Go-libp2p, gating handshakes

Hi ya’ll, I’ve implemented a p2p network using go-libp2p. I have an issue where I want to have an application layer handshake, for example - check network ID, or verify a certain type of cryptographic identity. I used streams to do it but as soon as a peer is added it is automatically exposed to all procotols which means that during my protocol handshake I can receive messages from this peer in pubsub for example.
Is there an easy way to add application-layer handshake? or should I just guard pubsub for example using a whitelist that is generated from my application-handshake?

Any pointing to resources will be very helpful.

Hi @y0sher, mind x-posting this here: libp2p/go-libp2p Q A · Discussions · GitHub