) {
@@ -102,38 +99,38 @@ func TestParseUser(t *testing.T) {
 	// Valid user without TOTP
 	user, err := utils.ParseUser("user1:" + hash)
 
-	assert.NilError(t, err)
+	assert.NoError(t, err)
 
 	assert.Equal(t, "user1", user.Username)
 	assert.Equal(t, hash, user.Password)
-	assert.Equal(t, "", user.TotpSecret)
+	assert.Equal(t, "", user.TOTPSecret)
 
 	// Valid user with TOTP
 	user, err = utils.ParseUser("user2:" + hash + ":ABCDEF")
 
-	assert.NilError(t, err)
+	assert.NoError(t, err)
 
 	assert.Equal(t, "user2", user.Username)
 	assert.Equal(t, hash, user.Password)
-	assert.Equal(t, "ABCDEF", user.TotpSecret)
+	assert.Equal(t, "ABCDEF", user.TOTPSecret)
 
 	// Valid user with $$ in password
 	user, err = utils.ParseUser("user3:pa$$word123")
 
-	assert.NilError(t, err)
+	assert.NoError(t, err)
 
 	assert.Equal(t, "user3", user.Username)
 	assert.Equal(t, "pa$word123", user.Password)
-	assert.Equal(t, "", user.TotpSecret)
+	assert.Equal(t, "", user.TOTPSecret)
 
 	// User with spaces
 	user, err = utils.ParseUser("   user4   :   password123   :   TOTPSECRET   ")
 
-	assert.NilError(t, err)
+	assert.NoError(t, err)
 
 	assert.Equal(t, "user4", user.Username)
 	assert.Equal(t, "password123", user.Password)
-	assert.Equal(t, "TOTPSECRET", user.TotpSecret)
+	assert.Equal(t, "TOTPSECRET", user.TOTPSecret)
 
 	// Invalid users
 	_, err = utils.ParseUser("user1") // Missing password