I'm looking for a dead simple password protection solution (username and password stored as key-value pair in array) to a domain (example.com/demo). I know this is bad practice in production but this is just a quick demo to someone. The code I have currently is pretty trivial stuff:

Route::group(['prefix' => 'demo', 'before' => 'auth.basic'], function() {...});

Would I have to create my own filter? How would I set it so the filter only works in production?

This is as simple as it gets:

Route::filter('auth.verybasic', function()
{
    if(Request::getUser() != 'foo' || Request::getPassword() != 'bar'){
        $headers = array('WWW-Authenticate' => 'Basic');
        return Response::make('Invalid credentials.', 401, $headers);
    }
});

Regarding the environment restriction, just check with App::environment():

Route::filter('auth.verybasic', function()
{
    if(App::environment() != 'production') return;
    // check login (same as above)
});