-//// index
-//router.get("/challenges", access.logged, access.ajax, (req,res) => {
-// if (req.query["uid"] != req.user._id)
-// return res.json({errmsg: "Not your challenges"});
-// let uid = ObjectID(req.query["uid"]);
-// ChallengeModel.getByPlayer(uid, (err, challengeArray) => {
-// res.json(err || {challenges: challengeArray});
-// });
-//});
-//
-//function createChallenge(vid, from, to, res)
-//{
-// ChallengeModel.create(vid, from, to, (err, chall) => {
-// res.json(err || {
-// // A challenge can be sent using only name, thus 'to' is returned
-// to: chall.to,
-// cid: chall._id
-// });
-// });
-//}
-//
-//router.delete("/challenges", access.logged, access.ajax, (req,res) => {
-// let cid = ObjectID(req.query.cid);
-// ChallengeModel.getById(cid, (err,chall) => {
-// access.checkRequest(res, err, chall, "Challenge not found", () => {
-// if (!chall.from.equals(req.user._id) && !!chall.to && !chall.to.equals(req.user._id))
-// return res.json({errmsg: "Not your challenge"});
-// ChallengeModel.remove(cid, err => {
-// res.json(err || {});
-// });
-// });
-// });
-//});
+router.delete("/challenges", access.logged, access.ajax, (req,res) => {
+ const cid = req.query.id;
+ if (cid.match(/^[0-9]+$/)) {
+ ChallengeModel.safeRemove(cid, req.userId);
+ res.json({});
+ }
+});