.env.example

# Required: The password to protect your site
STAGING_PASSWORD=your-password-here

# Optional: The name displayed on the login page (default: Protected Page)
STAGING_SITE_NAME=Your Site Name

# Optional: Cookie duration in days (default: 7)
STAGING_COOKIE_MAX_AGE=7

# Optional: Custom JWT secret for cookie signing (default: randomly generated)
STAGING_JWT_SECRET=your-secret-here

# Optional: Custom login path (default: /protected)
STAGING_LOGIN_PATH=/protected

# Optional: URL to redirect after successful login (default: original requested URL)
STAGING_REDIRECT_URL=/dashboard

# Optional: Comma-separated list of routes to protect (default: all routes)
# Example: protect admin and dashboard paths
STAGING_PROTECTED_ROUTES=^/admin(/.*)?$,^/dashboard(/.*)?$

# Optional: Comma-separated list of public routes (default: Next.js system routes)
# Example: allow access to static assets and public API routes
STAGING_PUBLIC_ROUTES=^/_next(/.*)?$,^/api(/.*)?$

# Optional: Session secret if using express-session (recommended)
SESSION_SECRET=session-secret-here